[PATCH] linux: return UNSUPPORTED in tst-mount if support_become_root fails

[PATCH] linux: return UNSUPPORTED in tst-mount if support_become_root fails

[Michael Hudson-Doyle]

Otherwise the test fails if run in a chroot by a non-root user:

warning: could not become root outside namespace (Operation not permitted)
../sysdeps/unix/sysv/linux/tst-mount.c:36: numeric comparison failure
   left: 1 (0x1); from: errno
  right: 19 (0x13); from: ENODEV
error: ../sysdeps/unix/sysv/linux/tst-mount.c:39: not true: fd != -1
error: ../sysdeps/unix/sysv/linux/tst-mount.c:46: not true: r != -1
error: ../sysdeps/unix/sysv/linux/tst-mount.c:48: not true: r != -1
../sysdeps/unix/sysv/linux/tst-mount.c:52: numeric comparison failure
   left: 1 (0x1); from: errno
  right: 9 (0x9); from: EBADF
error: ../sysdeps/unix/sysv/linux/tst-mount.c:55: not true: mfd != -1
../sysdeps/unix/sysv/linux/tst-mount.c:58: numeric comparison failure
   left: 1 (0x1); from: errno
  right: 2 (0x2); from: ENOENT
error: ../sysdeps/unix/sysv/linux/tst-mount.c:61: not true: r != -1
../sysdeps/unix/sysv/linux/tst-mount.c:65: numeric comparison failure
   left: 1 (0x1); from: errno
  right: 2 (0x2); from: ENOENT
error: ../sysdeps/unix/sysv/linux/tst-mount.c:68: not true: pfd != -1
error: ../sysdeps/unix/sysv/linux/tst-mount.c:75: not true: fd_tree != -1
../sysdeps/unix/sysv/linux/tst-mount.c:88: numeric comparison failure
   left: 1 (0x1); from: errno
  right: 38 (0x26); from: ENOSYS
error: 12 test failures
---
 sysdeps/unix/sysv/linux/tst-mount.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sysdeps/unix/sysv/linux/tst-mount.c b/sysdeps/unix/sysv/linux/tst-mount.c
index 502d7e3433..bd75c9e704 100644
--- a/sysdeps/unix/sysv/linux/tst-mount.c
+++ b/sysdeps/unix/sysv/linux/tst-mount.c
@@ -103,7 +103,8 @@ subprocess (void)
 static int
 do_test (void)
 {
-  support_become_root ();
+  if (!support_become_root ())
+    FAIL_UNSUPPORTED("could not become root");
 
   pid_t pid = xfork ();
   if (pid == 0)
-- 
2.34.1

Re: [PATCH] linux: return UNSUPPORTED in tst-mount if support_become_root fails

[Adhemerval Zanella Netto]

On 14/07/22 00:23, Michael Hudson-Doyle via Libc-alpha wrote:
> Otherwise the test fails if run in a chroot by a non-root user:
> 
> warning: could not become root outside namespace (Operation not permitted)
> ../sysdeps/unix/sysv/linux/tst-mount.c:36: numeric comparison failure
>    left: 1 (0x1); from: errno
>   right: 19 (0x13); from: ENODEV
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:39: not true: fd != -1
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:46: not true: r != -1
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:48: not true: r != -1
> ../sysdeps/unix/sysv/linux/tst-mount.c:52: numeric comparison failure
>    left: 1 (0x1); from: errno
>   right: 9 (0x9); from: EBADF
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:55: not true: mfd != -1
> ../sysdeps/unix/sysv/linux/tst-mount.c:58: numeric comparison failure
>    left: 1 (0x1); from: errno
>   right: 2 (0x2); from: ENOENT
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:61: not true: r != -1
> ../sysdeps/unix/sysv/linux/tst-mount.c:65: numeric comparison failure
>    left: 1 (0x1); from: errno
>   right: 2 (0x2); from: ENOENT
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:68: not true: pfd != -1
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:75: not true: fd_tree != -1
> ../sysdeps/unix/sysv/linux/tst-mount.c:88: numeric comparison failure
>    left: 1 (0x1); from: errno
>   right: 38 (0x26); from: ENOSYS
> error: 12 test failures
> ---
>  sysdeps/unix/sysv/linux/tst-mount.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/sysdeps/unix/sysv/linux/tst-mount.c b/sysdeps/unix/sysv/linux/tst-mount.c
> index 502d7e3433..bd75c9e704 100644
> --- a/sysdeps/unix/sysv/linux/tst-mount.c
> +++ b/sysdeps/unix/sysv/linux/tst-mount.c
> @@ -103,7 +103,8 @@ subprocess (void)
>  static int
>  do_test (void)
>  {
> -  support_become_root ();
> +  if (!support_become_root ())
> +    FAIL_UNSUPPORTED("could not become root");
>  

I think the usual way is to check if process can chroot:

  support_become_root ();
  if (!support_can_chroot ())
    return EXIT_UNSUPPORTED;

As done by other tests.

>    pid_t pid = xfork ();
>    if (pid == 0)

Re: [PATCH] linux: return UNSUPPORTED in tst-mount if support_become_root fails

[Carlos O'Donell]

