syscall: skip tests that create a user namespace when chrooted

The kernel rejects attempts to create user namespaces when in a chroot. Change-Id: I6548302732c8f5be52f4167cd7233aea16839ad8 Reviewed-on: https://go-review.googlesource.com/17214 Reviewed-by: Ian Lance Taylor <iant@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
2025-12-08 06:10:04 +00:00 · 2015-11-26 11:47:32 +13:00 · 2015-11-26 11:47:32 +13:00 · 21efa7b2bc
commit 21efa7b2bc
parent 240144a3a3
1 changed files with 17 additions and 0 deletions
--- a/src/syscall/exec_linux_test.go
+++ b/src/syscall/exec_linux_test.go
@ -15,6 +15,17 @@ import (
 	"testing"
 )

+// Check if we are in a chroot by checking if the inode of / is
+// different from 2 (there is no better test available to non-root on
+// linux).
+func isChrooted(t *testing.T) bool {
+	root, err := os.Stat("/")
+	if err != nil {
+		t.Fatalf("cannot stat /: %v", err)
+	}
+	return root.Sys().(*syscall.Stat_t).Ino != 2
+}
+
 func whoamiCmd(t *testing.T, uid, gid int, setgroups bool) *exec.Cmd {
 	if _, err := os.Stat("/proc/self/ns/user"); err != nil {
 		if os.IsNotExist(err) {
@ -22,6 +33,12 @@ func whoamiCmd(t *testing.T, uid, gid int, setgroups bool) *exec.Cmd {
 		}
 		t.Fatalf("Failed to stat /proc/self/ns/user: %v", err)
 	}
+	if isChrooted(t) {
+		// create_user_ns in the kernel (see
+		// https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/kernel/user_namespace.c)
+		// forbids the creation of user namespaces when chrooted.
+		t.Skip("cannot create user namespaces when chrooted")
+	}
 	// On some systems, there is a sysctl setting.
 	if os.Getuid() != 0 {
 		data, errRead := ioutil.ReadFile("/proc/sys/kernel/unprivileged_userns_clone")