Re: [PATCH proxmox] oci: ignore tests that require to be run as UID 0

["Fabian Grünbichler" <f.gruenbichler@proxmox.com>]

On March 9, 2026 4:39 pm, Filip Schauer wrote:
> This prevents unprivileged test runs from failing when extracting test
> artifacts containing files with UID 0.
> 
> The tests can still run without root privileges using a user namespace:
> unshare -r cargo test -- --include-ignored

before this patch:
- `cargo test -p proxmox-oci` fails (unless you happen to run it as real
  or fake root)
- `make deb` runs the test under fakeroot, so executes them and they
  work
- `make dsc` and building with sbuild+autopkgtest using unshare runs the
  test in a userns as non-privileged user, executes them but they fail
  (unles the debian/tests/control file is extended with `needs-root`)

1/3

after this patch:
- `cargo test -p proxmox-oci` works, but doesn't run the test
- `make deb` works, but doesn't run the test
- `make dsc` works, but doesn't run the test

0/3

so in practice this has roughly the same effect as dropping the tests
enitrely, because nobody will go out of their way to run tests using a
special invocation (we know that, because until we added a `cargo test`
invocation to `make deb` tests would frequently be broken without
anybody noticing..)

I still think either
- creating those tar files on the fly with the current user/group (if
  that makes the tests work!) or
- printing a warning and skipping the test if not root

would be better options, as that would lead to some level of coverage
out of the box..

I'll add control over `needs-root` and the other restrictions to
debcargo to my todo list, so we can at least fix the tests run during
proper package building fixed without the need to manually override the
whole tests control file..

> 
> Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
> ---
>  proxmox-oci/tests/extract_replace.rs   | 3 +++
>  proxmox-oci/tests/extract_whiteouts.rs | 3 +++
>  2 files changed, 6 insertions(+)
> 
> diff --git a/proxmox-oci/tests/extract_replace.rs b/proxmox-oci/tests/extract_replace.rs
> index eb41f9e3..2c8ea7ed 100644
> --- a/proxmox-oci/tests/extract_replace.rs
> +++ b/proxmox-oci/tests/extract_replace.rs
> @@ -4,6 +4,7 @@ use proxmox_oci::{parse_and_extract_image, Arch};
>  use proxmox_sys::fs::make_tmp_dir;
>  
>  #[test]
> +#[ignore = "Must be run as UID 0 (unshare -r cargo test -- --include-ignored)"]
>  fn test_replace_file() {
>      let extract_dir = make_tmp_dir("/tmp/", None).unwrap();
>  
> @@ -23,6 +24,7 @@ fn test_replace_file() {
>  }
>  
>  #[test]
> +#[ignore = "Must be run as UID 0 (unshare -r cargo test -- --include-ignored)"]
>  fn test_replace_file_with_dir() {
>      let extract_dir = make_tmp_dir("/tmp/", None).unwrap();
>  
> @@ -40,6 +42,7 @@ fn test_replace_file_with_dir() {
>  }
>  
>  #[test]
> +#[ignore = "Must be run as UID 0 (unshare -r cargo test -- --include-ignored)"]
>  fn test_replace_dir_with_file() {
>      let extract_dir = make_tmp_dir("/tmp/", None).unwrap();
>  
> diff --git a/proxmox-oci/tests/extract_whiteouts.rs b/proxmox-oci/tests/extract_whiteouts.rs
> index 71ec4dea..0333dac9 100644
> --- a/proxmox-oci/tests/extract_whiteouts.rs
> +++ b/proxmox-oci/tests/extract_whiteouts.rs
> @@ -40,6 +40,7 @@ fn test_whiteout_root_parent_breakout() {
>  }
>  
>  #[test]
> +#[ignore = "Must be run as UID 0 (unshare -r cargo test -- --include-ignored)"]
>  fn test_whiteout_current_directory() {
>      let extract_dir = make_tmp_dir("/tmp/", None).unwrap();
>  
> @@ -57,6 +58,7 @@ fn test_whiteout_current_directory() {
>  }
>  
>  #[test]
> +#[ignore = "Must be run as UID 0 (unshare -r cargo test -- --include-ignored)"]
>  fn test_whiteout_symlink() {
>      let extract_dir = make_tmp_dir("/tmp/", None).unwrap();
>  
> @@ -75,6 +77,7 @@ fn test_whiteout_symlink() {
>  }
>  
>  #[test]
> +#[ignore = "Must be run as UID 0 (unshare -r cargo test -- --include-ignored)"]
>  fn test_whiteout_dead_symlink_parent() {
>      let extract_dir = make_tmp_dir("/tmp/", None).unwrap();
>  
> -- 
> 2.47.3
> 
> 
> 
> 
> 
>