On 7/14/22 07:24, Adhemerval Zanella Netto via Libc-alpha wrote:
> 
> 
> On 14/07/22 00:23, Michael Hudson-Doyle via Libc-alpha wrote:
>> Otherwise the test fails if run in a chroot by a non-root user:
>>
>> warning: could not become root outside namespace (Operation not permitted)
>> ../sysdeps/unix/sysv/linux/tst-mount.c:36: numeric comparison failure
>>    left: 1 (0x1); from: errno
>>   right: 19 (0x13); from: ENODEV
>> error: ../sysdeps/unix/sysv/linux/tst-mount.c:39: not true: fd != -1
>> error: ../sysdeps/unix/sysv/linux/tst-mount.c:46: not true: r != -1
>> error: ../sysdeps/unix/sysv/linux/tst-mount.c:48: not true: r != -1
>> ../sysdeps/unix/sysv/linux/tst-mount.c:52: numeric comparison failure
>>    left: 1 (0x1); from: errno
>>   right: 9 (0x9); from: EBADF
>> error: ../sysdeps/unix/sysv/linux/tst-mount.c:55: not true: mfd != -1
>> ../sysdeps/unix/sysv/linux/tst-mount.c:58: numeric comparison failure
>>    left: 1 (0x1); from: errno
>>   right: 2 (0x2); from: ENOENT
>> error: ../sysdeps/unix/sysv/linux/tst-mount.c:61: not true: r != -1
>> ../sysdeps/unix/sysv/linux/tst-mount.c:65: numeric comparison failure
>>    left: 1 (0x1); from: errno
>>   right: 2 (0x2); from: ENOENT
>> error: ../sysdeps/unix/sysv/linux/tst-mount.c:68: not true: pfd != -1
>> error: ../sysdeps/unix/sysv/linux/tst-mount.c:75: not true: fd_tree != -1
>> ../sysdeps/unix/sysv/linux/tst-mount.c:88: numeric comparison failure
>>    left: 1 (0x1); from: errno
>>   right: 38 (0x26); from: ENOSYS
>> error: 12 test failures
>> ---
>>  sysdeps/unix/sysv/linux/tst-mount.c | 3 ++-
>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/sysdeps/unix/sysv/linux/tst-mount.c b/sysdeps/unix/sysv/linux/tst-mount.c
>> index 502d7e3433..bd75c9e704 100644
>> --- a/sysdeps/unix/sysv/linux/tst-mount.c
>> +++ b/sysdeps/unix/sysv/linux/tst-mount.c
>> @@ -103,7 +103,8 @@ subprocess (void)
>>  static int
>>  do_test (void)
>>  {
>> -  support_become_root ();
>> +  if (!support_become_root ())
>> +    FAIL_UNSUPPORTED("could not become root");
>>  
> 
> I think the usual way is to check if process can chroot:
> 
>   support_become_root ();
>   if (!support_can_chroot ())
>     return EXIT_UNSUPPORTED;
> 
> As done by other tests.

Agreed. We need this same fix for Fedora. I didn't catch this in my review.
 
>>    pid_t pid = xfork ();
>>    if (pid == 0)
> 


-- 
Cheers,
Carlos.

Re: [PATCH] linux: return UNSUPPORTED in tst-mount if support_become_root fails

[DJ Delorie]

Michael Hudson-Doyle via Libc-alpha <libc-alpha@sourceware.org> writes:
> Otherwise the test fails if run in a chroot by a non-root user:

Can this test run in the test-container container?  I'm wondering if
there's some subtle difference between support_become_root() and a more
complete containerization that might enable it to run in more cases.

(yes, I know the test-container might not have tmpfs pre-mounted.  But
then again, not all real systems will either)

Re: [PATCH] linux: return UNSUPPORTED in tst-mount if support_become_root fails

[Michael Hudson-Doyle]

On Fri, 15 Jul 2022 at 07:19, DJ Delorie <dj@redhat.com> wrote:

>
> Michael Hudson-Doyle via Libc-alpha <libc-alpha@sourceware.org> writes:
> > Otherwise the test fails if run in a chroot by a non-root user:
>
> Can this test run in the test-container container?  I'm wondering if
> there's some subtle difference between support_become_root() and a more
> complete containerization that might enable it to run in more cases.
>

All the test-container tests in Ubuntu builds end up UNSUPPORTED with

test-container.c:1130: unable to unshare user/fs: Operation not permitted

so that wouldn't really help here (I should probably look into why this is).

Cheers,
mwh

(yes, I know the test-container might not have tmpfs pre-mounted.  But
> then again, not all real systems will either)
>
>

Re: [PATCH] linux: return UNSUPPORTED in tst-mount if support_become_root fails

[DJ Delorie]

Michael Hudson-Doyle <michael.hudson@canonical.com> writes:
> All the test-container tests in Ubuntu builds end up UNSUPPORTED with
> test-container.c:1130: unable to unshare user/fs: Operation not permitted
> so that wouldn't really help here (I should probably look into why this is).

Yeah, Debian-based distros default to disabling user containers.  There
should be a hint printed as to how to re-enable them, but that's on a
per-system basis, and up to the admin.

[PATCH v2] linux: return UNSUPPORTED in tst-mount if !support_can_chroot

[Michael Hudson-Doyle]

Otherwise the test fails if run in a chroot by a non-root user:

warning: could not become root outside namespace (Operation not permitted)
../sysdeps/unix/sysv/linux/tst-mount.c:36: numeric comparison failure
   left: 1 (0x1); from: errno
  right: 19 (0x13); from: ENODEV
error: ../sysdeps/unix/sysv/linux/tst-mount.c:39: not true: fd != -1
error: ../sysdeps/unix/sysv/linux/tst-mount.c:46: not true: r != -1
error: ../sysdeps/unix/sysv/linux/tst-mount.c:48: not true: r != -1
../sysdeps/unix/sysv/linux/tst-mount.c:52: numeric comparison failure
   left: 1 (0x1); from: errno
  right: 9 (0x9); from: EBADF
error: ../sysdeps/unix/sysv/linux/tst-mount.c:55: not true: mfd != -1
../sysdeps/unix/sysv/linux/tst-mount.c:58: numeric comparison failure
   left: 1 (0x1); from: errno
  right: 2 (0x2); from: ENOENT
error: ../sysdeps/unix/sysv/linux/tst-mount.c:61: not true: r != -1
../sysdeps/unix/sysv/linux/tst-mount.c:65: numeric comparison failure
   left: 1 (0x1); from: errno
  right: 2 (0x2); from: ENOENT
error: ../sysdeps/unix/sysv/linux/tst-mount.c:68: not true: pfd != -1
error: ../sysdeps/unix/sysv/linux/tst-mount.c:75: not true: fd_tree != -1
../sysdeps/unix/sysv/linux/tst-mount.c:88: numeric comparison failure
   left: 1 (0x1); from: errno
  right: 38 (0x26); from: ENOSYS
error: 12 test failures
---
v2: check support_can_chroot() rather than support_become_root return
value
---
 sysdeps/unix/sysv/linux/tst-mount.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sysdeps/unix/sysv/linux/tst-mount.c b/sysdeps/unix/sysv/linux/tst-mount.c
index 502d7e3433..a0b367d9df 100644
--- a/sysdeps/unix/sysv/linux/tst-mount.c
+++ b/sysdeps/unix/sysv/linux/tst-mount.c
@@ -20,6 +20,7 @@
 #include <support/check.h>
 #include <support/xunistd.h>
 #include <support/namespace.h>
+#include <support/test-driver.h>
 #include <sys/wait.h>
 #include <sys/mount.h>
 
