[CI ONLY] tests/int/no_pivot: fix for new kernels

The test is failing like this: not ok 70 runc run --no-pivot must not expose bare /proc # (in test file tests/integration/no_pivot.bats, line 20) # `[[ "$output" == *"mount: permission denied"* ]]' failed # runc spec (status=0): # # runc run --no-pivot test_no_pivot (status=1): # unshare: write error: Operation not permitted Apparently, a recent kernel commit db2e718a47984b9d prevents root from doing unshare -r unless it has CAP_SETFPCAP. Add the capability for this specific test. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com> (cherry picked from commit 1bbeada) Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
kolyshkin · Feb 7, 2024 · 29a6896 · 29a6896
1 parent 44d1070
commit 29a6896
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/tests/integration/no_pivot.bats b/tests/integration/no_pivot.bats
@@ -13,7 +13,9 @@ function teardown() {
 @test "runc run --no-pivot must not expose bare /proc" {
 	requires root
 
-	update_config '.process.args |= ["unshare", "-mrpf", "sh", "-euxc", "mount -t proc none /proc && echo h > /proc/sysrq-trigger"]'
+	update_config '	  .process.args |= ["unshare", "-mrpf", "sh", "-euxc", "mount -t proc none /proc && echo h > /proc/sysrq-trigger"]
+			| .process.capabilities.bounding += ["CAP_SETFCAP"]
+			| .process.capabilities.permitted += ["CAP_SETFCAP"]'
 
 	runc run --no-pivot test_no_pivot
 	[ "$status" -eq 1 ]