syscall: skip tests that create a user namespace when chrooted

The kernel rejects attempts to create user namespaces when in a chroot.

Change-Id: I6548302732c8f5be52f4167cd7233aea16839ad8
Reviewed-on: https://go-review.googlesource.com/17214
Reviewed-by: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

src/syscall/exec_linux_test.go

@@ -15,6 +15,17 @@ import (
 	"testing"
 )
 
+// Check if we are in a chroot by checking if the inode of / is
+// different from 2 (there is no better test available to non-root on
+// linux).
+func isChrooted(t *testing.T) bool {
+	root, err := os.Stat("/")
+	if err != nil {
+		t.Fatalf("cannot stat /: %v", err)
+	}
+	return root.Sys().(*syscall.Stat_t).Ino != 2
+}
+
 func whoamiCmd(t *testing.T, uid, gid int, setgroups bool) *exec.Cmd {
 	if _, err := os.Stat("/proc/self/ns/user"); err != nil {
 		if os.IsNotExist(err) {
@@ -22,6 +33,12 @@ func whoamiCmd(t *testing.T, uid, gid int, setgroups bool) *exec.Cmd {
 		}
 		t.Fatalf("Failed to stat /proc/self/ns/user: %v", err)
 	}
+	if isChrooted(t) {
+		// create_user_ns in the kernel (see
+		// https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/kernel/user_namespace.c)
+		// forbids the creation of user namespaces when chrooted.
+		t.Skip("cannot create user namespaces when chrooted")
+	}
 	// On some systems, there is a sysctl setting.
 	if os.Getuid() != 0 {
 		data, errRead := ioutil.ReadFile("/proc/sys/kernel/unprivileged_userns_clone")