@@ -104,6 +105,8 @@ static int
 do_test (void)
 {
   support_become_root ();
+  if (!support_can_chroot ())
+    return EXIT_UNSUPPORTED;
 
   pid_t pid = xfork ();
   if (pid == 0)
-- 
2.34.1

Re: [PATCH v2] linux: return UNSUPPORTED in tst-mount if !support_can_chroot

[Florian Weimer]

* Michael Hudson-Doyle via Libc-alpha:

> Otherwise the test fails if run in a chroot by a non-root user:
>
> warning: could not become root outside namespace (Operation not permitted)
> ../sysdeps/unix/sysv/linux/tst-mount.c:36: numeric comparison failure
>    left: 1 (0x1); from: errno
>   right: 19 (0x13); from: ENODEV
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:39: not true: fd != -1
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:46: not true: r != -1
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:48: not true: r != -1
> ../sysdeps/unix/sysv/linux/tst-mount.c:52: numeric comparison failure
>    left: 1 (0x1); from: errno
>   right: 9 (0x9); from: EBADF
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:55: not true: mfd != -1
> ../sysdeps/unix/sysv/linux/tst-mount.c:58: numeric comparison failure
>    left: 1 (0x1); from: errno
>   right: 2 (0x2); from: ENOENT
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:61: not true: r != -1
> ../sysdeps/unix/sysv/linux/tst-mount.c:65: numeric comparison failure
>    left: 1 (0x1); from: errno
>   right: 2 (0x2); from: ENOENT
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:68: not true: pfd != -1
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:75: not true: fd_tree != -1
> ../sysdeps/unix/sysv/linux/tst-mount.c:88: numeric comparison failure
>    left: 1 (0x1); from: errno
>   right: 38 (0x26); from: ENOSYS
> error: 12 test failures
> ---
> v2: check support_can_chroot() rather than support_become_root return
> value
> ---
>  sysdeps/unix/sysv/linux/tst-mount.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/sysdeps/unix/sysv/linux/tst-mount.c b/sysdeps/unix/sysv/linux/tst-mount.c
> index 502d7e3433..a0b367d9df 100644
> --- a/sysdeps/unix/sysv/linux/tst-mount.c
> +++ b/sysdeps/unix/sysv/linux/tst-mount.c
> @@ -20,6 +20,7 @@
>  #include <support/check.h>
>  #include <support/xunistd.h>
>  #include <support/namespace.h>
> +#include <support/test-driver.h>
>  #include <sys/wait.h>
>  #include <sys/mount.h>
>  
> @@ -104,6 +105,8 @@ static int
>  do_test (void)
>  {
>    support_become_root ();
> +  if (!support_can_chroot ())
> +    return EXIT_UNSUPPORTED;
>  
>    pid_t pid = xfork ();
>    if (pid == 0)

This test still hoses the system if run as root on a system without user
namespaces.

I think you should call and check support_enter_mount_namespace instead,
to make sure that the test does not modify the original mount namespace.

Thanks,
Florian

Re: [PATCH v2] linux: return UNSUPPORTED in tst-mount if !support_can_chroot

[Carlos O'Donell]

On 7/15/22 03:07, Florian Weimer via Libc-alpha wrote:
> * Michael Hudson-Doyle via Libc-alpha:
> 
>> Otherwise the test fails if run in a chroot by a non-root user:
>>
>> warning: could not become root outside namespace (Operation not permitted)
>> ../sysdeps/unix/sysv/linux/tst-mount.c:36: numeric comparison failure
>>    left: 1 (0x1); from: errno
>>   right: 19 (0x13); from: ENODEV
>> error: ../sysdeps/unix/sysv/linux/tst-mount.c:39: not true: fd != -1
>> error: ../sysdeps/unix/sysv/linux/tst-mount.c:46: not true: r != -1
>> error: ../sysdeps/unix/sysv/linux/tst-mount.c:48: not true: r != -1
>> ../sysdeps/unix/sysv/linux/tst-mount.c:52: numeric comparison failure
>>    left: 1 (0x1); from: errno
>>   right: 9 (0x9); from: EBADF
>> error: ../sysdeps/unix/sysv/linux/tst-mount.c:55: not true: mfd != -1
>> ../sysdeps/unix/sysv/linux/tst-mount.c:58: numeric comparison failure
>>    left: 1 (0x1); from: errno
>>   right: 2 (0x2); from: ENOENT
>> error: ../sysdeps/unix/sysv/linux/tst-mount.c:61: not true: r != -1
>> ../sysdeps/unix/sysv/linux/tst-mount.c:65: numeric comparison failure
>>    left: 1 (0x1); from: errno
>>   right: 2 (0x2); from: ENOENT
>> error: ../sysdeps/unix/sysv/linux/tst-mount.c:68: not true: pfd != -1
>> error: ../sysdeps/unix/sysv/linux/tst-mount.c:75: not true: fd_tree != -1
>> ../sysdeps/unix/sysv/linux/tst-mount.c:88: numeric comparison failure
>>    left: 1 (0x1); from: errno
>>   right: 38 (0x26); from: ENOSYS
>> error: 12 test failures
>> ---
>> v2: check support_can_chroot() rather than support_become_root return
>> value
>> ---
>>  sysdeps/unix/sysv/linux/tst-mount.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/sysdeps/unix/sysv/linux/tst-mount.c b/sysdeps/unix/sysv/linux/tst-mount.c
>> index 502d7e3433..a0b367d9df 100644
>> --- a/sysdeps/unix/sysv/linux/tst-mount.c
>> +++ b/sysdeps/unix/sysv/linux/tst-mount.c
>> @@ -20,6 +20,7 @@
>>  #include <support/check.h>
>>  #include <support/xunistd.h>
>>  #include <support/namespace.h>
>> +#include <support/test-driver.h>
>>  #include <sys/wait.h>
>>  #include <sys/mount.h>
>>  
>> @@ -104,6 +105,8 @@ static int
>>  do_test (void)
>>  {
>>    support_become_root ();
>> +  if (!support_can_chroot ())
>> +    return EXIT_UNSUPPORTED;
>>  
>>    pid_t pid = xfork ();
>>    if (pid == 0)
> 
> This test still hoses the system if run as root on a system without user
> namespaces.

