Changeset 4d2d182 in mod_gnutls for test


Ignore:
Timestamp:
Jan 28, 2016, 3:03:36 PM (4 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
c0bb823
Parents:
b21bf4f
Message:

Test suite: Switch to non-root user namespace before running Apache

Apache tries to switch permissions to a non-root user when started as
root. However, inside a namespace with pseudo root access (needed to
bring up the loopback device of the network namespace) this fails
because no such user exists inside the namespace. Changing to a
non-root user namespace beforehand avoids the issue.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • test/common.bash

    rb21bf4f r4d2d182  
    2727# MGS_NETNS_ACTIVE is used to track status, there's no harm in calling
    2828# it multiple times (e.g. in the test-* script and runtests).
     29#
     30# Note that once the network is up, the reexec is wrapped in another
     31# user namespace to get rid of pseudo "root" access. The reason for
     32# this is that Apache tries to switch permissions to a non-root user
     33# when apparently started as root, and fails because no such user
     34# exists inside the namespace. Changing to a non-root user beforehand
     35# avoids that issue.
    2936function netns_reexec
    3037{
    3138    if [ -n "${USE_TEST_NAMESPACE}" ] && [ -z "${MGS_NETNS_ACTIVE}" ]; then
    3239        exec "${UNSHARE}" --net -r /bin/bash -c \
    33              "export MGS_NETNS_ACTIVE=1; ip link set up lo; exec ${0} ${@}"
     40             "export MGS_NETNS_ACTIVE=1; ip link set up lo; exec ${UNSHARE} --user ${0} ${@}"
    3441    fi
    3542    return 0
Note: See TracChangeset for help on using the changeset viewer.