From patchwork Fri Nov 17 21:28:44 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Weimer X-Patchwork-Id: 24337 Received: (qmail 6170 invoked by alias); 17 Nov 2017 21:28:56 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 5859 invoked by uid 89); 17 Nov 2017 21:28:55 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-26.7 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_SHORT, KB_WAM_FROM_NAME_SINGLEWORD, RP_MATCHES_RCVD, SPF_HELO_PASS autolearn=ham version=3.3.2 spammy= X-HELO: mx1.redhat.com To: Luke Shumaker Cc: Christian Brauner , GNU C Library From: Florian Weimer Subject: tst-ttyname failure Message-ID: Date: Fri, 17 Nov 2017 22:28:44 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 I need the two attached patches in order to get tst-ttyname to succeed when running on Fedora as a non-root user. info: entering chroot 1 info: testcase: basic smoketest info: ttyname: PASS {name="/dev/pts/5", errno=0} info: ttyname_r: PASS {name="/dev/pts/5", ret=0, errno=0} error: ../sysdeps/unix/sysv/linux/tst-ttyname.c:122: write (setroups, "deny"): Operation not permitted info: entering chroot 2 error: ../sysdeps/unix/sysv/linux/tst-ttyname.c:122: write (setroups, "deny"): Operation not permitted error: 2 test failures I get the same failure when running the test on kernel-3.10.0-768.el7.x86_64 (there I tested as root). This is on top of master with commit ce003e5d4cd94c5380699b0dadeaaf825813afbe (support_become_root: Enable file creation in user namespaces). The test failure was present before I pushed that change. Would you please double-check that they do not break the test on whatever distributions you tested on and do not interfere with the test objective? Thanks, Florian Subject: [PATCH] tst-ttyname: Fix namespace setup for Fedora To: libc-alpha@sourceware.org On Fedora, the previous initialization sequence did not work and resulted in failures like: info: entering chroot 1 info: testcase: basic smoketest info: ttyname: PASS {name="/dev/pts/5", errno=0} info: ttyname_r: PASS {name="/dev/pts/5", ret=0, errno=0} error: ../sysdeps/unix/sysv/linux/tst-ttyname.c:122: write (setroups, "deny"): Operation not permitted info: entering chroot 2 error: ../sysdeps/unix/sysv/linux/tst-ttyname.c:122: write (setroups, "deny"): Operation not permitted error: 2 test failures 2017-11-17 Florian Weimer * sysdeps/unix/sysv/linux/tst-ttyname.c (become_root_in_mount_ns): Remove. (do_in_chroot_1): Call support_enter_mount_namespace. (do_in_chroot_2): Likewise. (do_test): Call support_become_root early. diff --git a/sysdeps/unix/sysv/linux/tst-ttyname.c b/sysdeps/unix/sysv/linux/tst-ttyname.c index 32d7a65938..0fdf1a8ccb 100644 --- a/sysdeps/unix/sysv/linux/tst-ttyname.c +++ b/sysdeps/unix/sysv/linux/tst-ttyname.c @@ -78,65 +78,6 @@ proc_fd_readlink (const char *linkname) return target; } -static void -become_root_in_mount_ns (void) -{ - uid_t orig_uid = getuid (); - gid_t orig_gid = getgid (); - - support_become_root (); - - if (unshare (CLONE_NEWNS) < 0) - FAIL_UNSUPPORTED ("could not enter new mount namespace"); - - /* support_become_root might have put us in a new user namespace; - most filesystems (including tmpfs) don't allow file or directory - creation from a user namespace unless uid and gid maps are set, - even if we have root privileges in the namespace (failing with - EOVERFLOW, since the uid overflows the empty (0-length) uid map). - - Also, stat always reports that uid and gid maps are empty, so we - have to try actually reading from them to check if they are - empty. */ - int fd; - - if ((fd = open ("/proc/self/uid_map", O_RDWR, 0)) >= 0) - { - char buf; - if (read (fd, &buf, 1) == 0) - { - char *str = xasprintf ("0 %ld 1\n", (long)orig_uid); - if (write (fd, str, strlen (str)) < 0) - FAIL_EXIT1 ("write (uid_map, \"%s\"): %m", str); - free (str); - } - xclose (fd); - } - - /* Setting the gid map has the additional complexity that we have to - first turn off setgroups. */ - if ((fd = open ("/proc/self/setgroups", O_WRONLY, 0)) >= 0) - { - const char *str = "deny"; - if (write (fd, str, strlen (str)) < 0) - FAIL_EXIT1 ("write (setroups, \"%s\"): %m", str); - xclose (fd); - } - - if ((fd = open ("/proc/self/gid_map", O_RDWR, 0)) >= 0) - { - char buf; - if (read (fd, &buf, 1) == 0) - { - char *str = xasprintf ("0 %ld 1\n", (long)orig_gid); - if (write (fd, str, strlen (str)) < 0) - FAIL_EXIT1 ("write (gid_map, \"%s\"): %m", str); - free (str); - } - xclose (fd); - } -} - /* plain ttyname runner */ struct result @@ -328,7 +269,8 @@ do_in_chroot_1 (int (*cb)(const char *, int)) { xclose (master); - become_root_in_mount_ns (); + if (!support_enter_mount_namespace ()) + FAIL_UNSUPPORTED ("could not enter new mount namespace"); VERIFY (mount ("tmpfs", chrootdir, "tmpfs", 0, "mode=755") == 0); VERIFY (chdir (chrootdir) == 0); @@ -395,7 +337,8 @@ do_in_chroot_2 (int (*cb)(const char *, int)) xclose (pid_pipe[0]); xclose (exit_pipe[1]); - become_root_in_mount_ns (); + if (!support_enter_mount_namespace ()) + FAIL_UNSUPPORTED ("could not enter new mount namespace"); int slave = xopen (slavename, O_RDWR, 0); if (!doit (slave, "basic smoketest", @@ -611,6 +554,8 @@ run_chroot_tests (const char *slavename, int slave) static int do_test (void) { + support_become_root (); + int ret1 = do_in_chroot_1 (run_chroot_tests); if (ret1 == EXIT_UNSUPPORTED) return ret1;