From patchwork Mon Jun 12 18:30:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 70935 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 0A1A53856DD6 for ; Mon, 12 Jun 2023 18:30:52 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0A1A53856DD6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1686594652; bh=1CN/wAfbp3BjYs7v+7yoAjsBb4lW6G7O63CWepUsjvM=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=l6KCDAEFRLL7it1ukVOdQOJpu09b8nIt+oDxL5F6oIclCLce+pZqSrcjAcg6FvSxM R5N9P43uMXvZ1es0HBJ5P/+tGoW8Dul2CpBE5PCcE5ofUdRDuF7JlwkpbaUfnM2mc1 dom44WrblBm/4Igp1pYHmI5/h6NDUO8kfykgdS2o= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com [IPv6:2607:f8b0:4864:20::32c]) by sourceware.org (Postfix) with ESMTPS id 3AAC73858C62 for ; Mon, 12 Jun 2023 18:30:24 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 3AAC73858C62 Received: by mail-ot1-x32c.google.com with SMTP id 46e09a7af769-6b1fa5a03daso2219472a34.1 for ; Mon, 12 Jun 2023 11:30:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686594623; x=1689186623; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1CN/wAfbp3BjYs7v+7yoAjsBb4lW6G7O63CWepUsjvM=; b=ZhwgGSJZkdcmzxAcQ5QByZ7YaT6ksWS4sW0egcRaPg/6wFRbf2cpUDC3+Nxe49MIgV RGk9lsEd+sjyOYejwQu3f8TgRBKkAKi4c2DORyYPnyv/g3uOBvCcMAiwPEAC1sfuZ8gh s9U+ptKLg9B+hH2T0zGGabKreVzrfIG1hB2ANDM/CXb/JEls0hZzfPjO3ts/JU3Y2sj1 LEzTT/DJNYa0etos9nTfIqF82lUQPtJQPOe2hKnQegXJxIhGXrfdkVYvPTmeD3CHsi7w GYHltEnVd3g9SULF+ZSzSnMjYlcjrKAURgR5ToKGhUysN7Zczm8RrEZeN4LqP3vqP3Kk Yp4w== X-Gm-Message-State: AC+VfDwipRcvtunleuxu4ajylr7n9inyT5MsonBQPR9w3aJo/THjqNII 6+Klw9tZiO75rMVAK71UN9YheRDH/QGTs23MXyjktA== X-Google-Smtp-Source: ACHHUZ4qozK7GJDIblpfa88hiQwdveE/hgFJqtY0dDOmzY87xbe74DJCDjz63zd1iXZsUINluVTpbg== X-Received: by 2002:a9d:6f0b:0:b0:6b2:c646:b535 with SMTP id n11-20020a9d6f0b000000b006b2c646b535mr7077561otq.1.1686594622762; Mon, 12 Jun 2023 11:30:22 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c2:8501:af26:cdf:f789:4317]) by smtp.gmail.com with ESMTPSA id r5-20020acaf305000000b003896e31867esm4472095oih.49.2023.06.12.11.30.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Jun 2023 11:30:21 -0700 (PDT) To: libc-alpha@sourceware.org Subject: [PATCH 2/2] linux: Return unsupported if procfs can not be mount on tst-ttyname-namespace Date: Mon, 12 Jun 2023 15:30:14 -0300 Message-Id: <20230612183014.882895-3-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230612183014.882895-1-adhemerval.zanella@linaro.org> References: <20230612183014.882895-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Adhemerval Zanella via Libc-alpha From: Adhemerval Zanella Netto Reply-To: Adhemerval Zanella Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" Trying to mount procfs can fail due multiples reasons: proc is locked due the container configuration, mount syscall is filtered by a Linux Secuirty Module, or any other security or hardening mechanism that Linux might eventually add. The tests does require a new procfs without binding to parent, and to fully fix it would require to change how the container was created (which is out of the scope of the test itself). Instead of trying to foresee any possible scenario, if procfs can not be mount fail with unsupported. Checked on aarch64-linux-gnu. Reviewed-by: Siddhesh Poyarekar --- .../unix/sysv/linux/tst-ttyname-namespace.c | 28 +++++++++++-------- 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/sysdeps/unix/sysv/linux/tst-ttyname-namespace.c b/sysdeps/unix/sysv/linux/tst-ttyname-namespace.c index 1f38442747..cd5e79d39b 100644 --- a/sysdeps/unix/sysv/linux/tst-ttyname-namespace.c +++ b/sysdeps/unix/sysv/linux/tst-ttyname-namespace.c @@ -94,8 +94,17 @@ do_in_chroot_2 (int (*cb)(const char *, int)) VERIFY (read (exit_pipe[0], &c, 1) == 0); xclose (exit_pipe[0]); - VERIFY (mount ("proc", "/proc", "proc", - MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL) == 0); + if (mount ("proc", "/proc", "proc", + MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL) != 0) + { + /* This happens if we're trying to create a nested container, + like if the build is running under podman, and we lack + priviledges. */ + if (errno == EPERM) + _exit (EXIT_UNSUPPORTED); + else + _exit (EXIT_FAILURE); + } char *linkname = xasprintf ("/proc/self/fd/%d", slave); char *target = proc_fd_readlink (linkname); @@ -104,8 +113,9 @@ do_in_chroot_2 (int (*cb)(const char *, int)) _exit (cb (slavename, slave)); } - xwrite (pid_pipe[1], &pid, sizeof pid); - _exit (0); + int status; + xwaitpid (pid, &status, 0); + _exit (WEXITSTATUS (status)); } xclose (pid_pipe[1]); xclose (exit_pipe[0]); @@ -117,17 +127,11 @@ do_in_chroot_2 (int (*cb)(const char *, int)) VERIFY (WIFEXITED (status)); int ret = WEXITSTATUS (status); if (ret != 0) - return ret; + FAIL_UNSUPPORTED ("unable to mount /proc on inner child process"); - /* set 'pid' to the inner child */ - VERIFY (read (pid_pipe[0], &pid, sizeof pid) == sizeof pid); xclose (pid_pipe[0]); - /* wait for the inner child */ - xwaitpid (pid, &status, 0); - VERIFY (WIFEXITED (status)); - xclose (master); - return WEXITSTATUS (status); + return 0; } static int