Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

syscall: src/syscall/exec_linux_test.go assumes your UID is also your GID and fails on git tip #11220

Closed
siebenmann opened this issue Jun 15, 2015 · 6 comments
Assignees
Milestone

Comments

@siebenmann
Copy link

@siebenmann siebenmann commented Jun 15, 2015

On two 64-bit Fedora 21 machines running current kernels and configured without SELinux, current git tip fails self tests with:

--- FAIL: TestCloneNEWUSERAndRemapNoRootDisableSetgroups-4 (0.01s)
        exec_linux_test.go:45: Cmd failed with err fork/exec /usr/bin/whoami: operation not permitted, output: 
FAIL
FAIL    syscall 0.063s

Looking at strace output, the specific failure is an EPERM error writing to /proc/<new pid>/gid_map, although the open() succeeds; specifically it is trying to write '0 19 1\n' to the file. 19 is my UID, but it is not any of my GIDs. What's happening is that the test code implicitly assumes you are in a group that has the same numeric ID as your UID, which is not a safe assumption. When you are not, the kernel rejects the attempt to remap GID 0 to a group that you are not a member of.

I believe that the correct fix is to change things to pass whoamiCmd() the target GID explicitly. For the root versions this is 0, for the non-root versions it is os.Getgid(). A trial run of such a change passes all tests.

@ianlancetaylor
Copy link
Contributor

@ianlancetaylor ianlancetaylor commented Jun 15, 2015

What kernel version?

@ianlancetaylor ianlancetaylor added this to the Go1.5 milestone Jun 15, 2015
@ianlancetaylor ianlancetaylor self-assigned this Jun 15, 2015
@siebenmann
Copy link
Author

@siebenmann siebenmann commented Jun 15, 2015

I saw this on Fedora's 3.19.7 and 4.0.4 (64-bit) kernels.

@gopherbot
Copy link

@gopherbot gopherbot commented Jun 15, 2015

CL https://golang.org/cl/11124 mentions this issue.

@ALTree
Copy link
Member

@ALTree ALTree commented Jun 17, 2015

This test is failing for me at tip

go version devel +dd44d49 Wed Jun 17 20:00:06 2015 +0200 linux/amd64
$ uname -a
Linux gauss 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1 (2015-05-24) x86_64 GNU/Linux
./all.bash

--- FAIL: TestCloneNEWUSERAndRemapNoRootDisableSetgroups (0.00s)
    exec_linux_test.go:45: Cmd failed with err fork/exec /usr/bin/whoami: operation not permitted, output: 
FAIL
FAIL    syscall 0.022s

@ianlancetaylor
Copy link
Contributor

@ianlancetaylor ianlancetaylor commented Jun 17, 2015

We've solved the problem that this issue describes, so you are encountering a different problem. Please open a new issue. Thanks.

It would be helpful if you could "go test -c syscall" and then "strace -f syscall.test -test.run=TestCloneNEWUSERAndRemapNoRootDisableSetgroups" so that we can see exactly what is failing. Thanks.

@ALTree
Copy link
Member

@ALTree ALTree commented Jun 17, 2015

Done. Sorry for the noise.

@golang golang locked and limited conversation to collaborators Jun 25, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.