From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=IofB=JK=xry111.site=xry111@sourceware.org>
Received: from xry111.site (xry111.site [89.208.246.23])
	by sourceware.org (Postfix) with ESMTPS id 631F73858D33
	for <libc-alpha@sourceware.org>; Thu,  1 Feb 2024 12:20:15 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 631F73858D33
Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=xry111.site
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=xry111.site
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 631F73858D33
Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=89.208.246.23
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1706790017; cv=none;
	b=WwFk6MGGrGWhpBp5ALHn6fQBt0VQeT0BYSrn+qIXurCC57XuD6rEdMI5xFnkqXtSuvrNa0yWB5IcNFokx8/gCt8h6bFswwClVRGmnhiDeKOIfmxeOGPgKZeVBHaSiyAAfuUZs5ZGIbkEa76sC7+0WoNCTWRb3D8+GAUp5VcggfI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1706790017; c=relaxed/simple;
	bh=9k52RgKtAjP4PqUoGIMTowUs/lHPmq1+ECEk9kNa9SM=;
	h=DKIM-Signature:Message-ID:Subject:From:To:Date:MIME-Version; b=Jw0LUSBV1yFMgD3IkWOw6L2AFGRdnj9LX+UnFCs5zIaDP0dCQ766erBG2gG9X81pQClbMuVe8cohOFgij52GEZPBL1xSQNCYaw6BLfEDYH1gDp111HuFe44yI3xlEXCACtxSQ1ZZdAl0JmKHH4qNLKjXX8XApX8Db8zXCxUAmVI=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xry111.site;
	s=default; t=1706790014;
	bh=9k52RgKtAjP4PqUoGIMTowUs/lHPmq1+ECEk9kNa9SM=;
	h=Subject:From:To:Date:In-Reply-To:References:From;
	b=VevBpUocDWLDS6aio6D37Tf8D5lccCCz8BwFhTZqc6WQnluFJ/oGxQlPfyWJM14OB
	 DSCsRIYt6GzzNaDqYl4AmDwW/ZETnpqWydhVCZ4l9JM43H4oseNWQDAoXuPwR2D5Sc
	 8IMeyaJxu7BdG4nSN3QzAr3iG/Lkc84jy8wWFCJQ=
Received: from [192.168.124.3] (unknown [113.200.174.103])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature ECDSA (P-384) server-digest SHA384)
	(Client did not present a certificate)
	(Authenticated sender: xry111@xry111.site)
	by xry111.site (Postfix) with ESMTPSA id 35D4166B91;
	Thu,  1 Feb 2024 07:20:13 -0500 (EST)
Message-ID: <b8321a7ab801899a5d92ac645f5dee063e5a40d7.camel@xry111.site>
Subject: Re: [PATCH] test-container: gracefully handle AppArmor containment
From: Xi Ruoyao <xry111@xry111.site>
To: Simon Chopin <simon.chopin@canonical.com>, libc-alpha@sourceware.org
Date: Thu, 01 Feb 2024 20:20:09 +0800
In-Reply-To: <20240201120104.143973-1-simon.chopin@canonical.com>
References: <20240201120104.143973-1-simon.chopin@canonical.com>
Autocrypt: addr=xry111@xry111.site; prefer-encrypt=mutual;
 keydata=mDMEYnkdPhYJKwYBBAHaRw8BAQdAsY+HvJs3EVKpwIu2gN89cQT/pnrbQtlvd6Yfq7egugi0HlhpIFJ1b3lhbyA8eHJ5MTExQHhyeTExMS5zaXRlPoiTBBMWCgA7FiEEkdD1djAfkk197dzorKrSDhnnEOMFAmJ5HT4CGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQrKrSDhnnEOPHFgD8D9vUToTd1MF5bng9uPJq5y3DfpcxDp+LD3joA3U2TmwA/jZtN9xLH7CGDHeClKZK/ZYELotWfJsqRcthOIGjsdAPuDgEYnkdPhIKKwYBBAGXVQEFAQEHQG+HnNiPZseiBkzYBHwq/nN638o0NPwgYwH70wlKMZhRAwEIB4h4BBgWCgAgFiEEkdD1djAfkk197dzorKrSDhnnEOMFAmJ5HT4CGwwACgkQrKrSDhnnEOPjXgD/euD64cxwqDIqckUaisT3VCst11RcnO5iRHm6meNIwj0BALLmWplyi7beKrOlqKfuZtCLbiAPywGfCNg8LOTt4iMD
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.50.3 
MIME-Version: 1.0
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,BODY_8BITS,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,LIKELY_SPAM_FROM,SPF_HELO_PASS,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

On Thu, 2024-02-01 at 13:01 +0100, Simon Chopin wrote:
> Recent AppArmor containment allows restricting unprivileged user
> namespaces, which is enabled by default on recent Ubuntu systems.
>=20
> When that happens, the affected tests will now be considered unsupported
> rather than simply failing.
>=20
> Further information:
>=20
> * https://gitlab.com/apparmor/apparmor/-/wikis/unprivileged_userns_restri=
ction
> * https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-names=
paces
>=20
> Signed-off-by: Simon Chopin <simon.chopin@canonical.com>
> ---
> =C2=A0support/test-container.c | 8 ++++++--
> =C2=A01 file changed, 6 insertions(+), 2 deletions(-)
>=20
> diff --git a/support/test-container.c b/support/test-container.c
> index adf2b30215..a04ae07807 100644
> --- a/support/test-container.c
> +++ b/support/test-container.c
> @@ -682,6 +682,9 @@ check_for_unshare_hints (int require_pidns)
> =C2=A0=C2=A0=C2=A0=C2=A0 { "/proc/sys/kernel/unprivileged_userns_clone", =
0, 1, 0 },
> =C2=A0=C2=A0=C2=A0=C2=A0 /* ALT Linux has an alternate way of doing the s=
ame.=C2=A0 */
> =C2=A0=C2=A0=C2=A0=C2=A0 { "/proc/sys/kernel/userns_restrict", 1, 0, 0 },
> +=C2=A0=C2=A0=C2=A0 /* AppArmor can also disable unprivileged user namesp=
aces */
> +=C2=A0=C2=A0=C2=A0 { "/proc/sys/kernel/apparmor_restrict_unprivileged_us=
erns", 1, 0, 0 },
> +=C2=A0=C2=A0=C2=A0 { "/proc/sys/user/max_pid_namespaces", 0, 1024, 1 },

Why are you duplicating this entry?

--=20
Xi Ruoyao <xry111@xry111.site>
School of Aerospace Science and Technology, Xidian University