From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 17 Mar 2025 20:22:49 +0000 (+0100)
Subject: TEST-07-PID1.delegate-namespaces: Fix testcase_pid()
X-Git-Tag: v258-rc1~1041^2~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b7602662cbf6210052985c25a29550bc2314646d;p=thirdparty%2Fsystemd.git

TEST-07-PID1.delegate-namespaces: Fix testcase_pid()

Make sure the test has its own /proc and skip it in containers as
MountAPIVFS=yes in a container always results in a read-only /proc/sys
which means the test can't write to /proc/sys/kernel/ns_last_pid.
---

diff --git a/test/units/TEST-07-PID1.delegate-namespaces.sh b/test/units/TEST-07-PID1.delegate-namespaces.sh
index 8eb9956c2e7..061a7cf5b20 100755
--- a/test/units/TEST-07-PID1.delegate-namespaces.sh
+++ b/test/units/TEST-07-PID1.delegate-namespaces.sh
@@ -41,8 +41,12 @@ testcase_cgroup() {
 }
 
 testcase_pid() {
-    (! systemd-run -p PrivateUsersEx=self -p PrivatePIDs=yes --wait --pipe -- sh -c 'echo 5 >/proc/sys/kernel/ns_last_pid')
-    systemd-run -p PrivateUsersEx=self -p PrivatePIDs=yes -p DelegateNamespaces=pid --wait --pipe -- sh -c 'echo 5 >/proc/sys/kernel/ns_last_pid'
+    # MountAPIVFS=yes always bind mounts child mounts of APIVFS filesystems, which means /proc/sys is always read-only
+    # so we can't write to it when running in a container.
+    if ! systemd-detect-virt --container; then
+        (! systemd-run -p PrivateUsersEx=self -p PrivatePIDs=yes -p MountAPIVFS=yes --wait --pipe -- sh -c 'echo 5 >/proc/sys/kernel/ns_last_pid')
+        systemd-run -p PrivateUsersEx=self -p PrivatePIDs=yes -p MountAPIVFS=yes -p DelegateNamespaces="mnt pid" --wait --pipe -- sh -c 'echo 5 >/proc/sys/kernel/ns_last_pid'
+    fi
 }
 
 testcase_uts() {