summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/test/test-execute.c21
1 files changed, 21 insertions, 0 deletions
diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index 148e44b13d..6a574b495f 100644
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -28,6 +28,7 @@
#include "signal-util.h"
#include "static-destruct.h"
#include "stat-util.h"
+#include "sysctl-util.h"
#include "tests.h"
#include "tmpfile-util.h"
#include "unit.h"
@@ -218,10 +219,30 @@ static void start_parent_slices(Unit *unit) {
}
}
+static bool apparmor_restrict_unprivileged_userns(void) {
+ _cleanup_free_ char *v = NULL;
+ int r;
+
+ /* If kernel.apparmor_restrict_unprivileged_userns=1, then we cannot
+ * use unprivileged user namespaces. */
+ r = sysctl_read("kernel/apparmor_restrict_unprivileged_userns", &v);
+ if (r < 0) {
+ if (r != -ENOENT)
+ log_debug_errno(r, "Failed to read kernel.apparmor_restrict_unprivileged_userns sysctl, ignoring: %m");
+
+ return false;
+ }
+
+ return streq(v, "1");
+}
+
static bool have_userns_privileges(void) {
pid_t pid;
int r;
+ if (apparmor_restrict_unprivileged_userns())
+ return false;
+
r = safe_fork("(sd-test-check-userns)",
FORK_RESET_SIGNALS |
FORK_CLOSE_ALL_FDS |
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-30 05:48:27 +0100