1 files changed, 34 insertions, 19 deletions

diff --git a/tests/test_simple.py b/tests/test_simple.py
index 0c4e2b9..878e985 100644
--- a/tests/test_simple.py
+++ b/tests/test_simple.py
@@ -228,39 +228,54 @@ class UnshareIdmapTest(unittest.TestCase):
 
     @pytest.mark.forked
     def test_unshare_user_idmap(self) -> None:
-        overflowuid = int(pathlib.Path("/proc/sys/fs/overflowuid").read_text())
-        uidmap = linuxnamespaces.IDMapping(
-            0, self.uidalloc.allocate(65536), 65536
-        )
-        self.assertNotEqual(os.getuid(), uidmap.outerstart)
-        gidmap = linuxnamespaces.IDMapping(
-            0, self.gidalloc.allocate(65536), 65536
-        )
+        uidmaps = [
+            linuxnamespaces.IDMapping(
+                0, self.uidalloc.allocate(65536), 65536
+            ),
+            linuxnamespaces.IDMapping(65536, os.getuid(), 1),
+        ]
+        self.assertNotEqual(os.getuid(), uidmaps[0].outerstart)
+        gidmaps = [
+            linuxnamespaces.IDMapping(
+                0, self.gidalloc.allocate(65536), 65536
+            ),
+            linuxnamespaces.IDMapping(65536, os.getgid(), 1),
+        ]
         pid = os.getpid()
         @linuxnamespaces.run_in_fork
         def setup() -> None:
-            linuxnamespaces.newidmaps(pid, [uidmap], [gidmap])
+            linuxnamespaces.newidmaps(pid, uidmaps, gidmaps)
         linuxnamespaces.unshare(linuxnamespaces.CloneFlags.NEWUSER)
         setup()
-        self.assertEqual(os.getuid(), overflowuid)
+        self.assertEqual(os.getuid(), 65536)
         os.setuid(0)
         self.assertEqual(os.getuid(), 0)
-        os.setuid(1)
+        # Keep root in saved-set for later setuid
+        os.setresuid(1, 1, 0)
         self.assertEqual(os.getuid(), 1)
+        # Regain root and a full set of capabilities to save test coverage
+        os.setuid(0)
 
     @pytest.mark.forked
     def test_populate_dev(self) -> None:
-        uidmap = linuxnamespaces.IDMapping(
-            0, self.uidalloc.allocate(65536), 65536
-        )
-        self.assertNotEqual(os.getuid(), uidmap.outerstart)
-        gidmap = linuxnamespaces.IDMapping(
-            0, self.gidalloc.allocate(65536), 65536
-        )
+        uidmaps = [
+            linuxnamespaces.IDMapping(
+                0, self.uidalloc.allocate(65536), 65536
+            ),
+            # Also map our own uid to make coverage testing work
+            linuxnamespaces.IDMapping(65536, os.getuid(), 1),
+        ]
+        self.assertNotEqual(os.getuid(), uidmaps[0].outerstart)
+        gidmaps = [
+            linuxnamespaces.IDMapping(
+                0, self.gidalloc.allocate(65536), 65536
+            ),
+            linuxnamespaces.IDMapping(65536, os.getgid(), 1),
+        ]
         pid = os.getpid()
         @linuxnamespaces.run_in_fork
         def setup() -> None:
-            linuxnamespaces.newidmaps(pid, [uidmap], [gidmap])
+            linuxnamespaces.newidmaps(pid, uidmaps, gidmaps)
         linuxnamespaces.unshare(
             linuxnamespaces.CloneFlags.NEWUSER
             | linuxnamespaces.CloneFlags.NEWNS