test: skip test on rootless cgroupsv1

skip the test "podman selinux: shared context in (some) namespaces" on cgroupsv1 when running as rootless since the tests requires --pid=container:. If the container runtime cannot use cgroupsv1 and the container has no pid namespace. then it is not possible to correctly terminate the container. Without a cgroup or a pid namespace, the runtime has no control on what processes are in the container. Closes: https://github.com/containers/podman/issues/11785 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-10-25 18:25:59 +08:00 · 2021-09-30 09:55:59 +02:00
parent cd10304dca
commit 788106dad1
2 changed files with 16 additions and 0 deletions
--- a/test/system/410-selinux.bats
+++ b/test/system/410-selinux.bats
@ -113,6 +113,10 @@ function check_label() {
@test "podman selinux: shared context in (some) namespaces" {
    skip_if_no_selinux

+    # rootless users have no usable cgroups with cgroupsv1, so containers
+    # must use a pid namespace and not join an existing one.
+    skip_if_rootless_cgroupsv1
+
    run_podman run -d --name myctr $IMAGE top
    run_podman exec myctr cat -v /proc/self/attr/current
    context_c1="$output"
--- a/test/system/helpers.bash
+++ b/test/system/helpers.bash
@ -428,6 +428,18 @@ function skip_if_cgroupsv1() {
    fi
 }

+######################
+#  skip_if_rootless_cgroupsv1  #  ...with an optional message
+######################
+function skip_if_rootless_cgroupsv1() {
+    if is_rootless; then
+        if ! is_cgroupsv2; then
+            local msg=$(_add_label_if_missing "$1" "rootless cgroupvs1")
+            skip "${msg:-not supported as rootless under cgroupsv1}"
+        fi
+    fi
+}
+
 ##################################
 #  skip_if_journald_unavailable  #  rhbz#1895105: rootless journald permissions
 ##################################