[v3] support: Don't fail on fchown when spawning sgid processes

  In some cases (e.g. when podman creates user containers), the only other
group assigned to the executing user is nobody and fchown fails with it
because the group is not mapped.  Do not fail the test in this case,
instead exit as unsupported.

Reported-by: Frédéric Bérat <fberat@redhat.com>
Tested-by: Frédéric Bérat <fberat@redhat.com>
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
---
 support/support_capture_subprocess.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)
  

On 5/31/23 12:07, Siddhesh Poyarekar wrote:
> In some cases (e.g. when podman creates user containers), the only other
> group assigned to the executing user is nobody and fchown fails with it
> because the group is not mapped.  Do not fail the test in this case,
> instead exit as unsupported.
> 
> Reported-by: Frédéric Bérat <fberat@redhat.com>
> Tested-by: Frédéric Bérat <fberat@redhat.com>
> Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

LGTM.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

> ---
>  support/support_capture_subprocess.c | 15 +++++++++++++--
>  1 file changed, 13 insertions(+), 2 deletions(-)
> 
> diff --git a/support/support_capture_subprocess.c b/support/support_capture_subprocess.c
> index bae7d5fb20..2a8d37b284 100644
> --- a/support/support_capture_subprocess.c
> +++ b/support/support_capture_subprocess.c
> @@ -153,9 +153,18 @@ copy_and_spawn_sgid (char *child_id, gid_t gid)
>  	  p += wrcount;
>  	}
>      }
> -  TEST_VERIFY (fchown (outfd, getuid (), gid) == 0);
> +
> +  bool chowned = false;
> +  TEST_VERIFY ((chowned = fchown (outfd, getuid (), gid) == 0)
> +	       || errno == EPERM);
>    if (support_record_failure_is_failed ())
>      goto err;
> +  else if (!chowned)
> +    {
> +      ret = 77;
> +      goto err;
> +    }
> +
>    TEST_VERIFY (fchmod (outfd, 02750) == 0);
>    if (support_record_failure_is_failed ())
>      goto err;
> @@ -192,8 +201,10 @@ err:
>        free (dirname);
>      }
>  
> +  if (ret == 77)
> +    FAIL_UNSUPPORTED ("Failed to make sgid executable for test\n");
>    if (ret != 0)
> -    FAIL_EXIT1("Failed to make sgid executable for test\n");
> +    FAIL_EXIT1 ("Failed to make sgid executable for test\n");
>  
>    return status;
>  }
  

On 6/1/23 07:01, Carlos O'Donell wrote:
> On 5/31/23 12:07, Siddhesh Poyarekar wrote:
>> In some cases (e.g. when podman creates user containers), the only other
>> group assigned to the executing user is nobody and fchown fails with it
>> because the group is not mapped.  Do not fail the test in this case,
>> instead exit as unsupported.
>>
>> Reported-by: Frédéric Bérat <fberat@redhat.com>
>> Tested-by: Frédéric Bérat <fberat@redhat.com>
>> Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
> 
> LGTM.
> 
> Reviewed-by: Carlos O'Donell <carlos@redhat.com>

I have filed an RFE with distrobox upstream. The podman wrapper tools can and should
be able to map all supplementary gid's into the container so that filesystem access
works correctly. In some cases supplementary groups could be critical to user access
of files on disk.

Map all supplementary groups into the distro container.
https://github.com/89luca89/distrobox/issues/777

>> ---
>>  support/support_capture_subprocess.c | 15 +++++++++++++--
>>  1 file changed, 13 insertions(+), 2 deletions(-)
>>
>> diff --git a/support/support_capture_subprocess.c b/support/support_capture_subprocess.c
>> index bae7d5fb20..2a8d37b284 100644
>> --- a/support/support_capture_subprocess.c
>> +++ b/support/support_capture_subprocess.c
>> @@ -153,9 +153,18 @@ copy_and_spawn_sgid (char *child_id, gid_t gid)
>>  	  p += wrcount;
>>  	}
>>      }
>> -  TEST_VERIFY (fchown (outfd, getuid (), gid) == 0);
>> +
>> +  bool chowned = false;
>> +  TEST_VERIFY ((chowned = fchown (outfd, getuid (), gid) == 0)
>> +	       || errno == EPERM);
>>    if (support_record_failure_is_failed ())
>>      goto err;
>> +  else if (!chowned)
>> +    {
>> +      ret = 77;
>> +      goto err;
>> +    }
>> +
>>    TEST_VERIFY (fchmod (outfd, 02750) == 0);
>>    if (support_record_failure_is_failed ())
>>      goto err;
>> @@ -192,8 +201,10 @@ err:
>>        free (dirname);
>>      }
>>  
>> +  if (ret == 77)
>> +    FAIL_UNSUPPORTED ("Failed to make sgid executable for test\n");
>>    if (ret != 0)
>> -    FAIL_EXIT1("Failed to make sgid executable for test\n");
>> +    FAIL_EXIT1 ("Failed to make sgid executable for test\n");
>>  
>>    return status;
>>  }
>
  