I had not considered that configuration when I reviewed the tests.

The subprocess use of fsopen, fsconfig, and fsmount could indeed leave the original
mount namespace in a potentially different state than when it started.

> I think you should call and check support_enter_mount_namespace instead,
> to make sure that the test does not modify the original mount namespace.

Like this in the child?

diff --git a/sysdeps/unix/sysv/linux/tst-mount.c b/sysdeps/unix/sysv/linux/tst-mount.c
index 502d7e3433..d19d70d42d 100644
--- a/sysdeps/unix/sysv/linux/tst-mount.c
+++ b/sysdeps/unix/sysv/linux/tst-mount.c
@@ -107,7 +107,11 @@ do_test (void)
 
   pid_t pid = xfork ();
   if (pid == 0)
-    subprocess ();
+    {
+      if (!support_enter_mount_namespace ())
+        FAIL_UNSUPPORTED ("could not enter new mount namespace");
+      subprocess ();
+    }
 
   int status;
   xwaitpid (pid, &status, 0);

-- 
Cheers,
Carlos.

Re: [PATCH v2] linux: return UNSUPPORTED in tst-mount if !support_can_chroot

[Florian Weimer]

* Carlos O'Donell:

>> I think you should call and check support_enter_mount_namespace instead,
>> to make sure that the test does not modify the original mount namespace.
>
> Like this in the child?
>
> diff --git a/sysdeps/unix/sysv/linux/tst-mount.c b/sysdeps/unix/sysv/linux/tst-mount.c
> index 502d7e3433..d19d70d42d 100644
> --- a/sysdeps/unix/sysv/linux/tst-mount.c
> +++ b/sysdeps/unix/sysv/linux/tst-mount.c
> @@ -107,7 +107,11 @@ do_test (void)
>  
>    pid_t pid = xfork ();
>    if (pid == 0)
> -    subprocess ();
> +    {
> +      if (!support_enter_mount_namespace ())
> +        FAIL_UNSUPPORTED ("could not enter new mount namespace");
> +      subprocess ();
> +    }

Yes, except that you need to change

  xwaitpid (pid, &status, 0);
  TEST_VERIFY (WIFEXITED (status));

as well, to handle status 77.

I'm not entirely sure the fork is necessary, though.

Thanks,
Florian

Re: [PATCH v2] linux: return UNSUPPORTED in tst-mount if !support_can_chroot

[Michael Hudson-Doyle]

On Sat, 16 Jul 2022, 03:36 Carlos O'Donell via Libc-alpha, <
libc-alpha@sourceware.org> wrote:

> On 7/15/22 03:07, Florian Weimer via Libc-alpha wrote:
> > * Michael Hudson-Doyle via Libc-alpha:
> >
> >> Otherwise the test fails if run in a chroot by a non-root user:
> >>
> >> warning: could not become root outside namespace (Operation not
> permitted)
> >> ../sysdeps/unix/sysv/linux/tst-mount.c:36: numeric comparison failure
> >>    left: 1 (0x1); from: errno
> >>   right: 19 (0x13); from: ENODEV
> >> error: ../sysdeps/unix/sysv/linux/tst-mount.c:39: not true: fd != -1
> >> error: ../sysdeps/unix/sysv/linux/tst-mount.c:46: not true: r != -1
> >> error: ../sysdeps/unix/sysv/linux/tst-mount.c:48: not true: r != -1
> >> ../sysdeps/unix/sysv/linux/tst-mount.c:52: numeric comparison failure
> >>    left: 1 (0x1); from: errno
> >>   right: 9 (0x9); from: EBADF
> >> error: ../sysdeps/unix/sysv/linux/tst-mount.c:55: not true: mfd != -1
> >> ../sysdeps/unix/sysv/linux/tst-mount.c:58: numeric comparison failure
> >>    left: 1 (0x1); from: errno
> >>   right: 2 (0x2); from: ENOENT
> >> error: ../sysdeps/unix/sysv/linux/tst-mount.c:61: not true: r != -1
> >> ../sysdeps/unix/sysv/linux/tst-mount.c:65: numeric comparison failure
> >>    left: 1 (0x1); from: errno
> >>   right: 2 (0x2); from: ENOENT
> >> error: ../sysdeps/unix/sysv/linux/tst-mount.c:68: not true: pfd != -1
> >> error: ../sysdeps/unix/sysv/linux/tst-mount.c:75: not true: fd_tree !=
> -1
> >> ../sysdeps/unix/sysv/linux/tst-mount.c:88: numeric comparison failure
> >>    left: 1 (0x1); from: errno
> >>   right: 38 (0x26); from: ENOSYS
> >> error: 12 test failures
> >> ---
> >> v2: check support_can_chroot() rather than support_become_root return
> >> value
> >> ---
> >>  sysdeps/unix/sysv/linux/tst-mount.c | 3 +++
> >>  1 file changed, 3 insertions(+)
> >>
> >> diff --git a/sysdeps/unix/sysv/linux/tst-mount.c
> b/sysdeps/unix/sysv/linux/tst-mount.c
> >> index 502d7e3433..a0b367d9df 100644
> >> --- a/sysdeps/unix/sysv/linux/tst-mount.c
> >> +++ b/sysdeps/unix/sysv/linux/tst-mount.c
> >> @@ -20,6 +20,7 @@
> >>  #include <support/check.h>
> >>  #include <support/xunistd.h>
> >>  #include <support/namespace.h>
> >> +#include <support/test-driver.h>
> >>  #include <sys/wait.h>
> >>  #include <sys/mount.h>
> >>
> >> @@ -104,6 +105,8 @@ static int
> >>  do_test (void)
> >>  {
> >>    support_become_root ();
> >> +  if (!support_can_chroot ())
> >> +    return EXIT_UNSUPPORTED;
> >>
> >>    pid_t pid = xfork ();
> >>    if (pid == 0)
> >
> > This test still hoses the system if run as root on a system without user
> > namespaces.
>
> I had not considered that configuration when I reviewed the tests.
>
> The subprocess use of fsopen, fsconfig, and fsmount could indeed leave the
> original
> mount namespace in a potentially different state than when it started.
>

