From: Nick Rosbrook <enr0n@ubuntu.com>
Date: Fri, 12 Jan 2024 19:02:17 +0000 (-0500)
Subject: test: skip TEST-43-PRIVATEUSER-UNPRIV if unprivileged userns is restricted
X-Git-Tag: v256-rc1~1169
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fec0d508a2f3d6bcf9be16a805dfc8facdfd9bb0;p=thirdparty%2Fsystemd.git

test: skip TEST-43-PRIVATEUSER-UNPRIV if unprivileged userns is restricted

With newer versions of AppArmor, unprivileged user namespace creation
may be restricted by default, in which case user manager instances will
not be able to apply PrivateUsers=yes (or the settings which require it).

This can be tested with the kernel.apparmor_restrict_unprivileged_userns
sysctl.
---

diff --git a/test/units/testsuite-43.sh b/test/units/testsuite-43.sh
index 07e6fc9b623..4f31a33c343 100755
--- a/test/units/testsuite-43.sh
+++ b/test/units/testsuite-43.sh
@@ -6,6 +6,11 @@ set -o pipefail
 # shellcheck source=test/units/util.sh
 . "$(dirname "$0")"/util.sh
 
+if [[ "$(sysctl -ne kernel.apparmor_restrict_unprivileged_userns)" -eq 1 ]]; then
+    echo "Cannot create unprivileged user namespaces" >/skipped
+    exit 0
+fi
+
 systemd-analyze log-level debug
 
 runas testuser systemd-run --wait --user --unit=test-private-users \