From: Carlos O'Donell <carlos@redhat.com>
To: Mark Wielaard <mark@klomp.org>
Cc: libc-alpha@sourceware.org,
Adhemerval Zanella <adhemerval.zanella@linaro.org>
Subject: Re: [PATCHv5] tst-pidfd.c: UNSUPPORTED if we get EPERM on valid pidfd_getfd call
Date: Fri, 29 Jul 2022 11:53:07 -0400 [thread overview]
Message-ID: <18e52816-a390-6964-5c2b-efd3aa16c537@redhat.com> (raw)
In-Reply-To: <20220719131419.21312-1-mark@klomp.org>
On 7/19/22 09:14, Mark Wielaard wrote:
> pidfd_getfd can fail for a valid pidfd with errno EPERM for various
> reasons in a restricted environment. Use FAIL_UNSUPPORTED in that case.
>
> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
OK for 2.36. OK from the RM (me).
This is very limited in scope and solves the problem with downstream buildbot testing
for the 2.36 release.
Thanks for working through this issue!
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
> ---
>
> v5: Add comment why the EPERM check is needed and which credential
> checks are performed
> v4: Drop all EPERM checks except on the actual (valid) pidfd_getfd
> v3: Also test for EPERM on pidfd_open, don't mention
> PTRACE_MODE_ATTACH_REALCREDS since it is just one reason for
> getting EPERM.
> v2: separate ENOSYS and EPERM checks and FAIL_UNSUPPORTED messages
>
> https://code.wildebeest.org/git/user/mjw/glibc/commit/?h=container-perms&id=435a8361ef3e2ce64bb7a48760adea577797967e
>
> sysdeps/unix/sysv/linux/tst-pidfd.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/sysdeps/unix/sysv/linux/tst-pidfd.c b/sysdeps/unix/sysv/linux/tst-pidfd.c
> index d93b6faa6f..037af22290 100644
> --- a/sysdeps/unix/sysv/linux/tst-pidfd.c
> +++ b/sysdeps/unix/sysv/linux/tst-pidfd.c
> @@ -142,6 +142,13 @@ do_test (void)
> xrecvfrom (sockets[0], &remote_fd, sizeof (remote_fd), 0, NULL, 0);
>
> int fd = pidfd_getfd (pidfd, remote_fd, 0);
> + /* pidfd_getfd may fail with EPERM if the process does not have
> + PTRACE_MODE_ATTACH_REALCREDS permissions. This means the call
> + may be denied if the process doesn't have CAP_SYS_PTRACE or
> + if a LSM security_ptrace_access_check denies access. */
> + if (fd == -1 && errno == EPERM)
> + FAIL_UNSUPPORTED ("don't have permission to use pidfd_getfd on pidfd, "
> + "skipping test");
> TEST_VERIFY (fd > 0);
>
> char *path = xasprintf ("/proc/%d/fd/%d", pid, remote_fd);
--
Cheers,
Carlos.
prev parent reply other threads:[~2022-07-29 15:53 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-19 13:14 Mark Wielaard
2022-07-29 15:53 ` Carlos O'Donell [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=18e52816-a390-6964-5c2b-efd3aa16c537@redhat.com \
--to=carlos@redhat.com \
--cc=adhemerval.zanella@linaro.org \
--cc=libc-alpha@sourceware.org \
--cc=mark@klomp.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).