On Wed, 05 Sep 2018 at 22:02:01 -0700, Steve Langasek wrote: > This is because armhf is the single architecture on which Ubuntu runs its > autopkgtests in containers rather than in VMs, and these are unprivileged > containers, which means "root" processes don't actually have the > capabilities necessary to re-raise limits after they've been lowered.
I'm not sure whether such a container should be considered to satisfy the needs-root restriction. How much root does/should needs-root guarantee? Perhaps there should be separate restrictions for "needs fully privileged root" and "needs unprivileged-container root"? (But I'm not sure which one needs-root should be.) > I've uploaded the attached patch to Ubuntu in order to have passing tests > again on armhf. I'm not sure if you would consider it sufficiently correct > for Debian, since this means we're also skipping this test on privileged > containers, but I guess it should be a starting point for discussion. Can we probe for the required capability, perhaps with capsh | grep '^Current:.*\<cap_sys_resource\>' or something? Thanks, smcv