So this is the reason of the failure, it is running in a user namespace and the test doesn't expect that. The other test failure (TestDevicesSetDeny) faces the same problem.
Due to this the Set function mentioned before returns nil before doing any change in the configuration and the test fails.
P.S.: All the links I added is pointing to master but the parts of the code I mentioned here haven't changed so far (compared to the version we have in the archive - 1.0.0~rc8+git20190923.3e425f80-0ubuntu1). I just used those links because I think it is easier when I follow the code.
I've been investigating the TestDevicesSetAllow failure and here are my findings so far:
* Here is the TestDevicesSetAllow function: https:/ /github. com/opencontain ers/runc/ blob/master/ libcontainer/ cgroups/ fs/devices_ test.go# L36 /github. com/opencontain ers/runc/ blob/master/ libcontainer/ cgroups/ fs/devices_ test.go# L51 /github. com/opencontain ers/runc/ blob/master/ libcontainer/ cgroups/ fs/devices_ test.go# L47 /github. com/opencontain ers/runc/ blob/master/ libcontainer/ cgroups/ fs/devices. go#L29
* When it tries the read the file "devices.allow" in cgroups path (in a temp dir) it doesn't exist and the error is raised: https:/
* Calling the Set function with a given configuration should create this file since the config has a list with allowed devices and it doesn't allow all devices: https:/
* Right in the beginning of the Set function it checks if it is running in a user namespace, if that is true it returns nil and the given configuration is not written in any config file, and this is the case here: https:/
So this is the reason of the failure, it is running in a user namespace and the test doesn't expect that. The other test failure (TestDevicesSet Deny) faces the same problem.
I also checked the RunningInUserNS function which determines if it is running in an user namespace: https:/ /github. com/opencontain ers/runc/ blob/master/ libcontainer/ system/ linux.go# L105
* It calls the function CurrentProcessU IDMap which returns the content of /proc/self/uid_map : https:/ /github. com/opencontain ers/runc/ blob/master/ libcontainer/ user/lookup_ unix.go# L138 IDMap returns the mentioned content the RunningInUserNM returns the value returned by UIDMaoInUserNS function: https:/ /github. com/opencontain ers/runc/ blob/master/ libcontainer/ system/ linux.go# L111 /github. com/opencontain ers/runc/ blob/master/ libcontainer/ system/ linux.go# L119
* I checked the content of /proc/self/uid_map in a focal and eoan amd64 containers and both contain the same value: 0 1000000 1000000000
* Since CurrentProcessU
* The condition in UIDMapInUserNS is not satisfied and then it returns true: https:/
Due to this the Set function mentioned before returns nil before doing any change in the configuration and the test fails.
P.S.: All the links I added is pointing to master but the parts of the code I mentioned here haven't changed so far (compared to the version we have in the archive - 1.0.0~rc8+ git20190923. 3e425f80- 0ubuntu1) . I just used those links because I think it is easier when I follow the code.