This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH] test-container: EPERM from unshare is UNSUPPORTED
- From: fweimer at redhat dot com (Florian Weimer)
- To: libc-alpha at sourceware dot org
- Date: Tue, 28 Aug 2018 14:03:14 +0200
- Subject: [PATCH] test-container: EPERM from unshare is UNSUPPORTED
For example, the security policy on the Fedora build daemons results in
this EPERM error.
2018-08-28 Florian Weimer <fweimer@redhat.com>
* support/test-container.c (main): Treat unshare failure with
EPERM as an unsupported test.
diff --git a/support/test-container.c b/support/test-container.c
index ce16e061e7..2e91bdf9ec 100644
--- a/support/test-container.c
+++ b/support/test-container.c
@@ -871,8 +871,9 @@ main (int argc, char **argv)
/* The unshare here gives us our own spaces and capabilities. */
if (unshare (CLONE_NEWUSER | CLONE_NEWPID | CLONE_NEWNS) < 0)
{
- /* Older kernels may not support all the options. */
- if (errno == EINVAL)
+ /* Older kernels may not support all the options, or security
+ policy may block this call. */
+ if (errno == EINVAL || errno == EPERM)
FAIL_UNSUPPORTED ("unable to unshare user/fs: %s", strerror (errno));
else
FAIL_EXIT1 ("unable to unshare user/fs: %s", strerror (errno));