From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: Mark Wielaard <mark@klomp.org>
Cc: Christian Brauner <brauner@kernel.org>,
Florian Weimer <fweimer@redhat.com>,
libc-alpha@sourceware.org
Subject: Re: [PATCH 3/4] tst-pidfd.c: Test is UNSUPPORTED without PTRACE_MODE_ATTACH_REALCREDS
Date: Mon, 27 Jun 2022 14:03:04 -0300 [thread overview]
Message-ID: <1C759F39-9598-44C7-9ED7-EC399A076180@linaro.org> (raw)
In-Reply-To: <927d12654e85b5352688fb9bfefda08171b73183.camel@klomp.org>
> On 27 Jun 2022, at 13:48, Mark Wielaard <mark@klomp.org> wrote:
>
> Hi Adhemerval,
>
> On Mon, 2022-06-27 at 12:14 -0300, Adhemerval Zanella wrote:
>>> You should see EINVAL, I think.
>>
>> Yeah, I forgot about the invalid flag argument. So it does seems a
>> seccomp issue and I am not sure sure if we should paper over it on
>> glibc test.
>
> I don't think it is papering over the issue. We do detect the EPERM and
> record it as an environment that is UNSUPPORTED. Which is imho a better
> state than still trying to test and then FAILing the testcase.
At first I though it was the default kernel syscall code path (without
any security hardening or filtering) returning EPERM, but for this
specific case it seems that an additional module that is return EPERM.
In this specific environment, how can one test that the syscall is not
implemented (ENOSYS) if passing invalid parameters always result in
EPERM? The different semantic whether filtering is present or not is
troublesome and at least on libc.so we do not try fallback.
although it has caused a lot of issue on older containers (for instance
when glibc started to use clone3), I still think the correct interface
here is indeed returning ENOSYS and a value different than this is
a potential failure.
What I would expect is to actually handle EPERM on the pidfd_open
at line 118, where it is valid call that might be filtered out.
>
> Note that in the buildbot the test results and out files are put into
> the bunsendb so that you can easily see why a particular test was
> UNSUPPORTED (or why it FAILED).
>
> We might not like that there are execution environments where some
> syscalls return EPERM, but (sadly) they exist and handling and
> recording that in the test (instead of simply failing) seems the best
> way to handle that.
>
> It also makes sure we have a zero-FAIL testsuite, which is really
> useful.
>
> Cheers,
>
> Mark
next prev parent reply other threads:[~2022-06-27 17:03 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-26 20:59 Handle running make check in a restricted environment Mark Wielaard
2022-06-26 20:59 ` [PATCH 1/4] time/tst-clock2.c: clock_settime CLOCK_MONOTONIC might return EPERM Mark Wielaard
2022-06-26 21:15 ` Florian Weimer
2022-06-27 9:35 ` Mark Wielaard
2022-06-26 20:59 ` [PATCH 2/4] tst-pkey.c: Handle no permission to alloc memory protection keys Mark Wielaard
2022-06-26 21:17 ` Florian Weimer
2022-06-26 21:40 ` Florian Weimer
2022-06-27 9:50 ` Mark Wielaard
2022-06-27 11:39 ` Florian Weimer
2022-06-27 14:08 ` Mark Wielaard
2022-06-26 20:59 ` [PATCH 3/4] tst-pidfd.c: Test is UNSUPPORTED without PTRACE_MODE_ATTACH_REALCREDS Mark Wielaard
2022-06-26 21:20 ` Florian Weimer
2022-06-27 10:01 ` Mark Wielaard
2022-06-27 11:14 ` Florian Weimer
2022-06-27 11:51 ` Christian Brauner
2022-06-27 14:17 ` Mark Wielaard
2022-06-27 14:21 ` Adhemerval Zanella
2022-06-27 14:25 ` Christian Brauner
2022-06-27 14:42 ` Florian Weimer
2022-06-27 14:57 ` Adhemerval Zanella
2022-06-27 15:08 ` Christian Brauner
2022-06-27 15:14 ` Adhemerval Zanella
2022-06-27 16:48 ` Mark Wielaard
2022-06-27 17:03 ` Adhemerval Zanella [this message]
2022-07-01 10:38 ` Mark Wielaard
2022-06-27 15:03 ` Christian Brauner
2022-06-27 14:23 ` Adhemerval Zanella
2022-06-27 16:36 ` Mark Wielaard
2022-06-26 20:59 ` [PATCH 4/4] tst-personality.c: Handle personality failing with errno EPERM Mark Wielaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1C759F39-9598-44C7-9ED7-EC399A076180@linaro.org \
--to=adhemerval.zanella@linaro.org \
--cc=brauner@kernel.org \
--cc=fweimer@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=mark@klomp.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).