From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184]) by sourceware.org (Postfix) with ESMTPS id 8BFE8386F0DB for ; Mon, 27 Jun 2022 10:01:23 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 8BFE8386F0DB Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org Received: from tarox.wildebeest.org (83-87-18-245.cable.dynamic.v4.ziggo.nl [83.87.18.245]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id 5DA6030005B6; Mon, 27 Jun 2022 12:01:22 +0200 (CEST) Received: by tarox.wildebeest.org (Postfix, from userid 1000) id E2CB64000C41; Mon, 27 Jun 2022 12:01:21 +0200 (CEST) Message-ID: Subject: Re: [PATCH 3/4] tst-pidfd.c: Test is UNSUPPORTED without PTRACE_MODE_ATTACH_REALCREDS From: Mark Wielaard To: Florian Weimer Cc: libc-alpha@sourceware.org Date: Mon, 27 Jun 2022 12:01:21 +0200 In-Reply-To: <87h747nmud.fsf@mid.deneb.enyo.de> References: <20220626205915.33201-1-mark@klomp.org> <20220626205915.33201-4-mark@klomp.org> <87h747nmud.fsf@mid.deneb.enyo.de> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Evolution 3.28.5 (3.28.5-10.el7) Mime-Version: 1.0 X-Spam-Status: No, score=-11.8 required=5.0 tests=BAYES_00, GIT_PATCH_0, JMQ_SPF_NEUTRAL, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jun 2022 10:01:25 -0000 Hi Florian, On Sun, 2022-06-26 at 23:20 +0200, Florian Weimer wrote: > * Mark Wielaard: >=20 > > pidfd_getfd will fail with errno EPERM if the calling process did > > not > > have PTRACE_MODE_ATTACH_REALCREDS permissions. Use FAIL_UNSUPPORTED > > in that case. > > --- > > sysdeps/unix/sysv/linux/tst-pidfd.c | 6 ++++-- > > 1 file changed, 4 insertions(+), 2 deletions(-) > >=20 > > diff --git a/sysdeps/unix/sysv/linux/tst-pidfd.c > > b/sysdeps/unix/sysv/linux/tst-pidfd.c > > index d93b6faa6f..28349b2f91 100644 > > --- a/sysdeps/unix/sysv/linux/tst-pidfd.c > > +++ b/sysdeps/unix/sysv/linux/tst-pidfd.c > > @@ -95,8 +95,10 @@ do_test (void) > > kernel has pidfd support that we can test. */ > > int r =3D pidfd_getfd (0, 0, 1); > > TEST_VERIFY_EXIT (r =3D=3D -1); > > - if (errno =3D=3D ENOSYS) > > - FAIL_UNSUPPORTED ("kernel does not support pidfd_getfd, > > skipping test"); > > + if (errno =3D=3D ENOSYS || errno =3D=3D EPERM) > > + FAIL_UNSUPPORTED ("kernel does not support pidfd_getfd," > > + " or we don't have > > PTRACE_MODE_ATTACH_REALCREDS" > > + " permissions, skipping test"); > > } >=20 > This also hints towards a broken seccomp filter. pidfd_getfd is mentioned (and allowed) by the seccomp filter, but the syscall also needs the process to have PTRACE_MODE_ATTACH_REALCREDS (which is really PTRACE_MODE_ATTACH | PTRACE_MODE_REALCREDS). Which it doesn't have. If the process doesn't then pidfd_getfd is defined as failing and setting errno to EPERM. But it is confusing I test for errno =3D=3D ENOSYS || errno =3D=3D EPERM. I= 'll turn that into separate tests and FAIL_UNSUPPORTED messages, so it is clear which is which in v2. Thanks, Mark