Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

syscall: TestUnshare fails with "operation not permitted", even with CONFIG_NET_NS=y #17206

Closed
owlab-exp opened this issue Sep 23, 2016 · 11 comments
Closed

Comments

@owlab-exp
Copy link

@owlab-exp owlab-exp commented Sep 23, 2016

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (go version)?

none

What operating system and processor architecture are you using (go env)?

linux arm64

What did you do?

If possible, provide a recipe for reproducing the error.

A complete runnable program is good.

A link on play.golang.org is best.

I am building go1.7.1 on my arm64 machine, with go-linux-arm64-bootstrap.
I performed all.bash in src directory.

What did you expect to see?

Completed build without any error.

What did you see instead?

Build failed with the following error

...
--- FAIL: TestUnshare (0.01s)
    exec_linux_test.go:171: Cmd failed with err fork/exec /bin/cat: operation not permitted, output: 
FAIL
FAIL    syscall 0.960s
...

So, I changed the exec_linux_test.go from this,

165         cmd := exec.Command("cat", path)
166         cmd.SysProcAttr = &syscall.SysProcAttr{
167                 Unshareflags: syscall.CLONE_NEWNET,
168         }
169         out, err := cmd.CombinedOutput()
170         if err != nil {
171                 t.Fatalf("Cmd failed with err %v, output: %s", err, out)
172         }
173 
174         // Check there is only the local network interface
175         sout := strings.TrimSpace(string(out))
176         if !strings.Contains(sout, "lo:") {
177                 t.Fatalf("Expected lo network interface to exist, got %s", sout)
178         }
179 
180         lines := strings.Split(sout, "\n")
181         if len(lines) != 3 {
182                 t.Fatalf("Expected 3 lines of output, got %d", len(lines))
183         }

to this,

165         cmd := exec.Command("cat", path)
166         //cmd.SysProcAttr = &syscall.SysProcAttr{
167         //      Unshareflags: syscall.CLONE_NEWNET,
168         //}
169         out, err := cmd.CombinedOutput()
170         if err != nil {
171                 t.Fatalf("Cmd failed with err %v, output: %s", err, out)
172         }
173 
174         // Check there is only the local network interface
175         sout := strings.TrimSpace(string(out))
176         if !strings.Contains(sout, "lo:") {
177                 t.Fatalf("Expected lo network interface to exist, got %s", sout)
178         }
179 
180         lines := strings.Split(sout, "\n")
181         //if len(lines) != 3 {
182         if len(lines) != 4 {
183                 t.Fatalf("Expected 3 lines of output, got %d", len(lines))
184         }

After those changes, building finished without error.

@minux
Copy link
Member

@minux minux commented Sep 23, 2016

@owlab-exp
Copy link
Author

@owlab-exp owlab-exp commented Sep 25, 2016

I am running it in a physical machine (Hikey board, debian-jessie), not in a container.

@mwhudson
Copy link
Contributor

@mwhudson mwhudson commented Sep 25, 2016

Which kernel? Maybe it doesn't have CONFIG_NET_NS=y set?

@owlab-exp
Copy link
Author

@owlab-exp owlab-exp commented Sep 26, 2016

The kernel is 3.1.8-linaro-hikey.
And /boot/config-3.1.8.0-linaro-hikey shows :

CONFIG_NET_NS=y
@minux
Copy link
Member

@minux minux commented Sep 26, 2016

@mwhudson
Copy link
Contributor

@mwhudson mwhudson commented Sep 26, 2016

3.1 still sounds pretty old but I certainly don't know the details here,
sorry.

On 26 September 2016 at 13:16, Hun Jae Lee notifications@github.com wrote:

The kernel is 3.1.8-linaro-hikey.
And /boot/config-3.1.8.0-linaro-hikey shows :

CONFIG_NET_NS=y


You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#17206 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AApBFuvQsEl-GVYA1cfA9_ifZLWXMkdJks5qtw7ggaJpZM4KEuEV
.

@quentinmit quentinmit changed the title exec_linux_test.go:171: Cmd failed with err fork/exec /bin/cat: operation not permitted syscall: TestUnshare fails with "operation not permitted", even with CONFIG_NET_NS=y Oct 3, 2016
@quentinmit quentinmit added this to the Go1.8 milestone Oct 3, 2016
@mdcnz
Copy link

@mdcnz mdcnz commented Oct 24, 2016

Saw this issue in a docker container:
starting from docker golang:1.7.3-wheezy image
removed go1.7.3
downloaded go1.4 binaries
git clone latest go source
ran ./all.bash as root

--- FAIL: TestUnshare (0.00s)
exec_linux_test.go:177: Cmd failed with err fork/exec /bin/cat: operation not permitted

If test is skipped, build is successful.

go version devel +3cbfcaa Mon Oct 24 02:33:39 2016 +0000 linux/amd64

@rsc rsc modified the milestones: Go1.9, Go1.8 Nov 11, 2016
@CAFxX
Copy link
Contributor

@CAFxX CAFxX commented Mar 14, 2017

Ran into this today using docker:

FROM ubuntu:latest
RUN apt-get -y update && apt-get install -y git golang build-essential gcc
RUN git clone https://github.com/golang/go.git
CMD cd go/src; GOROOT_BOOTSTRAP=`go env GOROOT` ./all.bash
@bradfitz
Copy link
Contributor

@bradfitz bradfitz commented Mar 14, 2017

@CAFxX, privileged container or not? Kernel version? What does "ubuntu:latest" currently resolve to?

@bradfitz bradfitz added the Testing label Jul 14, 2017
@gopherbot
Copy link

@gopherbot gopherbot commented Jul 14, 2017

CL https://golang.org/cl/48571 mentions this issue.

@gopherbot gopherbot closed this in 121d076 Jul 14, 2017
@shanemhansen
Copy link
Contributor

@shanemhansen shanemhansen commented Sep 12, 2017

FWIW I verified that go1.9 docker builds work if you use the --privileged.

@golang golang locked and limited conversation to collaborators Sep 12, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
10 participants
You can’t perform that action at this time.