Merge pull request #4456 from kolyshkin/misc-ci-cleanups

Misc tests/int cleanups

Author: lifubang

tests/integration/helpers.bash

@@ -771,25 +771,15 @@ function requires_idmap_fs() {
 		;;
 	*operation\ not\ permitted)
 		if uname -r | grep -q el9; then
-			# centos kernel 5.14.0-200 does not permit using ID map mounts due to a
-			# specific patch added to their sources:
+			# Older EL9 kernels did not permit using ID map mounts
+			# due to a specific patch added to their sources:
 			# 	https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/131
 			#
-			# There doesn't seem to be any technical reason behind
-			# it, none was provided in numerous examples, like:
-			# 	https://lore.kernel.org/lkml/[email protected]/T/#m3a9df31aa183e8797c70bc193040adfd601399ad
-			#	https://lore.kernel.org/lkml/[email protected]/T/#m59cdad9630d5a279aeecd0c1f117115144bc15eb
-			#	https://lore.kernel.org/lkml/[email protected]
-			#	https://lore.kernel.org/lkml/20210510125147.tkgeurcindldiwxg@wittgenstein
+			# That patch was reverted in:
+			# 	https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/2179
 			#
-			# So, sadly we just need to skip this on centos.
-			#
-			# TODO Nonetheless, there are ongoing works to revert the patch
-			# deactivating ID map mounts:
-			# https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/2179/diffs?commit_id=06f4fe946394cb94d2cf274aa7f3091d8f8469dc
-			# Once this patch is merge, we should be able to remove the below skip
-			# if the revert is backported or if CI centos kernel is upgraded.
-			skip "sadly, centos kernel 5.14 does not permit using ID map mounts"
+			# The above revert is included into the kernel 5.14.0-334.el9.
+			skip "Needs kernel >= 5.14.0-334.el9"
 		fi
 		;;
 	esac

tests/integration/run.bats

@@ -128,10 +128,6 @@ function teardown() {
 }
 
 @test "RUNC_DMZ=true runc run [runc-dmz]" {
-	# centos-7 has an outdated container-selinux (<2.224.0) which means
-	# runc-dmz won't work.
-	exclude_os centos-7
-
 	RUNC_DMZ=true runc --debug run test_hello
 	[ "$status" -eq 0 ]
 	[[ "$output" = *"Hello World"* ]]
@@ -140,10 +136,6 @@ function teardown() {
 }
 
 @test "RUNC_DMZ=true runc run [cap_sys_ptrace -> /proc/self/exe clone]" {
-	# centos-7 has an outdated container-selinux (<2.224.0) which means
-	# runc-dmz won't work.
-	exclude_os centos-7
-
 	# Add CAP_SYS_PTRACE to the bounding set, the minimum needed to indicate a
 	# container process _could_ get CAP_SYS_PTRACE.
 	update_config '.process.capabilities.bounding += ["CAP_SYS_PTRACE"]'
@@ -240,10 +232,6 @@ function teardown() {
 }
 
 @test "RUNC_DMZ=true runc run [exec error]" {
-	# centos-7 has an outdated container-selinux (<2.224.0) which means
-	# runc-dmz won't work.
-	exclude_os centos-7
-
 	cat <<EOF >rootfs/run.sh
 #!/mmnnttbb foo bar
 sh

tests/integration/selinux.bats

@@ -40,10 +40,6 @@ function teardown() {
 
 # https://github.com/opencontainers/runc/issues/4057
 @test "runc run (custom selinux label, RUNC_DMZ=true)" {
-	# centos-7 has an outdated container-selinux (<2.224.0) which means
-	# runc-dmz won't work.
-	exclude_os centos-7
-
 	update_config '	  .process.selinuxLabel |= "system_u:system_r:container_t:s0:c4,c5"
 			| .process.args = ["/bin/true"]'
 	RUNC_DMZ=true runc run tst