From f6370ea11fc4b4c1c0329fcc8fa7b628f800bc57 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Mon, 4 Dec 2023 15:18:02 +1100 Subject: [PATCH] fixup! *: actually support joining a userns with a new container Signed-off-by: Aleksa Sarai --- tests/integration/userns.bats | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/tests/integration/userns.bats b/tests/integration/userns.bats index cf8205f6731..2094cbf1448 100644 --- a/tests/integration/userns.bats +++ b/tests/integration/userns.bats @@ -14,24 +14,25 @@ function setup() { mkdir -p rootfs/tmp/mount-{1,2} + to_umount_list="$(mktemp "$BATS_RUN_TMPDIR/userns-mounts.XXXXXX")" if [ $EUID -eq 0 ]; then update_config ' .linux.namespaces += [{"type": "user"}] | .linux.uidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] | .linux.gidMappings += [{"hostID": 200000, "containerID": 0, "size": 65534}] ' remap_rootfs - - # Used for bind-mounting the target userns. - userns_path=$(mktemp "$BATS_RUN_TMPDIR/userns.XXXXXX") fi } function teardown() { teardown_bundle - if [ -v userns_path ]; then - umount -l "$userns_path" || : - rm -f "$userns_path" - unset userns_path + if [ -v to_umount_list ]; then + while read -r mount_path; do + umount -l "$mount_path" || : + rm -f "$mount_path" + done <"$to_umount_list" + rm -f "$to_umount_list" + unset to_umount_list fi } @@ -136,7 +137,9 @@ function teardown() { # exercise the non-fast-path (where runc has to join the userns to get the # mappings). target_pid="$(__runc state target_userns | jq .pid)" + userns_path=$(mktemp "$BATS_RUN_TMPDIR/userns.XXXXXX") mount --bind "/proc/$target_pid/ns/user" "$userns_path" + echo "$userns_path" >>"$to_umount_list" # Configure our container to attach to the first container's userns. update_config '.linux.namespaces |= map(if .type == "user" then (.path = "'"$userns_path"'") else . end)