From patchwork Tue Jul 19 13:14:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Wielaard X-Patchwork-Id: 56160 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 3E0F63858017 for ; Tue, 19 Jul 2022 13:15:13 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184]) by sourceware.org (Postfix) with ESMTPS id 48E313858439 for ; Tue, 19 Jul 2022 13:14:56 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 48E313858439 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org Received: from reform (213-10-231-91.fixed.kpn.net [213.10.231.91]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id 15FA4300047C; Tue, 19 Jul 2022 15:14:54 +0200 (CEST) Received: by reform (Postfix, from userid 1000) id 63D982E819FF; Tue, 19 Jul 2022 15:14:54 +0200 (CEST) From: Mark Wielaard To: Carlos O'Donell Subject: [PATCHv5] tst-pidfd.c: UNSUPPORTED if we get EPERM on valid pidfd_getfd call Date: Tue, 19 Jul 2022 15:14:19 +0200 Message-Id: <20220719131419.21312-1-mark@klomp.org> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-Spam-Status: No, score=-11.2 required=5.0 tests=BAYES_00, GIT_PATCH_0, JMQ_SPF_NEUTRAL, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Wielaard , libc-alpha@sourceware.org Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" pidfd_getfd can fail for a valid pidfd with errno EPERM for various reasons in a restricted environment. Use FAIL_UNSUPPORTED in that case. Reviewed-by: Adhemerval Zanella Reviewed-by: Carlos O'Donell --- v5: Add comment why the EPERM check is needed and which credential checks are performed v4: Drop all EPERM checks except on the actual (valid) pidfd_getfd v3: Also test for EPERM on pidfd_open, don't mention PTRACE_MODE_ATTACH_REALCREDS since it is just one reason for getting EPERM. v2: separate ENOSYS and EPERM checks and FAIL_UNSUPPORTED messages https://code.wildebeest.org/git/user/mjw/glibc/commit/?h=container-perms&id=435a8361ef3e2ce64bb7a48760adea577797967e sysdeps/unix/sysv/linux/tst-pidfd.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sysdeps/unix/sysv/linux/tst-pidfd.c b/sysdeps/unix/sysv/linux/tst-pidfd.c index d93b6faa6f..037af22290 100644 --- a/sysdeps/unix/sysv/linux/tst-pidfd.c +++ b/sysdeps/unix/sysv/linux/tst-pidfd.c @@ -142,6 +142,13 @@ do_test (void) xrecvfrom (sockets[0], &remote_fd, sizeof (remote_fd), 0, NULL, 0); int fd = pidfd_getfd (pidfd, remote_fd, 0); + /* pidfd_getfd may fail with EPERM if the process does not have + PTRACE_MODE_ATTACH_REALCREDS permissions. This means the call + may be denied if the process doesn't have CAP_SYS_PTRACE or + if a LSM security_ptrace_access_check denies access. */ + if (fd == -1 && errno == EPERM) + FAIL_UNSUPPORTED ("don't have permission to use pidfd_getfd on pidfd, " + "skipping test"); TEST_VERIFY (fd > 0); char *path = xasprintf ("/proc/%d/fd/%d", pid, remote_fd);