test: skip test-cgroup-id on ENOSYS from cg_cgroupid_open

Most container managers will block open_by_handle_at with seccomp to
mitigate a container escape attack. LXD in particular returns ENOSYS
rather than e.g. EPERM like nspawn. Skip this test if we get ENOSYS
from open_by_handle_at via cg_cgroupid_open.

diff --git a/src/test/test-cgroup.c b/src/test/test-cgroup.c
index 8bd4af94e4e6f0e73dfd1ae40374ef68a6f9f6ab..040e9e9c129a732da2401bdb7f84efbc7e7ddc74 100644 (file)
--- a/src/test/test-cgroup.c
+++ b/src/test/test-cgroup.c
@@ -159,6 +159,8 @@ TEST(id) {
 
         if (ERRNO_IS_NEG_PRIVILEGE(fd2))
                 log_notice("Skipping open-by-cgroup-id test because lacking privs.");
+        else if (ERRNO_IS_NEG_NOT_SUPPORTED(fd2))
+                log_notice("Skipping open-by-cgroup-id test because syscall is missing or blocked.");
         else {
                 assert_se(fd2 >= 0);