This commit is part of clone3 clean up. As part of clean up we will

Askar Safin · Askar Safin · commit 57f9d1f01a6b · 2024-01-24T15:22:00.000+03:00
remove tests/ui/command/command-create-pidfd.rs . But it contains
very useful comment, so let's move the comment to library/std/src/sys/pal/unix/rand.rs ,
which contains another instance of the same Docker problem
diff --git a/library/std/src/sys/pal/unix/rand.rs b/library/std/src/sys/pal/unix/rand.rs
@@ -106,7 +106,18 @@ mod imp {
                     // supported on the current kernel.
                     //
                     // Also fall back in case it is disabled by something like
-                    // seccomp or inside of virtual machines.
+                    // seccomp or inside of docker.
+                    //
+                    // If the `getrandom` syscall is not implemented in the current kernel version it should return an
+                    // `ENOSYS` error. Docker also blocks the whole syscall inside unprivileged containers, and
+                    // returns `EPERM` (instead of `ENOSYS`) when a program tries to invoke the syscall. Because of
+                    // that we need to check for *both* `ENOSYS` and `EPERM`.
+                    //
+                    // Note that Docker's behavior is breaking other projects (notably glibc), so they're planning
+                    // to update their filtering to return `ENOSYS` in a future release:
+                    //
+                    //     https://github.com/moby/moby/issues/42680
+                    //
                     GETRANDOM_UNAVAILABLE.store(true, Ordering::Relaxed);
                     return false;
                 } else if err == libc::EAGAIN {
diff --git a/tests/ui/command/command-create-pidfd.rs b/tests/ui/command/command-create-pidfd.rs
@@ -16,16 +16,6 @@ fn has_clone3() -> bool {
         .then(|| Error::last_os_error())
         .expect("probe syscall should not succeed");
 
-    // If the `clone3` syscall is not implemented in the current kernel version it should return an
-    // `ENOSYS` error. Docker also blocks the whole syscall inside unprivileged containers, and
-    // returns `EPERM` (instead of `ENOSYS`) when a program tries to invoke the syscall. Because of
-    // that we need to check for *both* `ENOSYS` and `EPERM`.
-    //
-    // Note that Docker's behavior is breaking other projects (notably glibc), so they're planning
-    // to update their filtering to return `ENOSYS` in a future release:
-    //
-    //     https://github.com/moby/moby/issues/42680
-    //
     err.raw_os_error() != Some(libc::ENOSYS) && err.raw_os_error() != Some(libc::EPERM)
 }
 
