From 2e9da7a2cd23ac483f10b68776d79c9d9b3b9c77 Mon Sep 17 00:00:00 2001 From: Geoff Levand Date: Wed, 28 Mar 2018 15:39:10 -0700 Subject: [PATCH] tests/docker.userns: Set SELinux to permissive mode A docker bug causes the docker daemon to fail in creating a container when the '--userns-remap' option is used and SELinux is enforcing. Set SELinux to permisive mode so this test can run. See: https://github.com/opencontainers/runc/pull/1562 (nsenter: improve namespace creation and SELinux IPC handling). Fixes runtime errors like these: OCI runtime create failed: running exec setns process for init caused exit Signed-off-by: Geoff Levand --- kola/tests/docker/docker.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/kola/tests/docker/docker.go b/kola/tests/docker/docker.go index 259ec6027..bddda1061 100644 --- a/kola/tests/docker/docker.go +++ b/kola/tests/docker/docker.go @@ -381,7 +381,13 @@ func dockerUserns(c cluster.TestCluster) { genDockerContainer(c, m, "userns-test", []string{"echo", "sleep"}) - c.MustSSH(m, `sudo setenforce 1`) + // A docker bug causes the docker daemon to fail in creating a container + // when the '--userns-remap' option is used and SELinux is enforcing. + // Set SELinux to permisive mode so this test can run. + // See: https://github.com/opencontainers/runc/pull/1562 (nsenter: + // improve namespace creation and SELinux IPC handling). + c.MustSSH(m, "sudo setenforce 0") + output := c.MustSSH(m, `docker run userns-test echo fj.fj`) if !bytes.Equal(output, []byte("fj.fj")) { c.Fatalf("expected fj.fj, got %s", string(output))