From: Florian Weimer <fweimer@redhat.com>
Date: Tue, 28 Aug 2018 12:02:47 +0000 (+0200)
Subject: test-container: EPERM from unshare is UNSUPPORTED
X-Git-Tag: glibc-2.29~488
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d6c44c3d0ca4b8b639803ddccb83b9b8722f45c1;p=thirdparty%2Fglibc.git

test-container: EPERM from unshare is UNSUPPORTED

For example, the security policy on the Fedora build daemons results in
this EPERM error.
---

diff --git a/ChangeLog b/ChangeLog
index 3995e4b536a..61b12adb9e4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2018-08-28  Florian Weimer  <fweimer@redhat.com>
+
+	* support/test-container.c (main): Treat unshare failure with
+	EPERM as an unsupported test.
+
 2018-08-28  Florian Weimer  <fweimer@redhat.com>
 
 	[BZ #23520]
diff --git a/support/test-container.c b/support/test-container.c
index ce16e061e7d..2e91bdf9ecb 100644
--- a/support/test-container.c
+++ b/support/test-container.c
@@ -871,8 +871,9 @@ main (int argc, char **argv)
   /* The unshare here gives us our own spaces and capabilities.  */
   if (unshare (CLONE_NEWUSER | CLONE_NEWPID | CLONE_NEWNS) < 0)
     {
-      /* Older kernels may not support all the options.  */
-      if (errno == EINVAL)
+      /* Older kernels may not support all the options, or security
+	 policy may block this call.  */
+      if (errno == EINVAL || errno == EPERM)
 	FAIL_UNSUPPORTED ("unable to unshare user/fs: %s", strerror (errno));
       else
 	FAIL_EXIT1 ("unable to unshare user/fs: %s", strerror (errno));