From fa12fa1492514deafe18a2c4725b3571b2332807 Mon Sep 17 00:00:00 2001
From: Felix Fontein <felix@fontein.de>
Date: Fri, 25 Jul 2025 20:55:02 +0200
Subject: [PATCH] Make EE tests work.

---
 antsibull-nox.toml                                    | 10 ++++++++++
 tests/ee/roles/current_container_facts/tasks/main.yml |  4 +++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/antsibull-nox.toml b/antsibull-nox.toml
index 4f7e8f71..052441c8 100644
--- a/antsibull-nox.toml
+++ b/antsibull-nox.toml
@@ -82,8 +82,13 @@ config.dependencies.python_interpreter.package_system = "python3.11 python3.11-p
 config.dependencies.python_interpreter.python_path = "/usr/bin/python3.11"
 runtime_environment = {"ANSIBLE_PRIVATE_ROLE_VARS" = "true"}
 runtime_container_options = [
+    # Mount Docker socket into the container so we can talk to Docker outside the container
     "-v",
     "/var/run/docker.sock:/var/run/docker.sock",
+    # Need to be root so we can access /var/run/docker.sock, which usually isn't accessible by the user,
+    # but only by the group the user is in (but that group membership isn't there in the container)
+    "--user",
+    "0",
 ]
 
 [[sessions.ee_check.execution_environments]]
@@ -95,6 +100,11 @@ config.dependencies.ansible_core.package_pip = "https://github.com/ansible/ansib
 config.dependencies.ansible_runner.package_pip = "ansible-runner"
 runtime_environment = {"ANSIBLE_PRIVATE_ROLE_VARS" = "true"}
 runtime_container_options = [
+    # Mount Docker socket into the container so we can talk to Docker outside the container
     "-v",
     "/var/run/docker.sock:/var/run/docker.sock",
+    # Need to be root so we can access /var/run/docker.sock, which usually isn't accessible by the user,
+    # but only by the group the user is in (but that group membership isn't there in the container)
+    "--user",
+    "0",
 ]
diff --git a/tests/ee/roles/current_container_facts/tasks/main.yml b/tests/ee/roles/current_container_facts/tasks/main.yml
index d5096cdd..72bcbe66 100644
--- a/tests/ee/roles/current_container_facts/tasks/main.yml
+++ b/tests/ee/roles/current_container_facts/tasks/main.yml
@@ -15,11 +15,13 @@
 
 - name: Read some files
   slurp:
-    src: "{{ item }}"
+    src: "{{ path }}"
   loop:
     - /proc/self/cpuset
     - /proc/1/cgroup
     - /proc/1/environ
+  loop_control:
+    loop_var: path
 
 - name: Print facts returned by module
   debug: