I've been investigating the TestDevicesSetAllow failure and here are my findings so far:
* Here is the TestDevicesSetAllow function: https://github.com/opencontainers/runc/blob/master/libcontainer/cgroups/fs/devices_test.go#L36 * When it tries the read the file "devices.allow" in cgroups path (in a temp dir) it doesn't exist and the error is raised: https://github.com/opencontainers/runc/blob/master/libcontainer/cgroups/fs/devices_test.go#L51 * Calling the Set function with a given configuration should create this file since the config has a list with allowed devices and it doesn't allow all devices: https://github.com/opencontainers/runc/blob/master/libcontainer/cgroups/fs/devices_test.go#L47 * Right in the beginning of the Set function it checks if it is running in a user namespace, if that is true it returns nil and the given configuration is not written in any config file, and this is the case here: https://github.com/opencontainers/runc/blob/master/libcontainer/cgroups/fs/devices.go#L29 So this is the reason of the failure, it is running in a user namespace and the test doesn't expect that. The other test failure (TestDevicesSetDeny) faces the same problem. I also checked the RunningInUserNS function which determines if it is running in an user namespace: https://github.com/opencontainers/runc/blob/master/libcontainer/system/linux.go#L105 * It calls the function CurrentProcessUIDMap which returns the content of /proc/self/uid_map : https://github.com/opencontainers/runc/blob/master/libcontainer/user/lookup_unix.go#L138 * I checked the content of /proc/self/uid_map in a focal and eoan amd64 containers and both contain the same value: 0 1000000 1000000000 * Since CurrentProcessUIDMap returns the mentioned content the RunningInUserNM returns the value returned by UIDMaoInUserNS function: https://github.com/opencontainers/runc/blob/master/libcontainer/system/linux.go#L111 * The condition in UIDMapInUserNS is not satisfied and then it returns true: https://github.com/opencontainers/runc/blob/master/libcontainer/system/linux.go#L119 Due to this the Set function mentioned before returns nil before doing any change in the configuration and the test fails. P.S.: All the links I added is pointing to master but the parts of the code I mentioned here haven't changed so far (compared to the version we have in the archive - 1.0.0~rc8+git20190923.3e425f80-0ubuntu1). I just used those links because I think it is easier when I follow the code. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1856083 Title: autopkgtest failure in focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/runc/+bug/1856083/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