This reminds me of one of my favourite bugs ever where gccgo ignored
CloneFlags in some situations and so when you built docker with it,
pivot_root was called on the default mount namespace....

Anyway, I am afk for the weekend now and have no attachment to being the
one to push the fix for this, if someone who is still at a computer can
write up a better fix, please go ahead!

Cheers,
mwh

> I think you should call and check support_enter_mount_namespace instead,
> > to make sure that the test does not modify the original mount namespace.
>
> Like this in the child?
>
> diff --git a/sysdeps/unix/sysv/linux/tst-mount.c
> b/sysdeps/unix/sysv/linux/tst-mount.c
> index 502d7e3433..d19d70d42d 100644
> --- a/sysdeps/unix/sysv/linux/tst-mount.c
> +++ b/sysdeps/unix/sysv/linux/tst-mount.c
> @@ -107,7 +107,11 @@ do_test (void)
>
>    pid_t pid = xfork ();
>    if (pid == 0)
> -    subprocess ();
> +    {
> +      if (!support_enter_mount_namespace ())
> +        FAIL_UNSUPPORTED ("could not enter new mount namespace");
> +      subprocess ();
> +    }
>
>    int status;
>    xwaitpid (pid, &status, 0);
>
> --
> Cheers,
> Carlos.
>
>

Re: [PATCH v2] linux: return UNSUPPORTED in tst-mount if !support_can_chroot

[Carlos O'Donell]

On 7/15/22 17:01, Michael Hudson-Doyle wrote:
> Anyway, I am afk for the weekend now and have no attachment to being the
> one to push the fix for this, if someone who is still at a computer can
> write up a better fix, please go ahead!

Thanks for the notice.

We can review again next week and fix the issue before 2.36 releases.

-- 
Cheers,
Carlos.

Re: [PATCH v2] linux: return UNSUPPORTED in tst-mount if !support_can_chroot

[Michael Hudson-Doyle]

On Sat, 16 Jul 2022 at 03:45, Florian Weimer via Libc-alpha <
libc-alpha@sourceware.org> wrote:

> * Carlos O'Donell:
>
> >> I think you should call and check support_enter_mount_namespace instead,
> >> to make sure that the test does not modify the original mount namespace.
> >
> > Like this in the child?
> >
> > diff --git a/sysdeps/unix/sysv/linux/tst-mount.c
> b/sysdeps/unix/sysv/linux/tst-mount.c
> > index 502d7e3433..d19d70d42d 100644
> > --- a/sysdeps/unix/sysv/linux/tst-mount.c
> > +++ b/sysdeps/unix/sysv/linux/tst-mount.c
> > @@ -107,7 +107,11 @@ do_test (void)
> >
> >    pid_t pid = xfork ();
> >    if (pid == 0)
> > -    subprocess ();
> > +    {
> > +      if (!support_enter_mount_namespace ())
> > +        FAIL_UNSUPPORTED ("could not enter new mount namespace");
> > +      subprocess ();
> > +    }
>
> Yes, except that you need to change
>
>   xwaitpid (pid, &status, 0);
>   TEST_VERIFY (WIFEXITED (status));
>
> as well, to handle status 77.
>

I was a bit confused by this, as subprocess() already calls
FAIL_UNSUPPORTED (if fsopen sets errno to ENOSYS). WIFEXITED (status)
doesn't distinguish between status 0 or 77 though... So I guess I don't
understand how the test machinery works here.


> I'm not entirely sure the fork is necessary, though.
>

Yes, I don't see why it's there either.

Cheers,
mwh

[PATCH v3] linux: return UNSUPPORTED from tst-mount if entering mount namespace fails

[Michael Hudson-Doyle]

Before this the test fails if run in a chroot by a non-root user:

warning: could not become root outside namespace (Operation not permitted)
../sysdeps/unix/sysv/linux/tst-mount.c:36: numeric comparison failure
   left: 1 (0x1); from: errno
  right: 19 (0x13); from: ENODEV
error: ../sysdeps/unix/sysv/linux/tst-mount.c:39: not true: fd != -1
error: ../sysdeps/unix/sysv/linux/tst-mount.c:46: not true: r != -1
error: ../sysdeps/unix/sysv/linux/tst-mount.c:48: not true: r != -1
../sysdeps/unix/sysv/linux/tst-mount.c:52: numeric comparison failure
   left: 1 (0x1); from: errno
  right: 9 (0x9); from: EBADF
error: ../sysdeps/unix/sysv/linux/tst-mount.c:55: not true: mfd != -1
../sysdeps/unix/sysv/linux/tst-mount.c:58: numeric comparison failure
   left: 1 (0x1); from: errno
  right: 2 (0x2); from: ENOENT
error: ../sysdeps/unix/sysv/linux/tst-mount.c:61: not true: r != -1
../sysdeps/unix/sysv/linux/tst-mount.c:65: numeric comparison failure
   left: 1 (0x1); from: errno
  right: 2 (0x2); from: ENOENT
error: ../sysdeps/unix/sysv/linux/tst-mount.c:68: not true: pfd != -1
error: ../sysdeps/unix/sysv/linux/tst-mount.c:75: not true: fd_tree != -1
../sysdeps/unix/sysv/linux/tst-mount.c:88: numeric comparison failure
   left: 1 (0x1); from: errno
  right: 38 (0x26); from: ENOSYS
error: 12 test failures

