LU-18099 tests: disable userns checking in sanity-pcc/101a

ubuntu 24.04 has an additional security restriction on
unprivileged user namespace. Disable it in sanity-pcc/101a
temporarily on ubuntu2404 or later version.

Signed-off-by: Feng Lei <flei@whamcloud.com>
Test-Parameters: trivial
Test-Parameters: clientdistro=ubuntu2404 testlist=sanity-pcc env=ONLY=101a,ONLY_REPEAT=10
Change-Id: I9da81dc02e0784f4e40f1d4d276588fb354a481c
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/56312
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Sebastien Buisson <sbuisson@ddn.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>

diff --git a/lustre/tests/sanity-pcc.sh b/lustre/tests/sanity-pcc.sh
index 090bb9f..e825cb6 100755 (executable)
--- a/lustre/tests/sanity-pcc.sh
+++ b/lustre/tests/sanity-pcc.sh
@@ -4121,6 +4121,20 @@ test_101a() {
        do_facet $SINGLEAGT "echo 10 > /proc/sys/user/max_user_namespaces"
        stack_trap "do_facet $SINGLEAGT 'echo $maxuserns > /proc/sys/user/max_user_namespaces'"
 
+       # disable apparmor checking of userns temporarily
+       if [[ "$CLIENT_OS_ID" == "ubuntu" ]] &&
+          (( $CLIENT_OS_VERSION_CODE >= $(version_code 24) )); then
+               local userns_val
+
+               userns_val=$(do_facet $SINGLEAGT \
+                       sysctl -n kernel.apparmor_restrict_unprivileged_userns)
+               if (( "$userns_val" != 0 )); then
+                       do_facet $SINGLEAGT \
+                               sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
+                       stack_trap "do_facet $SINGLEAGT sysctl -w kernel.apparmor_restrict_unprivileged_userns=$userns_val"
+               fi
+       fi
+
        echo "creating user namespace for $RUNAS_ID"
        # Create a mount and user namespace with this command, and leave the
        # process running so we can do the rest of our steps