(t *testing.T)
| 29 | ) |
| 30 | |
| 31 | func TestGetUsernsForNamespace(t *testing.T) { |
| 32 | testutil.RequiresRoot(t) |
| 33 | |
| 34 | t.Parallel() |
| 35 | |
| 36 | k409 := kernel.KernelVersion{Kernel: 4, Major: 9} |
| 37 | ok, err := kernel.GreaterEqualThan(k409) |
| 38 | require.NoError(t, err) |
| 39 | if !ok { |
| 40 | t.Skip("Requires kernel >= 4.9") |
| 41 | } |
| 42 | |
| 43 | tmpDir := t.TempDir() |
| 44 | |
| 45 | f, err := os.CreateTemp(tmpDir, "netns") |
| 46 | require.NoError(t, err) |
| 47 | |
| 48 | netnsPath := f.Name() |
| 49 | f.Close() |
| 50 | |
| 51 | defer testutil.Unmount(t, netnsPath) |
| 52 | |
| 53 | currentUsernsIno, err := getNamespaceInode(os.Getpid(), "user") |
| 54 | require.NoError(t, err) |
| 55 | |
| 56 | usernsIno := uint64(0) |
| 57 | uerr := UnshareAfterEnterUserns("0:1000:10", "0:1000:10", syscall.CLONE_NEWNET, func(pid int) error { |
| 58 | err := unix.Mount( |
| 59 | fmt.Sprintf("/proc/%d/ns/net", pid), |
| 60 | netnsPath, |
| 61 | "", |
| 62 | unix.MS_BIND|unix.MS_RDONLY, |
| 63 | "", |
| 64 | ) |
| 65 | if err != nil { |
| 66 | return err |
| 67 | } |
| 68 | |
| 69 | usernsIno, err = getNamespaceInode(pid, "user") |
| 70 | if err != nil { |
| 71 | return err |
| 72 | } |
| 73 | return nil |
| 74 | }) |
| 75 | require.NoError(t, uerr) |
| 76 | |
| 77 | require.NotEqual(t, currentUsernsIno, usernsIno) |
| 78 | t.Logf("Current user namespace [%d], new user namespace [%d]", currentUsernsIno, usernsIno) |
| 79 | |
| 80 | netnsFd, err := os.Open(netnsPath) |
| 81 | require.NoError(t, err) |
| 82 | defer netnsFd.Close() |
| 83 | |
| 84 | usernsFd, err := GetUsernsForNamespace(netnsFd.Fd()) |
| 85 | require.NoError(t, err) |
| 86 | defer usernsFd.Close() |
| 87 | |
| 88 | usernsInoFromNetnsFd := getInode(t, usernsFd) |
nothing calls this directly
no test coverage detected
searching dependent graphs…