From 61b689dd893ad80d519d593e467b480aa0df6546 Mon Sep 17 00:00:00 2001
From: Simon Deziel <simon.deziel@canonical.com>
Date: Fri, 14 Jul 2023 08:28:22 -0400
Subject: [PATCH] integration/run-integration-tests-in-lxd: bail if
 unprivileged userns clone is not permitted

Signed-off-by: Simon Deziel <simon.deziel@canonical.com>
---
 integration/run-integration-tests-in-lxd | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/integration/run-integration-tests-in-lxd b/integration/run-integration-tests-in-lxd
index a74da833..1db57559 100755
--- a/integration/run-integration-tests-in-lxd
+++ b/integration/run-integration-tests-in-lxd
@@ -33,6 +33,13 @@ function run_tests {
     lxc delete --force "$container_name"
 }
 
+# Make sure unprivileged userns clone is enabled otherwise security.nesting=true
+# won't work.
+if [ "$(cat /proc/sys/kernel/unprivileged_userns_clone)" -eq 0 ]; then
+    echo "unpriviliged userns clone disabled, unable to run tests" >&2
+    exit 1
+fi
+
 declare -a images
 if [ $# -gt 0 ]; then
     images=("$@")