From: Nick Rosbrook Date: Thu, 20 Jun 2024 15:27:03 +0000 (-0400) Subject: test: skip test-cgroup-id on ENOSYS from cg_cgroupid_open X-Git-Tag: v257-rc1~1080 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=82f57401d933596746c32a955773bc70be53b0ac;p=thirdparty%2Fsystemd.git test: skip test-cgroup-id on ENOSYS from cg_cgroupid_open Most container managers will block open_by_handle_at with seccomp to mitigate a container escape attack. LXD in particular returns ENOSYS rather than e.g. EPERM like nspawn. Skip this test if we get ENOSYS from open_by_handle_at via cg_cgroupid_open. --- diff --git a/src/test/test-cgroup.c b/src/test/test-cgroup.c index 8bd4af94e4e..040e9e9c129 100644 --- a/src/test/test-cgroup.c +++ b/src/test/test-cgroup.c @@ -159,6 +159,8 @@ TEST(id) { if (ERRNO_IS_NEG_PRIVILEGE(fd2)) log_notice("Skipping open-by-cgroup-id test because lacking privs."); + else if (ERRNO_IS_NEG_NOT_SUPPORTED(fd2)) + log_notice("Skipping open-by-cgroup-id test because syscall is missing or blocked."); else { assert_se(fd2 >= 0);