Checking that the test can enter a new mount namespace is more correct
than just checking the return value of support_become_root() as the test
code changes the mount namespace it runs in so running it as root on a
system that does not support mount namespaces should still skip.

Also change the test to remove the unnecessary fork.
---
v3: check support_enter_mount_namespace() return value, remove fork
v2: check support_can_chroot() rather than support_become_root return
value
---
 sysdeps/unix/sysv/linux/tst-mount.c | 25 ++++++-------------------
 1 file changed, 6 insertions(+), 19 deletions(-)

diff --git a/sysdeps/unix/sysv/linux/tst-mount.c b/sysdeps/unix/sysv/linux/tst-mount.c
index 502d7e3433..b6333a60e6 100644
--- a/sysdeps/unix/sysv/linux/tst-mount.c
+++ b/sysdeps/unix/sysv/linux/tst-mount.c
@@ -20,15 +20,18 @@
 #include <support/check.h>
 #include <support/xunistd.h>
 #include <support/namespace.h>
-#include <sys/wait.h>
 #include <sys/mount.h>
 
 _Static_assert (sizeof (struct mount_attr) == MOUNT_ATTR_SIZE_VER0,
 		"sizeof (struct mount_attr) != MOUNT_ATTR_SIZE_VER0");
 
-static void
-subprocess (void)
+static int
+do_test (void)
 {
+  support_become_root ();
+  if (!support_enter_mount_namespace ())
+    FAIL_UNSUPPORTED ("cannot enter mount namespace, skipping test");
+
   int r = fsopen ("it_should_be_not_a_valid_mount", 0);
   TEST_VERIFY_EXIT (r == -1);
   if (errno == ENOSYS)
@@ -100,20 +103,4 @@ subprocess (void)
   _exit (0);
 }
 
-static int
-do_test (void)
-{
-  support_become_root ();
-
-  pid_t pid = xfork ();
-  if (pid == 0)
-    subprocess ();
-
-  int status;
-  xwaitpid (pid, &status, 0);
-  TEST_VERIFY (WIFEXITED (status));
-
-  return 0;
-}
-
 #include <support/test-driver.c>
-- 
2.34.1

Re: [PATCH v3] linux: return UNSUPPORTED from tst-mount if entering mount namespace fails

[Carlos O'Donell]

On 7/17/22 19:16, Michael Hudson-Doyle via Libc-alpha wrote:
> Before this the test fails if run in a chroot by a non-root user:

LGTM. OK for glibc 2.36. Would you like me to push this for you?

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
 
> warning: could not become root outside namespace (Operation not permitted)
> ../sysdeps/unix/sysv/linux/tst-mount.c:36: numeric comparison failure
>    left: 1 (0x1); from: errno
>   right: 19 (0x13); from: ENODEV
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:39: not true: fd != -1
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:46: not true: r != -1
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:48: not true: r != -1
> ../sysdeps/unix/sysv/linux/tst-mount.c:52: numeric comparison failure
>    left: 1 (0x1); from: errno
>   right: 9 (0x9); from: EBADF
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:55: not true: mfd != -1
> ../sysdeps/unix/sysv/linux/tst-mount.c:58: numeric comparison failure
>    left: 1 (0x1); from: errno
>   right: 2 (0x2); from: ENOENT
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:61: not true: r != -1
> ../sysdeps/unix/sysv/linux/tst-mount.c:65: numeric comparison failure
>    left: 1 (0x1); from: errno
>   right: 2 (0x2); from: ENOENT
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:68: not true: pfd != -1
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:75: not true: fd_tree != -1
> ../sysdeps/unix/sysv/linux/tst-mount.c:88: numeric comparison failure
>    left: 1 (0x1); from: errno
>   right: 38 (0x26); from: ENOSYS
> error: 12 test failures
> 
> Checking that the test can enter a new mount namespace is more correct
> than just checking the return value of support_become_root() as the test
> code changes the mount namespace it runs in so running it as root on a
> system that does not support mount namespaces should still skip.

Agreed.

> 
> Also change the test to remove the unnecessary fork.
> ---
> v3: check support_enter_mount_namespace() return value, remove fork
> v2: check support_can_chroot() rather than support_become_root return
> value
> ---
>  sysdeps/unix/sysv/linux/tst-mount.c | 25 ++++++-------------------
>  1 file changed, 6 insertions(+), 19 deletions(-)
> 
> diff --git a/sysdeps/unix/sysv/linux/tst-mount.c b/sysdeps/unix/sysv/linux/tst-mount.c
> index 502d7e3433..b6333a60e6 100644
> --- a/sysdeps/unix/sysv/linux/tst-mount.c
> +++ b/sysdeps/unix/sysv/linux/tst-mount.c
> @@ -20,15 +20,18 @@
>  #include <support/check.h>
>  #include <support/xunistd.h>
>  #include <support/namespace.h>
> -#include <sys/wait.h>

OK.

>  #include <sys/mount.h>
>  
>  _Static_assert (sizeof (struct mount_attr) == MOUNT_ATTR_SIZE_VER0,
>  		"sizeof (struct mount_attr) != MOUNT_ATTR_SIZE_VER0");
>  
> -static void
> -subprocess (void)
> +static int
> +do_test (void)

OK.

