From 05272718f4ec414d7996e5b3b66819b040726310 Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Wed, 3 Nov 2021 18:45:18 -0700
Subject: [PATCH 1/3] tests/int/cgroups: fix for misc controller

The misc cgroup controller, introduced in Linux 5.13, is still unknown
to systemd, and thus it cannot delegate it. Add an appropriate fixup
to the test case, similar to an earlier commit 601cf5825f6cf7cd4c360.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
 tests/integration/cgroups.bats | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats
index 57e81b15cec..882e5929673 100644
--- a/tests/integration/cgroups.bats
+++ b/tests/integration/cgroups.bats
@@ -49,8 +49,8 @@ function setup() {
 			if [ "$(id -u)" = "0" ]; then
 				check_cgroup_value "cgroup.controllers" "$(cat /sys/fs/cgroup/machine.slice/cgroup.controllers)"
 			else
-				# Filter out hugetlb as systemd is unable to delegate it.
-				check_cgroup_value "cgroup.controllers" "$(sed 's/ hugetlb//' </sys/fs/cgroup/user.slice/user-"$(id -u)".slice/cgroup.controllers)"
+				# Filter out hugetlb and misc as systemd is unable to delegate them.
+				check_cgroup_value "cgroup.controllers" "$(sed -e 's/ hugetlb//' -e 's/ misc//' </sys/fs/cgroup/user.slice/user-"$(id -u)".slice/cgroup.controllers)"
 			fi
 		else
 			check_cgroup_value "cgroup.controllers" "$(cat /sys/fs/cgroup/cgroup.controllers)"

From 7324496f1a3a74bf394ce5cb775c1a096c360536 Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Wed, 3 Nov 2021 17:41:36 -0700
Subject: [PATCH 2/3] tests/int: fix userns for Fedora 35

Some test directories are created using mktemp -d, and so they have
permissions set to 0700 and are thus inaccessible to a user inside
userns. This was workarounded for $ROOT in userns.bats before.

Now, when we have updated Cirrus CI config to use Fedora 35 (rather than
34), userns tests fail:

> runc run failed: unable to start container process: error during
> container init: error preparing rootfs: mount
> /tmp/bats-run-4pCERd/runc.f66gCC/bundle/rootfs:/tmp/bats-run-4pCERd/runc.f66gCC/bundle/rootfs,
> flags: 0x5000: permission denied

Fedora 34 image used kernel v5.11, while Fedora 35 has v5.15.
Apparently, the newer kernel also checks that the parent directories
are accessible by the user before doing mount.

Move the old workaround from userns.bats to helpers.bats, drop the r bit
(not needed), and add $BATS_RUN_TMPDIR (also created by mktemp -d) to
fix userns.bats test failures under Fedora 35.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
 tests/integration/helpers.bash | 6 ++++++
 tests/integration/userns.bats  | 4 ----
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash
index 1e0d1d131d3..91d4606aaff 100644
--- a/tests/integration/helpers.bash
+++ b/tests/integration/helpers.bash
@@ -544,6 +544,12 @@ function setup_bundle() {
 	ROOT=$(mktemp -d "$BATS_RUN_TMPDIR/runc.XXXXXX")
 	mkdir -p "$ROOT/state" "$ROOT/bundle/rootfs"
 
+	# Directories created by mktemp -d have 0700 permission bits. Tests
+	# running inside userns (see userns.bats) need to access the directory
+	# as a different user to mount the rootfs. Since kernel v5.12, parent
+	# directories are also checked. Give a+x for these tests to work.
+	chmod a+x "$ROOT" "$BATS_RUN_TMPDIR"
+
 	setup_recvtty
 	cd "$ROOT/bundle" || return
 
diff --git a/tests/integration/userns.bats b/tests/integration/userns.bats
index ed01f25b411..b1188592f14 100644
--- a/tests/integration/userns.bats
+++ b/tests/integration/userns.bats
@@ -15,10 +15,6 @@ function setup() {
 	mkdir -p rootfs/{proc,sys,tmp}
 	mkdir -p rootfs/tmp/mount-{1,2}
 
-	# We need to give permissions for others so the uid inside the userns
-	# can mount the rootfs on itself. Otherwise the rootfs mount will fail.
-	chmod 755 "$ROOT"
-
 	if [ "$ROOTLESS" -eq 0 ]; then
 		update_config ' .linux.namespaces += [{"type": "user"}]
 			| .linux.uidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}]

From 4b25a4e82af789777c75408c9a43f25b69ab8eb8 Mon Sep 17 00:00:00 2001
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Date: Wed, 3 Nov 2021 17:08:16 +0900
Subject: [PATCH 3/3] CI: update Fedora to 35

Also rename `Vagrantfile.fedora%d` to `Vagrantfile.fedora` so that
we do not need to reset the commit log on upgrading the Fedora release.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
---
 .cirrus.yml                                | 2 +-
 Vagrantfile.fedora34 => Vagrantfile.fedora | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 rename Vagrantfile.fedora34 => Vagrantfile.fedora (97%)

diff --git a/.cirrus.yml b/.cirrus.yml
index 26a579cfaea..91c3e3eb594 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -14,7 +14,7 @@ task:
     HOME: /root
     # yamllint disable rule:key-duplicates
     matrix:
-      DISTRO: fedora34
+      DISTRO: fedora
 
   name: vagrant DISTRO:$DISTRO
 
diff --git a/Vagrantfile.fedora34 b/Vagrantfile.fedora
similarity index 97%
rename from Vagrantfile.fedora34
rename to Vagrantfile.fedora
index 2c1f049a518..3a449623324 100644
--- a/Vagrantfile.fedora34
+++ b/Vagrantfile.fedora
@@ -3,7 +3,7 @@
 
 Vagrant.configure("2") do |config|
 # Fedora box is used for testing cgroup v2 support
-  config.vm.box = "fedora/34-cloud-base"
+  config.vm.box = "fedora/35-cloud-base"
   config.vm.provider :virtualbox do |v|
     v.memory = 2048
     v.cpus = 2