From: Feng Lei Date: Tue, 10 Sep 2024 02:00:22 +0000 (+0800) Subject: LU-18099 tests: disable userns checking in sanity-pcc/101a X-Git-Tag: 2.15.91~5 X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=552e7cd3db0aff2e4053c51c6a9a5807adfd4d79;p=fs%2Flustre-release.git LU-18099 tests: disable userns checking in sanity-pcc/101a ubuntu 24.04 has an additional security restriction on unprivileged user namespace. Disable it in sanity-pcc/101a temporarily on ubuntu2404 or later version. Signed-off-by: Feng Lei Test-Parameters: trivial Test-Parameters: clientdistro=ubuntu2404 testlist=sanity-pcc env=ONLY=101a,ONLY_REPEAT=10 Change-Id: I9da81dc02e0784f4e40f1d4d276588fb354a481c Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/56312 Reviewed-by: Andreas Dilger Reviewed-by: Sebastien Buisson Reviewed-by: Oleg Drokin Tested-by: jenkins Tested-by: Maloo --- diff --git a/lustre/tests/sanity-pcc.sh b/lustre/tests/sanity-pcc.sh index 090bb9f..e825cb6 100755 --- a/lustre/tests/sanity-pcc.sh +++ b/lustre/tests/sanity-pcc.sh @@ -4121,6 +4121,20 @@ test_101a() { do_facet $SINGLEAGT "echo 10 > /proc/sys/user/max_user_namespaces" stack_trap "do_facet $SINGLEAGT 'echo $maxuserns > /proc/sys/user/max_user_namespaces'" + # disable apparmor checking of userns temporarily + if [[ "$CLIENT_OS_ID" == "ubuntu" ]] && + (( $CLIENT_OS_VERSION_CODE >= $(version_code 24) )); then + local userns_val + + userns_val=$(do_facet $SINGLEAGT \ + sysctl -n kernel.apparmor_restrict_unprivileged_userns) + if (( "$userns_val" != 0 )); then + do_facet $SINGLEAGT \ + sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 + stack_trap "do_facet $SINGLEAGT sysctl -w kernel.apparmor_restrict_unprivileged_userns=$userns_val" + fi + fi + echo "creating user namespace for $RUNAS_ID" # Create a mount and user namespace with this command, and leave the # process running so we can do the rest of our steps