From: Mike Yuan <me@yhndnzj.com>
Date: Sun, 30 Mar 2025 16:45:27 +0000 (+0200)
Subject: TEST-07-PID1: remove bogus test case for DelegateNamespaces=cgroup
X-Git-Tag: v258-rc1~952^2~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d4bdcecaf937922f7c515ab912d3cb84dc4b1ab7;p=thirdparty%2Fsystemd.git

TEST-07-PID1: remove bogus test case for DelegateNamespaces=cgroup

We enable nsdelegate for cgroupfs, and hence the kernel would
always refuse writes to /sys/fs/cgroup/cgroup.pressure and friends
regardless of whether the cgns is owned by userns:
https://github.com/torvalds/linux/blob/cb82ca153949c6204af793de24b18a04236e79fd/kernel/cgroup/cgroup.c#L4132
This currently works because the mountns (thus cgroupfs) remains
to be non-delegated and we're actually operating on the real root
cgroup.

It appears that cgroupfs generally doesn't care about userns,
so I'm yet to see a way to test this properly. Let's drop this for now,
to unblock fixes in the following commits.
---

diff --git a/test/units/TEST-07-PID1.delegate-namespaces.sh b/test/units/TEST-07-PID1.delegate-namespaces.sh
index 9bd96911971..210635ebbc5 100755
--- a/test/units/TEST-07-PID1.delegate-namespaces.sh
+++ b/test/units/TEST-07-PID1.delegate-namespaces.sh
@@ -35,11 +35,6 @@ testcase_network() {
     systemd-run -p PrivateUsersEx=self -p PrivateNetwork=yes -p DelegateNamespaces=net --wait --pipe -- ip link add veth1 type veth peer name veth2
 }
 
-testcase_cgroup() {
-    (! systemd-run -p PrivateUsersEx=self -p ProtectControlGroupsEx=private --wait --pipe -- sh -c 'echo 0 >/sys/fs/cgroup/cgroup.pressure')
-    systemd-run -p PrivateUsersEx=self -p ProtectControlGroupsEx=private -p DelegateNamespaces=cgroup --wait --pipe -- sh -c 'echo 0 >/sys/fs/cgroup/cgroup.pressure'
-}
-
 testcase_pid() {
     # MountAPIVFS=yes always bind mounts child mounts of APIVFS filesystems, which means /proc/sys is always read-only
     # so we can't write to it when running in a container.