#328 Check if user file exist in ns directory

lib/core/namespace.sh

@@ -15,8 +15,24 @@ COMMON_BWRAP_OPTION="--bind "$JUNEST_HOME" / --bind "$HOME" "$HOME" --bind /tmp
 CONFIG_PROC_FILE="/proc/config.gz"
 CONFIG_BOOT_FILE="/boot/config-$($UNAME -r)"
 PROC_USERNS_CLONE_FILE="/proc/sys/kernel/unprivileged_userns_clone"
+PROC_USERNS_FILE="/proc/$$/ns/user"
 
 function _is_user_namespace_enabled() {
+    if [[ -L $PROC_USERNS_FILE ]]
+    then
+        return 0
+    fi
+
+    if [[ -e $PROC_USERNS_CLONE_FILE ]]
+    then
+        # `-q` option in zgrep may cause a gzip: stdout: Broken pipe
+        # Use redirect to /dev/null instead
+        if zgrep_cmd "1" "$PROC_USERNS_CLONE_FILE" > /dev/null
+        then
+            return 0
+        fi
+    fi
+
     local config_file=""
     if [[ -e $CONFIG_PROC_FILE ]]
     then
@@ -35,19 +51,7 @@ function _is_user_namespace_enabled() {
         return "$NO_CONFIG_FOUND"
     fi
 
-    if [[ ! -e $PROC_USERNS_CLONE_FILE ]]
-    then
-        return 0
-    fi
-
-    # `-q` option in zgrep may cause a gzip: stdout: Broken pipe
-    # Use redirect to /dev/null instead
-    if ! zgrep_cmd "1" $PROC_USERNS_CLONE_FILE > /dev/null
-    then
-        return "$UNPRIVILEGED_USERNS_DISABLED"
-    fi
-
-    return 0
+    return "$UNPRIVILEGED_USERNS_DISABLED"
 }
 
 function _check_user_namespace() {

tests/unit-tests/test-namespace.sh

@@ -58,50 +58,45 @@ function _test_copy_remaining_files() {
 }
 
 function test_is_user_namespace_enabled_no_config_file(){
+    PROC_USERNS_FILE="blah"
+    PROC_USERNS_CLONE_FILE="blah"
     CONFIG_PROC_FILE="blah"
     CONFIG_BOOT_FILE="blah"
     assertCommandFailOnStatus "$NOT_EXISTING_FILE" _is_user_namespace_enabled
 }
 
 function test_is_user_namespace_enabled_no_config(){
+    PROC_USERNS_FILE="blah"
+    PROC_USERNS_CLONE_FILE="blah"
     touch config
     gzip config
+    # shellcheck disable=SC2034
     CONFIG_PROC_FILE="config.gz"
+    # shellcheck disable=SC2034
     CONFIG_BOOT_FILE="blah"
     assertCommandFailOnStatus "$NO_CONFIG_FOUND" _is_user_namespace_enabled
 }
 
-function test_is_user_namespace_enabled_with_config(){
-    echo "CONFIG_USER_NS=y" > config
-    gzip config
-    CONFIG_PROC_FILE="config.gz"
-    CONFIG_BOOT_FILE="blah"
-    PROC_USERNS_CLONE_FILE="not-existing-file"
-    assertCommandSuccess _is_user_namespace_enabled
-}
-
 function test_is_user_namespace_enabled_with_userns_clone_file_disabled(){
-    echo "CONFIG_USER_NS=y" > config
-    gzip config
-    CONFIG_PROC_FILE="config.gz"
-    CONFIG_BOOT_FILE="blah"
+    PROC_USERNS_FILE="blah"
     PROC_USERNS_CLONE_FILE="unprivileged_userns_clone"
     echo "0" > $PROC_USERNS_CLONE_FILE
     assertCommandFailOnStatus "$UNPRIVILEGED_USERNS_DISABLED" _is_user_namespace_enabled
 }
 
 function test_is_user_namespace_enabled_with_userns_clone_file_enabled(){
-    echo "CONFIG_USER_NS=y" > config
-    gzip config
-    # shellcheck disable=SC2034
-    CONFIG_PROC_FILE="config.gz"
-    # shellcheck disable=SC2034
-    CONFIG_BOOT_FILE="blah"
     PROC_USERNS_CLONE_FILE="unprivileged_userns_clone"
     echo "1" > $PROC_USERNS_CLONE_FILE
     assertCommandSuccess _is_user_namespace_enabled
 }
 
+function test_is_user_namespace_enabled_with_proc_userns_file_existing(){
+    PROC_USERNS_FILE="user"
+    ln -s . $PROC_USERNS_FILE
+    PROC_USERNS_CLONE_FILE="blah"
+    assertCommandSuccess _is_user_namespace_enabled
+}
+
 function test_run_env_as_bwrap_fakeroot() {
     assertCommandSuccess run_env_as_bwrap_fakeroot "" "" "false"
     assertEquals "$BWRAP $COMMON_BWRAP_OPTION --cap-add ALL --uid 0 --gid 0 sudo /bin/sh --login" "$(cat "$STDOUTF")"