From a20a8225cfcbf042b671d741e881125579683a4a Mon Sep 17 00:00:00 2001
From: Peter Hunt <pehunt@redhat.com>
Date: Mon, 4 Mar 2024 15:41:41 -0500
Subject: [PATCH] e2e_node: skip proc mount tests on nodes without userns
 support in the runtime

Signed-off-by: Peter Hunt <pehunt@redhat.com>
Co-authored-by: Sohan Kunkerkar <sohank2602@gmail.com>
---
 test/e2e_node/proc_mount_test.go | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/test/e2e_node/proc_mount_test.go b/test/e2e_node/proc_mount_test.go
index 50df27ceed3..dede318adbb 100644
--- a/test/e2e_node/proc_mount_test.go
+++ b/test/e2e_node/proc_mount_test.go
@@ -28,6 +28,7 @@ import (
 	"k8s.io/kubernetes/test/e2e/feature"
 	"k8s.io/kubernetes/test/e2e/framework"
 	e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
+	e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
 	"k8s.io/kubernetes/test/e2e/nodefeature"
 	testutils "k8s.io/kubernetes/test/utils"
 	imageutils "k8s.io/kubernetes/test/utils/image"
@@ -50,6 +51,9 @@ var _ = SIGDescribe("ProcMount [LinuxOnly]", nodefeature.ProcMountType, nodefeat
 	f.NamespacePodSecurityLevel = admissionapi.LevelBaseline
 
 	f.It("will fail to unmask proc mounts if not privileged", func(ctx context.Context) {
+		if !supportsUserNS(ctx, f) {
+			e2eskipper.Skipf("runtime does not support user namespaces")
+		}
 		pmt := v1.UnmaskedProcMount
 		podClient := e2epod.NewPodClient(f)
 		_, err := podClient.PodInterface.Create(ctx, &v1.Pod{
@@ -79,6 +83,9 @@ var _ = SIGDescribe("ProcMount [LinuxOnly]", nodefeature.ProcMountType, nodefeat
 	f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged
 
 	f.It("will unmask proc mounts if requested", func(ctx context.Context) {
+		if !supportsUserNS(ctx, f) {
+			e2eskipper.Skipf("runtime does not support user namespaces")
+		}
 		testProcMount(ctx, f, v1.UnmaskedProcMount, gomega.Equal(1), gomega.BeZero())
 	})
 })
@@ -113,3 +120,17 @@ func testProcMount(ctx context.Context, f *framework.Framework, pmt v1.ProcMount
 	gomega.Expect(len(lines)).To(expectedLines)
 	gomega.Expect(strings.Count(output, "(ro")).To(expectedReadOnly)
 }
+
+func supportsUserNS(ctx context.Context, f *framework.Framework) bool {
+	nodeList, err := f.ClientSet.CoreV1().Nodes().List(ctx, metav1.ListOptions{})
+	framework.ExpectNoError(err)
+	// Assuming that there is only one node, because this is a node e2e test.
+	gomega.Expect(nodeList.Items).To(gomega.HaveLen(1))
+	node := nodeList.Items[0]
+	for _, rc := range node.Status.RuntimeHandlers {
+		if rc.Name == "" && rc.Features != nil && *rc.Features.UserNamespaces {
+			return true
+		}
+	}
+	return false
+}