>  {
> +  support_become_root ();
> +  if (!support_enter_mount_namespace ())
> +    FAIL_UNSUPPORTED ("cannot enter mount namespace, skipping test");

OK.

> +
>    int r = fsopen ("it_should_be_not_a_valid_mount", 0);
>    TEST_VERIFY_EXIT (r == -1);
>    if (errno == ENOSYS)
> @@ -100,20 +103,4 @@ subprocess (void)
>    _exit (0);
>  }
>  
> -static int
> -do_test (void)
> -{
> -  support_become_root ();
> -
> -  pid_t pid = xfork ();
> -  if (pid == 0)
> -    subprocess ();
> -
> -  int status;
> -  xwaitpid (pid, &status, 0);
> -  TEST_VERIFY (WIFEXITED (status));
> -
> -  return 0;
> -}
> -
>  #include <support/test-driver.c>


-- 
Cheers,
Carlos.

Re: [PATCH v3] linux: return UNSUPPORTED from tst-mount if entering mount namespace fails

[Mark Wielaard]

Hi Michael,

On Mon, Jul 18, 2022 at 11:16:57AM +1200, Michael Hudson-Doyle via Libc-alpha wrote:
> Before this the test fails if run in a chroot by a non-root user:
> 
> warning: could not become root outside namespace (Operation not permitted)
> ../sysdeps/unix/sysv/linux/tst-mount.c:36: numeric comparison failure
>    left: 1 (0x1); from: errno
>   right: 19 (0x13); from: ENODEV
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:39: not true: fd != -1
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:46: not true: r != -1
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:48: not true: r != -1
> ../sysdeps/unix/sysv/linux/tst-mount.c:52: numeric comparison failure
>    left: 1 (0x1); from: errno
>   right: 9 (0x9); from: EBADF
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:55: not true: mfd != -1
> ../sysdeps/unix/sysv/linux/tst-mount.c:58: numeric comparison failure
>    left: 1 (0x1); from: errno
>   right: 2 (0x2); from: ENOENT
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:61: not true: r != -1
> ../sysdeps/unix/sysv/linux/tst-mount.c:65: numeric comparison failure
>    left: 1 (0x1); from: errno
>   right: 2 (0x2); from: ENOENT
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:68: not true: pfd != -1
> error: ../sysdeps/unix/sysv/linux/tst-mount.c:75: not true: fd_tree != -1
> ../sysdeps/unix/sysv/linux/tst-mount.c:88: numeric comparison failure
>    left: 1 (0x1); from: errno
>   right: 38 (0x26); from: ENOSYS
> error: 12 test failures
> 
> Checking that the test can enter a new mount namespace is more correct
> than just checking the return value of support_become_root() as the test
> code changes the mount namespace it runs in so running it as root on a
> system that does not support mount namespaces should still skip.
> 
> Also change the test to remove the unnecessary fork.

Tested on x86_64, inside a fedora container where this patch turns the
FAIL into an UNSUPPORTED. And "outside" a container on fedora where
this patch makes misc/tst-mount still PASS.

Thanks,

Mark

Re: [PATCH v3] linux: return UNSUPPORTED from tst-mount if entering mount namespace fails

[Carlos O'Donell]

On 7/18/22 09:13, Mark Wielaard wrote:
> Hi Michael,
> 
> On Mon, Jul 18, 2022 at 11:16:57AM +1200, Michael Hudson-Doyle via Libc-alpha wrote:
>> Before this the test fails if run in a chroot by a non-root user:
>>
>> warning: could not become root outside namespace (Operation not permitted)
>> ../sysdeps/unix/sysv/linux/tst-mount.c:36: numeric comparison failure
>>    left: 1 (0x1); from: errno
>>   right: 19 (0x13); from: ENODEV
>> error: ../sysdeps/unix/sysv/linux/tst-mount.c:39: not true: fd != -1
>> error: ../sysdeps/unix/sysv/linux/tst-mount.c:46: not true: r != -1
>> error: ../sysdeps/unix/sysv/linux/tst-mount.c:48: not true: r != -1
>> ../sysdeps/unix/sysv/linux/tst-mount.c:52: numeric comparison failure
>>    left: 1 (0x1); from: errno
>>   right: 9 (0x9); from: EBADF
>> error: ../sysdeps/unix/sysv/linux/tst-mount.c:55: not true: mfd != -1
>> ../sysdeps/unix/sysv/linux/tst-mount.c:58: numeric comparison failure
>>    left: 1 (0x1); from: errno
>>   right: 2 (0x2); from: ENOENT
>> error: ../sysdeps/unix/sysv/linux/tst-mount.c:61: not true: r != -1
>> ../sysdeps/unix/sysv/linux/tst-mount.c:65: numeric comparison failure
>>    left: 1 (0x1); from: errno
>>   right: 2 (0x2); from: ENOENT
>> error: ../sysdeps/unix/sysv/linux/tst-mount.c:68: not true: pfd != -1
>> error: ../sysdeps/unix/sysv/linux/tst-mount.c:75: not true: fd_tree != -1
>> ../sysdeps/unix/sysv/linux/tst-mount.c:88: numeric comparison failure
>>    left: 1 (0x1); from: errno
>>   right: 38 (0x26); from: ENOSYS
>> error: 12 test failures
>>
>> Checking that the test can enter a new mount namespace is more correct
>> than just checking the return value of support_become_root() as the test
>> code changes the mount namespace it runs in so running it as root on a
>> system that does not support mount namespaces should still skip.
>>
>> Also change the test to remove the unnecessary fork.
> 
> Tested on x86_64, inside a fedora container where this patch turns the
> FAIL into an UNSUPPORTED. And "outside" a container on fedora where
> this patch makes misc/tst-mount still PASS.

If you test a patch please feel free to provide the Tested-by: tag which patchwork
will aggregate so when I apply the patch from git-pw your tag will get added and
end up in the commit (similar to b4).

It records the amazing work you did by testing a patch! :-)

-- 
Cheers,
Carlos.

