You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I get errors from unshare when running the graceful_shutdown test after upgrading to Ubuntu 24.04. This is happening because Ubuntu is now restricting unprivileged user namespaces by default. I was able to work around this temporarily by running sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0.
The original reason for introducing unshare in this test was to test the function of signal handlers when running as PID 0, since the default SIGTERM handler behaves differently depending on the PID. We could replace the existing integration test with a test that relies on testcontainers, gated behind cargo xtask test-docker. Docker has its own AppArmor profile that allows it to use user namespaces, if running in rootless mode, so we can still get the correct PID in our test setup. Plus, testing a container image is a step closer to what we actually run than testing the executable alone.
The text was updated successfully, but these errors were encountered:
I get errors from
unsharewhen running thegraceful_shutdowntest after upgrading to Ubuntu 24.04. This is happening because Ubuntu is now restricting unprivileged user namespaces by default. I was able to work around this temporarily by runningsudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0.The original reason for introducing
unsharein this test was to test the function of signal handlers when running as PID 0, since the default SIGTERM handler behaves differently depending on the PID. We could replace the existing integration test with a test that relies ontestcontainers, gated behindcargo xtask test-docker. Docker has its own AppArmor profile that allows it to use user namespaces, if running in rootless mode, so we can still get the correct PID in our test setup. Plus, testing a container image is a step closer to what we actually run than testing the executable alone.The text was updated successfully, but these errors were encountered: