test: skip tests without permissions to create netns

thom311 · Jan 12, 2025 · 997a5c4 · 997a5c4
1 parent 40b0c16
commit 997a5c4
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 6 deletions.
diff --git a/tests/cksuite-all-netns.c b/tests/cksuite-all-netns.c
@@ -73,6 +73,9 @@ START_TEST(cache_and_clone)
 	size_t i;
 	int r;
 
+	if (_nltst_skip_no_netns())
+		return;
+
 	for (i = 0; i < _NL_N_ELEMENTS(links); i++) {
 		if (links[i].add)
 			_nltst_add_link(NULL, links[i].ifname, links[i].kind,
@@ -132,11 +135,16 @@ START_TEST(test_create_iface)
 	_nl_auto_rtnl_link struct rtnl_link *link2 = NULL;
 	_nl_auto_rtnl_link struct rtnl_link *peer = NULL;
 	_nltst_auto_delete_link const char *IFNAME_DUMMY = NULL;
-	_nltst_auto_delete_link const char *IFNAME = "ifname";
+	_nltst_auto_delete_link const char *IFNAME = NULL;
 	int ifindex_dummy;
 	uint32_t u32;
 	int r;
 
+	if (_nltst_skip_no_netns())
+		return;
+
+	IFNAME = "ifname";
+
 	switch (TEST_IDX) {
 	case 0:
 		link = _nltst_assert(rtnl_link_bridge_alloc());
@@ -317,6 +325,9 @@ START_TEST(route_1)
 	_nl_auto_nl_socket struct nl_sock *sk = NULL;
 	_nl_auto_nl_cache struct nl_cache *cache = NULL;
 
+	if (_nltst_skip_no_netns())
+		return;
+
 	if (_nltst_skip_no_iproute2("route_1"))
 		return;
 

diff --git a/tests/nl-test-util.c b/tests/nl-test-util.c
@@ -103,17 +103,27 @@ static struct {
 void nltst_netns_fixture_setup(void)
 {
 	ck_assert(!_netns_fixture_global.nsdata);
-
 	_netns_fixture_global.nsdata = nltst_netns_enter();
-	_assert_nltst_netns(_netns_fixture_global.nsdata);
 }
 
 void nltst_netns_fixture_teardown(void)
 {
-	_assert_nltst_netns(_netns_fixture_global.nsdata);
 	_nl_clear_pointer(&_netns_fixture_global.nsdata, nltst_netns_leave);
 }
 
+bool nltst_netns_has_netns(void)
+{
+	return !!_netns_fixture_global.nsdata;
+}
+
+bool _nltst_skip_no_netns(void)
+{
+	if (nltst_netns_has_netns())
+		return false;
+	printf("skip test due to having no private netns\n");
+	return true;
+}
+
 /*****************************************************************************/
 
 static void unshare_user(void)
@@ -149,14 +159,28 @@ static void unshare_user(void)
 	}
 	r = fprintf(f, "0 %d 1", uid);
 	_nltst_assert_errno(r > 0);
-	_nltst_fclose(f);
+	r = fclose(f);
+	if (r != 0 && errno == EPERM) {
+		/* Oddly, it seems close() can fail at this point. Ignore it,
+		 * but we probably will be unable to unshare (which we handle
+		 * later).
+		 */
+	} else
+		_nltst_assert_errno(r == 0);
 
 	/* Map current GID to root in NS to be created. */
 	f = fopen("/proc/self/gid_map", "we");
 	_nltst_assert_errno(f);
 	r = fprintf(f, "0 %d 1", gid);
 	_nltst_assert_errno(r > 0);
-	_nltst_fclose(f);
+	r = fclose(f);
+	if (r != 0 && errno == EPERM) {
+		/* Oddly, it seems close() can fail at this point. Ignore it, but
+		 * we probably will be unable to unshare (which we handle
+		 * later).
+		 */
+	} else
+		_nltst_assert_errno(r == 0);
 }
 
 struct nltst_netns *nltst_netns_enter(void)
@@ -172,6 +196,15 @@ struct nltst_netns *nltst_netns_enter(void)
 	unshare_user();
 
 	r = unshare(CLONE_NEWNET | CLONE_NEWNS);
+	if (r != 0 && errno == EPERM) {
+		/* The system is probably sandboxed somehow and we are unable
+		 * to create a private netns. That seems questionable, because
+		 * a point of a private netns is to sandbox an application.
+		 * Not having permissions to sandbox sounds bad.
+		 *
+		 * Anyway. We accept this and will later skip some tests. */
+		return NULL;
+	}
 	_nltst_assert_errno(r == 0);
 
 	/* We need a read-only /sys so that the platform knows there's no udev. */

diff --git a/tests/nl-test-util.h b/tests/nl-test-util.h
@@ -429,6 +429,9 @@ char **_nltst_strtokv(const char *str);
 
 void nltst_netns_fixture_setup(void);
 void nltst_netns_fixture_teardown(void);
+bool nltst_netns_has_netns(void);
+
+bool _nltst_skip_no_netns(void);
 
 struct nltst_netns;