From patchwork Fri Jul 1 11:25:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Wielaard X-Patchwork-Id: 55628 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id C126338438DE for ; Fri, 1 Jul 2022 11:25:33 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184]) by sourceware.org (Postfix) with ESMTPS id C17B5384A895 for ; Fri, 1 Jul 2022 11:25:20 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org C17B5384A895 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org Received: from tarox.wildebeest.org (83-87-18-245.cable.dynamic.v4.ziggo.nl [83.87.18.245]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id D7D3E302AB2C; Fri, 1 Jul 2022 13:25:18 +0200 (CEST) Received: by tarox.wildebeest.org (Postfix, from userid 1000) id 64AA74000C41; Fri, 1 Jul 2022 13:25:18 +0200 (CEST) From: Mark Wielaard To: libc-alpha@sourceware.org Subject: [PATCHv3] tst-pidfd.c: UNSUPPORTED if we get EPERM on pidfd_open or pidfd_getfd Date: Fri, 1 Jul 2022 13:25:03 +0200 Message-Id: <20220701112502.13458-1-mark@klomp.org> X-Mailer: git-send-email 2.18.4 X-Spam-Status: No, score=-11.7 required=5.0 tests=BAYES_00, GIT_PATCH_0, JMQ_SPF_NEUTRAL, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Wielaard Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" pidfd_open or pidfd_getfd can fail with errno EPERM for various reasons in a restricted environment. Use FAIL_UNSUPPORTED in that case. --- v3: Also test for EPERM on pidfd_open, don't mention PTRACE_MODE_ATTACH_REALCREDS since it is just one reason for getting EPERM. v2: separate ENOSYS and EPERM checks and FAIL_UNSUPPORTED messages https://code.wildebeest.org/git/user/mjw/glibc/commit/?h=container-perms&id=3e1211cb6e3f0dba98201c12610a6cb2cb106d2d sysdeps/unix/sysv/linux/tst-pidfd.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/sysdeps/unix/sysv/linux/tst-pidfd.c b/sysdeps/unix/sysv/linux/tst-pidfd.c index d93b6faa6f..2655d94636 100644 --- a/sysdeps/unix/sysv/linux/tst-pidfd.c +++ b/sysdeps/unix/sysv/linux/tst-pidfd.c @@ -92,11 +92,15 @@ do_test (void) { /* The pidfd_getfd syscall was the last in the set of pidfd related syscalls added to the kernel. Use pidfd_getfd to decide if this - kernel has pidfd support that we can test. */ + kernel has pidfd support that we can test. And that we have + permission to use pidfd_getfd. */ int r = pidfd_getfd (0, 0, 1); TEST_VERIFY_EXIT (r == -1); if (errno == ENOSYS) FAIL_UNSUPPORTED ("kernel does not support pidfd_getfd, skipping test"); + if (errno == EPERM) + FAIL_UNSUPPORTED ("don't have permission to use pidfd_getfd, " + "skipping test"); } ppid = getpid (); @@ -113,9 +117,15 @@ do_test (void) xclose (sockets[1]); TEST_COMPARE (pidfd_open (-1, 0), -1); + if (errno == EPERM) + FAIL_UNSUPPORTED ("don't have permission to use pidfd_getfd, " + "skipping test"); TEST_COMPARE (errno, EINVAL); int pidfd = pidfd_open (pid, 0); + if (pidfd == -1 && errno == EPERM) + FAIL_UNSUPPORTED ("don't have permission to use pidfd_getfd, " + "skipping test"); TEST_VERIFY (pidfd != -1); /* Wait for first sigtimedwait. */