Merge pull request #1797 from dezgeg/userns-tests-fix

Fix tests using user namespaces on kernels that don't have it

tests/build-remote.sh

@@ -2,7 +2,7 @@ source common.sh
 
 clearStore
 
-if [[ $(uname) != Linux ]]; then exit; fi
+if ! canUseSandbox; then exit; fi
 if [[ ! $SHELL =~ /nix/store ]]; then exit; fi
 
 chmod -R u+w $TEST_ROOT/store0 || true

tests/common.sh.in

@@ -87,6 +87,24 @@ killDaemon() {
     trap "" EXIT
 }
 
+canUseSandbox() {
+    if [[ $(uname) != Linux ]]; then return 1; fi
+
+    if [ ! -L /proc/self/ns/user ]; then
+        echo "Kernel doesn't support user namespaces, skipping this test..."
+        return 1
+    fi
+
+    if [ -e /proc/sys/kernel/unprivileged_userns_clone ]; then
+        if [ "$(cat /proc/sys/kernel/unprivileged_userns_clone)" != 1 ]; then
+            echo "Unprivileged user namespaces disabled by sysctl, skipping this test..."
+            return 1
+        fi
+    fi
+
+    return 0
+}
+
 fail() {
     echo "$1"
     exit 1

tests/linux-sandbox.sh

@@ -2,7 +2,7 @@ source common.sh
 
 clearStore
 
-if [[ $(uname) != Linux ]]; then exit; fi
+if ! canUseSandbox; then exit; fi
 
 # Note: we need to bind-mount $SHELL into the chroot. Currently we
 # only support the case where $SHELL is in the Nix store, because

tests/run.sh

@@ -6,7 +6,7 @@ clearCache
 nix run -f run.nix hello -c hello | grep 'Hello World'
 nix run -f run.nix hello -c hello NixOS | grep 'Hello NixOS'
 
-if [[ $(uname) = Linux ]]; then
+if ! canUseSandbox; then exit; fi
 
 chmod -R u+w $TEST_ROOT/store0 || true
 rm -rf $TEST_ROOT/store0
@@ -26,4 +26,3 @@ if [[ $(uname) = Linux ]]; then
 [[ $path/bin/hello = $path2 ]]
 
 [[ -e $TEST_ROOT/store0/nix/store/$(basename $path)/bin/hello ]]
-fi