diff options
| -rw-r--r-- | test/system/410-selinux.bats | 4 | ||||
| -rw-r--r-- | test/system/helpers.bash | 12 |
2 files changed, 16 insertions, 0 deletions
diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats index 5ee0e0715..0f7c35c65 100644 --- a/test/system/410-selinux.bats +++ b/test/system/410-selinux.bats @@ -113,6 +113,10 @@ function check_label() { @test "podman selinux: shared context in (some) namespaces" { skip_if_no_selinux + # rootless users have no usable cgroups with cgroupsv1, so containers + # must use a pid namespace and not join an existing one. + skip_if_rootless_cgroupsv1 + run_podman run -d --name myctr $IMAGE top run_podman exec myctr cat -v /proc/self/attr/current context_c1="$output" diff --git a/test/system/helpers.bash b/test/system/helpers.bash index 28ea924bb..666735b0c 100644 --- a/test/system/helpers.bash +++ b/test/system/helpers.bash @@ -428,6 +428,18 @@ function skip_if_cgroupsv1() { fi } +###################### +# skip_if_rootless_cgroupsv1 # ...with an optional message +###################### +function skip_if_rootless_cgroupsv1() { + if is_rootless; then + if ! is_cgroupsv2; then + local msg=$(_add_label_if_missing "$1" "rootless cgroupvs1") + skip "${msg:-not supported as rootless under cgroupsv1}" + fi + fi +} + ################################## # skip_if_journald_unavailable # rhbz#1895105: rootless journald permissions ################################## |