On 6/1/23 07:22, Carlos O'Donell wrote:
> On 6/1/23 07:01, Carlos O'Donell wrote:
>> On 5/31/23 12:07, Siddhesh Poyarekar wrote:
>>> In some cases (e.g. when podman creates user containers), the only other
>>> group assigned to the executing user is nobody and fchown fails with it
>>> because the group is not mapped.  Do not fail the test in this case,
>>> instead exit as unsupported.
>>>
>>> Reported-by: Frédéric Bérat <fberat@redhat.com>
>>> Tested-by: Frédéric Bérat <fberat@redhat.com>
>>> Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
>>
>> LGTM.
>>
>> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
> 
> I have filed an RFE with distrobox upstream. The podman wrapper tools can and should
> be able to map all supplementary gid's into the container so that filesystem access
> works correctly. In some cases supplementary groups could be critical to user access
> of files on disk.
> 
> Map all supplementary groups into the distro container.
> https://github.com/89luca89/distrobox/issues/777

For reference here, toolbx works because they map 'wheel' as the secondary group in the container
rather than nobody.


>>> ---
>>>  support/support_capture_subprocess.c | 15 +++++++++++++--
>>>  1 file changed, 13 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/support/support_capture_subprocess.c b/support/support_capture_subprocess.c
>>> index bae7d5fb20..2a8d37b284 100644
>>> --- a/support/support_capture_subprocess.c
>>> +++ b/support/support_capture_subprocess.c
>>> @@ -153,9 +153,18 @@ copy_and_spawn_sgid (char *child_id, gid_t gid)
>>>  	  p += wrcount;
>>>  	}
>>>      }
>>> -  TEST_VERIFY (fchown (outfd, getuid (), gid) == 0);
>>> +
>>> +  bool chowned = false;
>>> +  TEST_VERIFY ((chowned = fchown (outfd, getuid (), gid) == 0)
>>> +	       || errno == EPERM);
>>>    if (support_record_failure_is_failed ())
>>>      goto err;
>>> +  else if (!chowned)
>>> +    {
>>> +      ret = 77;
>>> +      goto err;
>>> +    }
>>> +
>>>    TEST_VERIFY (fchmod (outfd, 02750) == 0);
>>>    if (support_record_failure_is_failed ())
>>>      goto err;
>>> @@ -192,8 +201,10 @@ err:
>>>        free (dirname);
>>>      }
>>>  
>>> +  if (ret == 77)
>>> +    FAIL_UNSUPPORTED ("Failed to make sgid executable for test\n");
>>>    if (ret != 0)
>>> -    FAIL_EXIT1("Failed to make sgid executable for test\n");
>>> +    FAIL_EXIT1 ("Failed to make sgid executable for test\n");
>>>  
>>>    return status;
>>>  }
>>
>
  

On 2023-06-01 07:33, Carlos O'Donell wrote:
>> I have filed an RFE with distrobox upstream. The podman wrapper tools can and should
>> be able to map all supplementary gid's into the container so that filesystem access
>> works correctly. In some cases supplementary groups could be critical to user access
>> of files on disk.
>>
>> Map all supplementary groups into the distro container.
>> https://github.com/89luca89/distrobox/issues/777
> 
> For reference here, toolbx works because they map 'wheel' as the secondary group in the container
> rather than nobody.
> 

This is interesting because wheel would allow the container user to do 
things like package installation.  I reckon podman (under the distrobox 
layer) adds the user to the sudo group to allow it to do various tasks 
using sudo...

Sid