Re: [PATCH v3] linux: return UNSUPPORTED from tst-mount if entering mount namespace fails

[Michael Hudson-Doyle]

On Tue, 19 Jul 2022 at 00:59, Carlos O'Donell <carlos@redhat.com> wrote:

> On 7/17/22 19:16, Michael Hudson-Doyle via Libc-alpha wrote:
> > Before this the test fails if run in a chroot by a non-root user:
>
> LGTM. OK for glibc 2.36. Would you like me to push this for you?
>

Thanks. I pushed it and marked the patch as committed in patchwork, I think
this was my first push to master so let me know if I missed anything.

Cheers,
mwh


> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
>
> > warning: could not become root outside namespace (Operation not
> permitted)
> > ../sysdeps/unix/sysv/linux/tst-mount.c:36: numeric comparison failure
> >    left: 1 (0x1); from: errno
> >   right: 19 (0x13); from: ENODEV
> > error: ../sysdeps/unix/sysv/linux/tst-mount.c:39: not true: fd != -1
> > error: ../sysdeps/unix/sysv/linux/tst-mount.c:46: not true: r != -1
> > error: ../sysdeps/unix/sysv/linux/tst-mount.c:48: not true: r != -1
> > ../sysdeps/unix/sysv/linux/tst-mount.c:52: numeric comparison failure
> >    left: 1 (0x1); from: errno
> >   right: 9 (0x9); from: EBADF
> > error: ../sysdeps/unix/sysv/linux/tst-mount.c:55: not true: mfd != -1
> > ../sysdeps/unix/sysv/linux/tst-mount.c:58: numeric comparison failure
> >    left: 1 (0x1); from: errno
> >   right: 2 (0x2); from: ENOENT
> > error: ../sysdeps/unix/sysv/linux/tst-mount.c:61: not true: r != -1
> > ../sysdeps/unix/sysv/linux/tst-mount.c:65: numeric comparison failure
> >    left: 1 (0x1); from: errno
> >   right: 2 (0x2); from: ENOENT
> > error: ../sysdeps/unix/sysv/linux/tst-mount.c:68: not true: pfd != -1
> > error: ../sysdeps/unix/sysv/linux/tst-mount.c:75: not true: fd_tree != -1
> > ../sysdeps/unix/sysv/linux/tst-mount.c:88: numeric comparison failure
> >    left: 1 (0x1); from: errno
> >   right: 38 (0x26); from: ENOSYS
> > error: 12 test failures
> >
> > Checking that the test can enter a new mount namespace is more correct
> > than just checking the return value of support_become_root() as the test
> > code changes the mount namespace it runs in so running it as root on a
> > system that does not support mount namespaces should still skip.
>
> Agreed.
>
> >
> > Also change the test to remove the unnecessary fork.
> > ---
> > v3: check support_enter_mount_namespace() return value, remove fork
> > v2: check support_can_chroot() rather than support_become_root return
> > value
> > ---
> >  sysdeps/unix/sysv/linux/tst-mount.c | 25 ++++++-------------------
> >  1 file changed, 6 insertions(+), 19 deletions(-)
> >
> > diff --git a/sysdeps/unix/sysv/linux/tst-mount.c
> b/sysdeps/unix/sysv/linux/tst-mount.c
> > index 502d7e3433..b6333a60e6 100644
> > --- a/sysdeps/unix/sysv/linux/tst-mount.c
> > +++ b/sysdeps/unix/sysv/linux/tst-mount.c
> > @@ -20,15 +20,18 @@
> >  #include <support/check.h>
> >  #include <support/xunistd.h>
> >  #include <support/namespace.h>
> > -#include <sys/wait.h>
>
> OK.
>
> >  #include <sys/mount.h>
> >
> >  _Static_assert (sizeof (struct mount_attr) == MOUNT_ATTR_SIZE_VER0,
> >               "sizeof (struct mount_attr) != MOUNT_ATTR_SIZE_VER0");
> >
> > -static void
> > -subprocess (void)
> > +static int
> > +do_test (void)
>
> OK.
>
> >  {
> > +  support_become_root ();
> > +  if (!support_enter_mount_namespace ())
> > +    FAIL_UNSUPPORTED ("cannot enter mount namespace, skipping test");
>
> OK.
>
> > +
> >    int r = fsopen ("it_should_be_not_a_valid_mount", 0);
> >    TEST_VERIFY_EXIT (r == -1);
> >    if (errno == ENOSYS)
> > @@ -100,20 +103,4 @@ subprocess (void)
> >    _exit (0);
> >  }
> >
> > -static int
> > -do_test (void)
> > -{
> > -  support_become_root ();
> > -
> > -  pid_t pid = xfork ();
> > -  if (pid == 0)
> > -    subprocess ();
> > -
> > -  int status;
> > -  xwaitpid (pid, &status, 0);
> > -  TEST_VERIFY (WIFEXITED (status));
> > -
> > -  return 0;
> > -}
> > -
> >  #include <support/test-driver.c>
>
>
> --
> Cheers,
> Carlos.
>
>

Re: [PATCH v3] linux: return UNSUPPORTED from tst-mount if entering mount namespace fails

[Carlos O'Donell]

On 7/18/22 14:59, Michael Hudson-Doyle wrote:
> On Tue, 19 Jul 2022 at 00:59, Carlos O'Donell <carlos@redhat.com> wrote:
> 
>> On 7/17/22 19:16, Michael Hudson-Doyle via Libc-alpha wrote:
>>> Before this the test fails if run in a chroot by a non-root user:
>>
>> LGTM. OK for glibc 2.36. Would you like me to push this for you?
>>
> 
> Thanks. I pushed it and marked the patch as committed in patchwork, I think
> this was my first push to master so let me know if I missed anything.

Looks great!

Thank you for updating patchwork.

Committed content matches posted content.

You added the reviewers (mine) Reviewed-by: tag.

All awesome. Thank you again!

-- 
Cheers,
Carlos.