tests: gracefully handle AppArmor userns containment
Recent AppArmor containment allows restricting unprivileged user namespaces, which is enabled by default on recent Ubuntu systems. When this happens, as is common with Linux Security Modules, the syscall will fail with -EACCESS. When that happens, the affected tests will now be considered unsupported rather than simply failing. Further information: * https://gitlab.com/apparmor/apparmor/-/wikis/unprivileged_userns_restriction * https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces * https://manpages.ubuntu.com/manpages/jammy/man5/apparmor.d.5.html (for the return code) V2: * Fix duplicated line in check_unshare_hints * Also handle similar failure in tst-pidfd_getpid V3: * Comment formatting * Aded some more documentation on syscall return value Signed-off-by:Simon Chopin <simon.chopin@canonical.com>
Loading
Please register or sign in to comment