/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <fcntl.h>
+#include <sysexits.h>
#include <sys/socket.h>
#include <sys/stat.h>
static void test_shareable_ns(unsigned long nsflag) {
_cleanup_close_pair_ int s[2] = EBADF_PAIR;
+ bool permission_denied = false;
pid_t pid1, pid2, pid3;
int r, n = 0;
siginfo_t si;
if (pid1 == 0) {
r = setup_shareable_ns(s, nsflag);
- assert_se(r >= 0);
- _exit(r);
+ assert_se(r >= 0 || ERRNO_IS_NEG_PRIVILEGE(r));
+ _exit(r >= 0 ? r : EX_NOPERM);
}
pid2 = fork();
if (pid2 == 0) {
r = setup_shareable_ns(s, nsflag);
- assert_se(r >= 0);
- exit(r);
+ assert_se(r >= 0 || ERRNO_IS_NEG_PRIVILEGE(r));
+ _exit(r >= 0 ? r : EX_NOPERM);
}
pid3 = fork();
if (pid3 == 0) {
r = setup_shareable_ns(s, nsflag);
- assert_se(r >= 0);
- exit(r);
+ assert_se(r >= 0 || ERRNO_IS_NEG_PRIVILEGE(r));
+ _exit(r >= 0 ? r : EX_NOPERM);
}
r = wait_for_terminate(pid1, &si);
assert_se(r >= 0);
assert_se(si.si_code == CLD_EXITED);
- n += si.si_status;
+ if (si.si_status == EX_NOPERM)
+ permission_denied = true;
+ else
+ n += si.si_status;
r = wait_for_terminate(pid2, &si);
assert_se(r >= 0);
assert_se(si.si_code == CLD_EXITED);
- n += si.si_status;
+ if (si.si_status == EX_NOPERM)
+ permission_denied = true;
+ else
+ n += si.si_status;
r = wait_for_terminate(pid3, &si);
assert_se(r >= 0);
assert_se(si.si_code == CLD_EXITED);
- n += si.si_status;
+ if (si.si_status == EX_NOPERM)
+ permission_denied = true;
+ else
+ n += si.si_status;
+
+ /* LSMs can cause setup_shareable_ns() to fail with permission denied, do not fail the test in that
+ * case (e.g.: LXC with AppArmor on kernel < v6.2). */
+ if (permission_denied)
+ return (void) log_tests_skipped("insufficient privileges");
assert_se(n == 1);
}
projects / thirdparty / systemd.git / commitdiff
