Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

syscall: TestAmbientCapsUserns test failing with operation not permitted #34015

Open
LocutusOfBorg opened this issue Sep 2, 2019 · 17 comments

Comments

@LocutusOfBorg
Copy link

commented Sep 2, 2019

What version of Go are you using (go version)?

$ go version
1.13-rc2

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

Ubuntu devel, 19.10

What did you do?

trying to build the source code, I get

ok  	sync/atomic	0.047s
--- FAIL: TestAmbientCapsUserns (0.00s)
    exec_linux_test.go:667: fork/exec /tmp/gotest465803457: operation not permitted
FAIL
FAIL	syscall	0.033s

I suspect Ubuntu builders should ignore that test?

@ALTree

This comment has been minimized.

Copy link
Member

commented Sep 2, 2019

Thanks for reporting this.

I doubt this is related to #12815. This look yet another variant of #30698. We already try to detect Kernel configurations that would make the test fail (CL 166460, CL 180877) but the current checks are possibly not exhaustive.

@ALTree ALTree changed the title build failure in Ubuntu (see issue: #12815) syscall: TestAmbientCapsUserns test failing with operation not permitted Sep 2, 2019

@ALTree

This comment has been minimized.

Copy link
Member

commented Sep 2, 2019

Also, please note that this is not a build failure (i.e.: the code does not compile). The package compiles just fine, this is just a test failing. You can run make.bash instead of all.bash and the toolchain should be built without errors.

@ALTree ALTree added this to the Go1.14 milestone Sep 2, 2019

@LocutusOfBorg

This comment has been minimized.

Copy link
Author

commented Sep 2, 2019

this is what we run...

        set -ex; \
                cd src; \
                export PATH="$(GOROOT)/bin:$$PATH"; \
                eval "$$(go tool dist env)"; \
                bash run.bash -k -no-rebuild;
@LocutusOfBorg

This comment has been minimized.

Copy link
Author

commented Sep 2, 2019

interesting this fails also in pbuilder chroot configuration...

@LocutusOfBorg

This comment has been minimized.

Copy link
Author

commented Sep 2, 2019

I can provide information if needed! Such as kernel configuration (Ubuntu 18.04 amd64 default one),
and steps to reproduce on a clean debian/ubuntu environment

@ALTree

This comment has been minimized.

Copy link
Member

commented Sep 2, 2019

I can provide information if needed! Such as kernel configuration (Ubuntu 18.04 amd64 default one), and steps to reproduce on a clean debian/ubuntu environment

@LocutusOfBorg Yes please. It'll help with the investigation. Thanks.

@LocutusOfBorg

This comment has been minimized.

Copy link
Author

commented Sep 3, 2019

on a Debian/Ubuntu system (I'm using ubuntu 18.04 LTS amd64)

pbuilder-dist sid create
pbuilder-dist sid login (remember the directory where the chroot is extracted)
pull-debian-source golang-1.13

copy the downloaded files into the chroot

go inside the chroot (the login command above does it)
cd golang-*
apt build-dep ../golang*dsc
dpkg-buildpackage

enjoy your failure!

Of course, inside the chroot you can install/play with whatever you want, install git, download stuff and so on...

@LocutusOfBorg

This comment has been minimized.

Copy link
Author

commented Sep 3, 2019

inside an Ubuntu/Debian machine you probably just need to install "ubuntu-dev-tools"

@LocutusOfBorg

This comment has been minimized.

Copy link
Author

commented Sep 3, 2019

This is my default kernel configuration

config-5.0.0-25-generic.txt

@longsleep

This comment has been minimized.

longsleep added a commit to longsleep/golang-deb that referenced this issue Sep 4, 2019
Skip tests which requre userns support
Launchpad has no support for userns and the tests in the Go source are
insufficient to detect that it is not supported. This change disables
those tests when building this package.

Refrence: golang/go#34015
@gopherbot

This comment has been minimized.

Copy link

commented Sep 17, 2019

Change https://golang.org/cl/195738 mentions this issue: syscall: skip TestAmbientCapsUserns if user namespaces are not supported

@tklauser

This comment has been minimized.

Copy link
Member

commented Sep 17, 2019

@LocutusOfBorg @longsleep Could you please check whether https://golang.org/cl/195738 fixes the test failure for you?

@gopherbot gopherbot closed this in d3595f7 Sep 18, 2019

@LocutusOfBorg

This comment has been minimized.

Copy link
Author

commented Sep 18, 2019

Hello, looks like still failing...

 ok strings 0.272s
ok sync 0.513s
ok sync/atomic 0.077s
--- FAIL: TestAmbientCapsUserns (0.02s)
    exec_linux_test.go:672: fork/exec /tmp/gotest797948891: operation not permitted
FAIL
FAIL syscall 0.142s
ok testing 0.098s
@LocutusOfBorg

This comment has been minimized.

Copy link
Author

commented Sep 18, 2019

In my case, the kernel is 5.3, so the patch is not skipping the test...

FWIW we have new systemd 241, so maybe /tmp is not able anymore to fork processes?
e.g. now builders have sticky bit in /tmp

@tklauser

This comment has been minimized.

Copy link
Member

commented Sep 18, 2019

Thanks for the feedback @LocutusOfBorg. Reopening the issue for further investigation.

@tklauser tklauser reopened this Sep 18, 2019

@tklauser

This comment has been minimized.

Copy link
Member

commented Sep 19, 2019

Trying the instructions in #34015 (comment) I was able to reproduce this in a chroot. I think we need to check in TestAmbientCapsUserns whether we're chrooted like it is already done for all other tests involving user namespaces, see the comment here:

if isChrooted(t) {
// create_user_ns in the kernel (see
// https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/kernel/user_namespace.c)
// forbids the creation of user namespaces when chrooted.
t.Skip("cannot create user namespaces when chrooted")
}

@LocutusOfBorg do you only see the issue inside a chroot or also outside?

@gopherbot

This comment has been minimized.

Copy link

commented Sep 19, 2019

Change https://golang.org/cl/196500 mentions this issue: syscall: extend skip criteria for TestAmbientCapsUserns

gopherbot pushed a commit that referenced this issue Sep 19, 2019
syscall: extend skip criteria for TestAmbientCapsUserns
TestAmbientCapsUserns also needs to be skipped, e.g. in case the test is
run inside a chroot.

Updates #34015

Change-Id: I53913432fe9408217edfe64619adbfd911a51a7a
Reviewed-on: https://go-review.googlesource.com/c/go/+/196500
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.