Skip to content

Commit

Permalink
tests/docker.userns: Set SELinux to permissive mode
Browse files Browse the repository at this point in the history
A docker bug causes the docker daemon to fail in creating a container
when the '--userns-remap' option is used and SELinux is enforcing.
Set SELinux to permisive mode so this test can run.
See: opencontainers/runc#1562 (nsenter:
improve namespace creation and SELinux IPC handling).

Fixes runtime errors like these:

  OCI runtime create failed: running exec setns process for init caused exit

Signed-off-by: Geoff Levand <[email protected]>
  • Loading branch information
glevand committed Sep 10, 2018
1 parent 1475b21 commit bbc9ca9
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion kola/tests/docker/docker.go
Original file line number Diff line number Diff line change
Expand Up @@ -381,7 +381,13 @@ func dockerUserns(c cluster.TestCluster) {

genDockerContainer(c, m, "userns-test", []string{"echo", "sleep"})

c.MustSSH(m, `sudo setenforce 1`)
// A docker bug causes the docker daemon to fail in creating a container
// when the '--userns-remap' option is used and SELinux is enforcing.
// Set SELinux to permisive mode so this test can run.
// See: https://github.com/opencontainers/runc/pull/1562 (nsenter:
// improve namespace creation and SELinux IPC handling).
c.MustSSH(m, "sudo setenforce 0")

output := c.MustSSH(m, `docker run userns-test echo fj.fj`)
if !bytes.Equal(output, []byte("fj.fj")) {
c.Fatalf("expected fj.fj, got %s", string(output))
Expand Down

0 comments on commit bbc9ca9

Please sign in to comment.