public inbox for libc-alpha@sourceware.org
 help / color / mirror / Atom feed
* [PATCHv5] tst-pidfd.c: UNSUPPORTED if we get EPERM on valid pidfd_getfd call
@ 2022-07-19 13:14 Mark Wielaard
  2022-07-29 15:53 ` Carlos O'Donell
  0 siblings, 1 reply; 2+ messages in thread
From: Mark Wielaard @ 2022-07-19 13:14 UTC (permalink / raw)
  To: Carlos O'Donell; +Cc: libc-alpha, Mark Wielaard, Adhemerval Zanella

pidfd_getfd can fail for a valid pidfd with errno EPERM for various
reasons in a restricted environment. Use FAIL_UNSUPPORTED in that case.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
---

v5: Add comment why the EPERM check is needed and which credential
    checks are performed
v4: Drop all EPERM checks except on the actual (valid) pidfd_getfd
v3: Also test for EPERM on pidfd_open, don't mention
    PTRACE_MODE_ATTACH_REALCREDS since it is just one reason for
    getting EPERM.
v2: separate ENOSYS and EPERM checks and FAIL_UNSUPPORTED messages

https://code.wildebeest.org/git/user/mjw/glibc/commit/?h=container-perms&id=435a8361ef3e2ce64bb7a48760adea577797967e

 sysdeps/unix/sysv/linux/tst-pidfd.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/sysdeps/unix/sysv/linux/tst-pidfd.c b/sysdeps/unix/sysv/linux/tst-pidfd.c
index d93b6faa6f..037af22290 100644
--- a/sysdeps/unix/sysv/linux/tst-pidfd.c
+++ b/sysdeps/unix/sysv/linux/tst-pidfd.c
@@ -142,6 +142,13 @@ do_test (void)
     xrecvfrom (sockets[0], &remote_fd, sizeof (remote_fd), 0, NULL, 0);
 
     int fd = pidfd_getfd (pidfd, remote_fd, 0);
+    /* pidfd_getfd may fail with EPERM if the process does not have
+       PTRACE_MODE_ATTACH_REALCREDS permissions. This means the call
+       may be denied if the process doesn't have CAP_SYS_PTRACE or
+       if a LSM security_ptrace_access_check denies access.  */
+    if (fd == -1 && errno == EPERM)
+      FAIL_UNSUPPORTED ("don't have permission to use pidfd_getfd on pidfd, "
+			"skipping test");
     TEST_VERIFY (fd > 0);
 
     char *path = xasprintf ("/proc/%d/fd/%d", pid, remote_fd);
-- 
2.30.2


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCHv5] tst-pidfd.c: UNSUPPORTED if we get EPERM on valid pidfd_getfd call
  2022-07-19 13:14 [PATCHv5] tst-pidfd.c: UNSUPPORTED if we get EPERM on valid pidfd_getfd call Mark Wielaard
@ 2022-07-29 15:53 ` Carlos O'Donell
  0 siblings, 0 replies; 2+ messages in thread
From: Carlos O'Donell @ 2022-07-29 15:53 UTC (permalink / raw)
  To: Mark Wielaard; +Cc: libc-alpha, Adhemerval Zanella

On 7/19/22 09:14, Mark Wielaard wrote:
> pidfd_getfd can fail for a valid pidfd with errno EPERM for various
> reasons in a restricted environment. Use FAIL_UNSUPPORTED in that case.
> 
> Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>

OK for 2.36. OK from the RM (me).

This is very limited in scope and solves the problem with downstream buildbot testing
for the 2.36 release.

Thanks for working through this issue!

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

> ---
> 
> v5: Add comment why the EPERM check is needed and which credential
>     checks are performed
> v4: Drop all EPERM checks except on the actual (valid) pidfd_getfd
> v3: Also test for EPERM on pidfd_open, don't mention
>     PTRACE_MODE_ATTACH_REALCREDS since it is just one reason for
>     getting EPERM.
> v2: separate ENOSYS and EPERM checks and FAIL_UNSUPPORTED messages
> 
> https://code.wildebeest.org/git/user/mjw/glibc/commit/?h=container-perms&id=435a8361ef3e2ce64bb7a48760adea577797967e
> 
>  sysdeps/unix/sysv/linux/tst-pidfd.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/sysdeps/unix/sysv/linux/tst-pidfd.c b/sysdeps/unix/sysv/linux/tst-pidfd.c
> index d93b6faa6f..037af22290 100644
> --- a/sysdeps/unix/sysv/linux/tst-pidfd.c
> +++ b/sysdeps/unix/sysv/linux/tst-pidfd.c
> @@ -142,6 +142,13 @@ do_test (void)
>      xrecvfrom (sockets[0], &remote_fd, sizeof (remote_fd), 0, NULL, 0);
>  
>      int fd = pidfd_getfd (pidfd, remote_fd, 0);
> +    /* pidfd_getfd may fail with EPERM if the process does not have
> +       PTRACE_MODE_ATTACH_REALCREDS permissions. This means the call
> +       may be denied if the process doesn't have CAP_SYS_PTRACE or
> +       if a LSM security_ptrace_access_check denies access.  */
> +    if (fd == -1 && errno == EPERM)
> +      FAIL_UNSUPPORTED ("don't have permission to use pidfd_getfd on pidfd, "
> +			"skipping test");
>      TEST_VERIFY (fd > 0);
>  
>      char *path = xasprintf ("/proc/%d/fd/%d", pid, remote_fd);


-- 
Cheers,
Carlos.


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2022-07-29 15:53 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-19 13:14 [PATCHv5] tst-pidfd.c: UNSUPPORTED if we get EPERM on valid pidfd_getfd call Mark Wielaard
2022-07-29 15:53 ` Carlos O'Donell

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).