tests: Adjust sandbox test expectations for Ubuntu 24.04

See #8424
2025-02-24 09:40:06 +01:00 · 2025-02-24 09:40:06 +01:00 · f814701757
parent bc25b03738
commit f814701757
2 changed files with 23 additions and 1 deletions
--- a/tests/end2end/test_invocations.py
+++ b/tests/end2end/test_invocations.py
@ -884,11 +884,14 @@ def test_sandboxing(
        request, quteproc_new, sandboxing,
        has_namespaces, has_seccomp, has_yama, expected_result,
 ):
+    # https://github.com/qutebrowser/qutebrowser/issues/8424
+    userns_restricted = testutils.is_userns_restricted()
+
    if not request.config.webengine:
        pytest.skip("Skipped with QtWebKit")
    elif sandboxing == "enable-all" and testutils.disable_seccomp_bpf_sandbox():
        pytest.skip("Full sandboxing not supported")
-    elif version.is_flatpak():
+    elif version.is_flatpak() or userns_restricted:
        # https://github.com/flathub/io.qt.qtwebengine.BaseApp/pull/66
        has_namespaces = False
        expected_result = "You are NOT adequately sandboxed."
--- a/tests/helpers/testutils.py
+++ b/tests/helpers/testutils.py
@ -12,8 +12,10 @@ import pprint
 import os.path
 import contextlib
 import pathlib
+import subprocess
 import importlib.util
 import importlib.machinery
+from typing import Optional

 import pytest

@ -310,3 +312,20 @@ def enum_members(base, enumtype):
            for name, value in vars(base).items()
            if isinstance(value, enumtype)
        }
+
+
+def is_userns_restricted() -> Optional[bool]:
+    if not utils.is_linux:
+        return None
+
+    try:
+        proc = subprocess.run(
+            ["sysctl", "-n", "kernel.apparmor_restrict_unprivileged_userns"],
+            capture_output=True,
+            text=True,
+            check=True,
+        )
+    except (FileNotFoundError, subprocess.CalledProcessError):
+        return None
+
+    return proc.stdout.strip() == "1"