pkg/cri/server: Test net.ipv4.ping_group_range works with userns

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>

pkg/cri/server/sandbox_run_linux_test.go

@@ -148,6 +148,27 @@ func TestLinuxSandboxContainerSpec(t *testing.T) {
 				})
 			},
 		},
+		{
+			desc: "spec shouldn't have ping_group_range if userns are in use",
+			configChange: func(c *runtime.PodSandboxConfig) {
+				c.Linux.SecurityContext = &runtime.LinuxSandboxSecurityContext{
+					NamespaceOptions: &runtime.NamespaceOption{
+						UsernsOptions: &runtime.UserNamespace{
+							Mode: runtime.NamespaceMode_POD,
+							Uids: []*runtime.IDMapping{&idMap},
+							Gids: []*runtime.IDMapping{&idMap},
+						},
+					},
+				}
+			},
+			specCheck: func(t *testing.T, spec *runtimespec.Spec) {
+				require.NotNil(t, spec.Linux)
+				assert.Contains(t, spec.Linux.Namespaces, runtimespec.LinuxNamespace{
+					Type: runtimespec.UserNamespace,
+				})
+				assert.NotContains(t, spec.Linux.Sysctl["net.ipv4.ping_group_range"], "0 2147483647")
+			},
+		},
 		{
 			desc: "host namespace",
 			configChange: func(c *runtime.PodSandboxConfig) {