Changeset b21bf4f in mod_gnutls


Ignore:
Timestamp:
Jan 28, 2016, 2:46:58 PM (4 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
4d2d182
Parents:
29d3311
git-author:
Thomas Klute <thomas2.klute@…> (01/28/16 14:39:10)
git-committer:
Thomas Klute <thomas2.klute@…> (01/28/16 14:46:58)
Message:

configure: Check if creating namespaces is possible

Some Linux distributions (I've observed this on Debian) restrict
unprivileged users' ability to create namespaces, so checking just
whether the "unshare" command is available is not enough: If it is but
the user building mod_gnutls does not have the necessary permissions,
test cases will fail when trying to create their namespaces. Add a
check that tries to actually create a namespace and disable namespace
isolation of tests if it fails.

Files:
2 edited

Legend:

Unmodified
Added
Removed
  • configure.ac

    r29d3311 rb21bf4f  
    7878        support it)]),
    7979        [use_netns=$enableval], [use_netns=yes])
    80 dnl If namespaces are enabled, make sure "unshare" is available
    81 if test "$enable_test_namespaces" != "no"; then
    82         AC_PATH_PROG([UNSHARE], [unshare], [no])
    83         use_netns=${UNSHARE}
    84         # default mutex breaks in namespace, use "pthread" instead
    85         MUTEX_TYPE="pthread"
    86         PID_AFFIX="-\${TEST_NAME}"
    87 else
    88         MUTEX_TYPE="default"
    89         PID_AFFIX=""
    90 fi
     80
     81# Check if "unshare" is available and has permission to create network
     82# and user namespaces
     83AC_PATH_PROG([UNSHARE], [unshare], [no])
     84AS_IF([test "${UNSHARE}" != "no"],
     85      [
     86        AC_MSG_CHECKING([whether ${UNSHARE} allows network and user namespaces])
     87        AS_IF([${UNSHARE} --net -r /bin/sh -c \
     88                "ip link set up lo; ip addr show" >&AS_MESSAGE_LOG_FD 2>&1],
     89              [unshare_works="yes"], [unshare_works="no"])
     90        AC_MSG_RESULT([$unshare_works])
     91      ],
     92      [unshare_works="yes"])
     93# decide whether to enable network namespaces
     94AS_IF([test "$enable_test_namespaces" != "no" \
     95            && test "$unshare_works" = "yes"],
     96      [use_netns="yes"], [use_netns="no"])
    9197AM_CONDITIONAL([ENABLE_NETNS], [test "$use_netns" != "no"])
     98# Adjust Apache configuration for tests accordingly: Use pthread mutex
     99# and test specific PID files if using namespaces, defaults otherwise.
     100AS_IF([test "$use_netns" = "yes"],
     101      [MUTEX_TYPE="pthread"; PID_AFFIX="-\${TEST_NAME}"],
     102      [MUTEX_TYPE="default"; PID_AFFIX=""])
    92103AC_SUBST(MUTEX_TYPE)
    93104AC_SUBST(PID_AFFIX)
  • test/README

    r29d3311 rb21bf4f  
    8888backend, and there is no technical requirement to use "runtests".
    8989
    90 By default (if "unshare" is available and --disable-test-namespaces
    91 has NOT been passed to configure), each test case is run inside its
    92 own network namespace. This avoids address and port conflicts with
     90By default (if "unshare" is available and has the permissions required
     91to create network and user namespaces), each test case is run inside
     92its own network namespace. This avoids address and port conflicts with
    9393other tests as well has the host system.
    9494
     
    127127The first two of these issues are avoided when the tests are isolated
    128128using network namespaces, which is the default (see "Implementation"
    129 above).
     129above). The ./configure script tries to detect if namespaces can be
     130used (some Linux distributions disable them for unprivileged
     131users). If this detection returns a false positive or you do not want
     132to use namespace isolation for some other reason, you can run
     133configure with the --disable-test-namespaces option.
    130134
    131135In some situations you may want to see the exact environment as
Note: See TracChangeset for help on using the changeset viewer.