Skip to content

Commit

Permalink
fixup! *: actually support joining a userns with a new container
Browse files Browse the repository at this point in the history
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
  • Loading branch information
cyphar committed Dec 4, 2023
1 parent 2403861 commit f6370ea
Showing 1 changed file with 10 additions and 7 deletions.
17 changes: 10 additions & 7 deletions tests/integration/userns.bats
Original file line number Diff line number Diff line change
Expand Up @@ -14,24 +14,25 @@ function setup() {

mkdir -p rootfs/tmp/mount-{1,2}

to_umount_list="$(mktemp "$BATS_RUN_TMPDIR/userns-mounts.XXXXXX")"
if [ $EUID -eq 0 ]; then
update_config ' .linux.namespaces += [{"type": "user"}]
| .linux.uidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}]
| .linux.gidMappings += [{"hostID": 200000, "containerID": 0, "size": 65534}] '
remap_rootfs

# Used for bind-mounting the target userns.
userns_path=$(mktemp "$BATS_RUN_TMPDIR/userns.XXXXXX")
fi
}

function teardown() {
teardown_bundle

if [ -v userns_path ]; then
umount -l "$userns_path" || :
rm -f "$userns_path"
unset userns_path
if [ -v to_umount_list ]; then
while read -r mount_path; do
umount -l "$mount_path" || :
rm -f "$mount_path"
done <"$to_umount_list"
rm -f "$to_umount_list"
unset to_umount_list
fi
}

Expand Down Expand Up @@ -136,7 +137,9 @@ function teardown() {
# exercise the non-fast-path (where runc has to join the userns to get the
# mappings).
target_pid="$(__runc state target_userns | jq .pid)"
userns_path=$(mktemp "$BATS_RUN_TMPDIR/userns.XXXXXX")
mount --bind "/proc/$target_pid/ns/user" "$userns_path"
echo "$userns_path" >>"$to_umount_list"

# Configure our container to attach to the first container's userns.
update_config '.linux.namespaces |= map(if .type == "user" then (.path = "'"$userns_path"'") else . end)
Expand Down

0 comments on commit f6370ea

Please sign in to comment.