From 5ee4472b8bd5a3bda25599eb710f2c979e9c8876 Mon Sep 17 00:00:00 2001 From: Aleksandr Pashkov Date: Tue, 5 Jun 2018 23:13:51 +0300 Subject: [PATCH] tests: more robust check for user namespaces availability (canUseSandbox) Issue https://github.com/NixOS/nix/issues/2165 --- release-common.nix | 2 +- tests/common.sh.in | 8 +++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/release-common.nix b/release-common.nix index d7fb8125f..fbdb8aca1 100644 --- a/release-common.nix +++ b/release-common.nix @@ -57,7 +57,7 @@ rec { git mercurial ] - ++ lib.optional stdenv.isLinux libseccomp + ++ lib.optional stdenv.isLinux [libseccomp pkgs.utillinux] ++ lib.optional (stdenv.isLinux || stdenv.isDarwin) libsodium ++ lib.optional (stdenv.isLinux || stdenv.isDarwin) (aws-sdk-cpp.override { diff --git a/tests/common.sh.in b/tests/common.sh.in index 195205988..fddd25b36 100644 --- a/tests/common.sh.in +++ b/tests/common.sh.in @@ -94,11 +94,9 @@ canUseSandbox() { return 1 fi - if [ -e /proc/sys/kernel/unprivileged_userns_clone ]; then - if [ "$(cat /proc/sys/kernel/unprivileged_userns_clone)" != 1 ]; then - echo "Unprivileged user namespaces disabled by sysctl, skipping this test..." - return 1 - fi + if ! unshare --user true ; then + echo "Unprivileged user namespaces disabled by sysctl, skipping this test..." + return 1 fi return 0