Remove escalated privileges

Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>

integration/client/go.mod

@@ -4,7 +4,7 @@ go 1.19
 
 require (
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1
-	github.com/Microsoft/go-winio v0.6.1-0.20230228163719-dd5de6900b62
+	github.com/Microsoft/go-winio v0.6.1-0.20230228163719-dd5de6900b62 // indirect
 	github.com/Microsoft/hcsshim v0.10.0-rc.7
 	github.com/Microsoft/hcsshim/test v0.0.0-20210408205431-da33ecd607e1
 	github.com/containerd/cgroups/v3 v3.0.1

integration/client/snapshot_test.go

@@ -22,6 +22,7 @@ import (
 
 	. "github.com/containerd/containerd"
 	"github.com/containerd/containerd/snapshots"
+	"github.com/containerd/containerd/snapshots/testsuite"
 )
 
 func newSnapshotter(ctx context.Context, root string) (snapshots.Snapshotter, func() error, error) {
@@ -39,5 +40,9 @@ func newSnapshotter(ctx context.Context, root string) (snapshots.Snapshotter, fu
 }
 
 func TestSnapshotterClient(t *testing.T) {
-	runTestSnapshotterClient(t)
+	if testing.Short() {
+		t.Skip()
+	}
+
+	testsuite.SnapshotterSuite(t, DefaultSnapshotter, newSnapshotter)
 }

integration/client/snapshot_unix_test.go

@@ -1,35 +0,0 @@
-//go:build !windows
-// +build !windows
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package client
-
-import (
-	"testing"
-
-    . "github.com/containerd/containerd"
-	"github.com/containerd/containerd/snapshots/testsuite"
-)
-
-func runTestSnapshotterClient(t *testing.T) {
-	if testing.Short() {
-		t.Skip()
-	}
-
-	testsuite.SnapshotterSuite(t, DefaultSnapshotter, newSnapshotter)
-}

integration/client/snapshot_windows_test.go

@@ -1,42 +0,0 @@
-//go:build windows
-// +build windows
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package client
-
-import (
-	"testing"
-
-	winio "github.com/Microsoft/go-winio"
-
-	. "github.com/containerd/containerd"
-	"github.com/containerd/containerd/snapshots/testsuite"
-)
-
-func runTestSnapshotterClient(t *testing.T) {
-	if testing.Short() {
-		t.Skip()
-	}
-	// The SeBackupPrivilege and SeRestorePrivilege gives us access to system files inside the container mount points
-	// (and everywhere on the system), without having to explicitly set DACLs on each location inside the mount point.
-	if err := winio.EnableProcessPrivileges([]string{winio.SeBackupPrivilege, winio.SeRestorePrivilege}); err != nil {
-		t.Fatal(err)
-	}
-	defer winio.DisableProcessPrivileges([]string{winio.SeBackupPrivilege, winio.SeRestorePrivilege})
-	testsuite.SnapshotterSuite(t, DefaultSnapshotter, newSnapshotter)
-}