public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed
* [glibc] linux: Return unsupported if procfs can not be mount on tst-ttyname-namespace
@ 2023-06-28 12:19 Adhemerval Zanella
0 siblings, 0 replies; only message in thread
From: Adhemerval Zanella @ 2023-06-28 12:19 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d35fbd3e684e6bb5e5ec452ad8dac6ada8424bdd
commit d35fbd3e684e6bb5e5ec452ad8dac6ada8424bdd
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Mon Jun 12 15:30:14 2023 -0300
linux: Return unsupported if procfs can not be mount on tst-ttyname-namespace
Trying to mount procfs can fail due multiples reasons: proc is locked
due the container configuration, mount syscall is filtered by a
Linux Secuirty Module, or any other security or hardening mechanism
that Linux might eventually add.
The tests does require a new procfs without binding to parent, and
to fully fix it would require to change how the container was created
(which is out of the scope of the test itself). Instead of trying to
foresee any possible scenario, if procfs can not be mount fail with
unsupported.
Checked on aarch64-linux-gnu.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Diff:
---
sysdeps/unix/sysv/linux/tst-ttyname-namespace.c | 28 ++++++++++++++-----------
1 file changed, 16 insertions(+), 12 deletions(-)
diff --git a/sysdeps/unix/sysv/linux/tst-ttyname-namespace.c b/sysdeps/unix/sysv/linux/tst-ttyname-namespace.c
index 1f38442747..cd5e79d39b 100644
--- a/sysdeps/unix/sysv/linux/tst-ttyname-namespace.c
+++ b/sysdeps/unix/sysv/linux/tst-ttyname-namespace.c
@@ -94,8 +94,17 @@ do_in_chroot_2 (int (*cb)(const char *, int))
VERIFY (read (exit_pipe[0], &c, 1) == 0);
xclose (exit_pipe[0]);
- VERIFY (mount ("proc", "/proc", "proc",
- MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL) == 0);
+ if (mount ("proc", "/proc", "proc",
+ MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL) != 0)
+ {
+ /* This happens if we're trying to create a nested container,
+ like if the build is running under podman, and we lack
+ priviledges. */
+ if (errno == EPERM)
+ _exit (EXIT_UNSUPPORTED);
+ else
+ _exit (EXIT_FAILURE);
+ }
char *linkname = xasprintf ("/proc/self/fd/%d", slave);
char *target = proc_fd_readlink (linkname);
@@ -104,8 +113,9 @@ do_in_chroot_2 (int (*cb)(const char *, int))
_exit (cb (slavename, slave));
}
- xwrite (pid_pipe[1], &pid, sizeof pid);
- _exit (0);
+ int status;
+ xwaitpid (pid, &status, 0);
+ _exit (WEXITSTATUS (status));
}
xclose (pid_pipe[1]);
xclose (exit_pipe[0]);
@@ -117,17 +127,11 @@ do_in_chroot_2 (int (*cb)(const char *, int))
VERIFY (WIFEXITED (status));
int ret = WEXITSTATUS (status);
if (ret != 0)
- return ret;
+ FAIL_UNSUPPORTED ("unable to mount /proc on inner child process");
- /* set 'pid' to the inner child */
- VERIFY (read (pid_pipe[0], &pid, sizeof pid) == sizeof pid);
xclose (pid_pipe[0]);
- /* wait for the inner child */
- xwaitpid (pid, &status, 0);
- VERIFY (WIFEXITED (status));
- xclose (master);
- return WEXITSTATUS (status);
+ return 0;
}
static int
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-06-28 12:19 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-06-28 12:19 [glibc] linux: Return unsupported if procfs can not be mount on tst-ttyname-namespace Adhemerval Zanella
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).