Skip to content

Commit c17d3bd

Browse files
ratarata
committed
pkg/cri/server: Test net.ipv4.ping_group_range works with userns
Signed-off-by: Rodrigo Campos <[email protected]>
1 parent 9bf5aec commit c17d3bd

1 file changed

Lines changed: 21 additions & 0 deletions

File tree

pkg/cri/server/sandbox_run_linux_test.go

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -148,6 +148,27 @@ func TestLinuxSandboxContainerSpec(t *testing.T) {
148148
})
149149
},
150150
},
151+
{
152+
desc: "spec shouldn't have ping_group_range if userns are in use",
153+
configChange: func(c *runtime.PodSandboxConfig) {
154+
c.Linux.SecurityContext = &runtime.LinuxSandboxSecurityContext{
155+
NamespaceOptions: &runtime.NamespaceOption{
156+
UsernsOptions: &runtime.UserNamespace{
157+
Mode: runtime.NamespaceMode_POD,
158+
Uids: []*runtime.IDMapping{&idMap},
159+
Gids: []*runtime.IDMapping{&idMap},
160+
},
161+
},
162+
}
163+
},
164+
specCheck: func(t *testing.T, spec *runtimespec.Spec) {
165+
require.NotNil(t, spec.Linux)
166+
assert.Contains(t, spec.Linux.Namespaces, runtimespec.LinuxNamespace{
167+
Type: runtimespec.UserNamespace,
168+
})
169+
assert.NotContains(t, spec.Linux.Sysctl["net.ipv4.ping_group_range"], "0 2147483647")
170+
},
171+
},
151172
{
152173
desc: "host namespace",
153174
configChange: func(c *runtime.PodSandboxConfig) {

0 commit comments

Comments
 (0)