Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

syscall: TestAmbientCapsUserns test failing with operation not permitted #34015

Closed
LocutusOfBorg opened this issue Sep 2, 2019 · 22 comments
Closed

Comments

@LocutusOfBorg
Copy link

@LocutusOfBorg LocutusOfBorg commented Sep 2, 2019

What version of Go are you using (go version)?

$ go version
1.13-rc2

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

Ubuntu devel, 19.10

What did you do?

trying to build the source code, I get

ok  	sync/atomic	0.047s
--- FAIL: TestAmbientCapsUserns (0.00s)
    exec_linux_test.go:667: fork/exec /tmp/gotest465803457: operation not permitted
FAIL
FAIL	syscall	0.033s

I suspect Ubuntu builders should ignore that test?

@ALTree
Copy link
Member

@ALTree ALTree commented Sep 2, 2019

Thanks for reporting this.

I doubt this is related to #12815. This look yet another variant of #30698. We already try to detect Kernel configurations that would make the test fail (CL 166460, CL 180877) but the current checks are possibly not exhaustive.

@ALTree ALTree changed the title build failure in Ubuntu (see issue: #12815) syscall: TestAmbientCapsUserns test failing with operation not permitted Sep 2, 2019
@ALTree
Copy link
Member

@ALTree ALTree commented Sep 2, 2019

Also, please note that this is not a build failure (i.e.: the code does not compile). The package compiles just fine, this is just a test failing. You can run make.bash instead of all.bash and the toolchain should be built without errors.

@ALTree ALTree added this to the Go1.14 milestone Sep 2, 2019
@LocutusOfBorg
Copy link
Author

@LocutusOfBorg LocutusOfBorg commented Sep 2, 2019

this is what we run...

        set -ex; \
                cd src; \
                export PATH="$(GOROOT)/bin:$$PATH"; \
                eval "$$(go tool dist env)"; \
                bash run.bash -k -no-rebuild;
@LocutusOfBorg
Copy link
Author

@LocutusOfBorg LocutusOfBorg commented Sep 2, 2019

interesting this fails also in pbuilder chroot configuration...

@LocutusOfBorg
Copy link
Author

@LocutusOfBorg LocutusOfBorg commented Sep 2, 2019

I can provide information if needed! Such as kernel configuration (Ubuntu 18.04 amd64 default one),
and steps to reproduce on a clean debian/ubuntu environment

@ALTree
Copy link
Member

@ALTree ALTree commented Sep 2, 2019

I can provide information if needed! Such as kernel configuration (Ubuntu 18.04 amd64 default one), and steps to reproduce on a clean debian/ubuntu environment

@LocutusOfBorg Yes please. It'll help with the investigation. Thanks.

@LocutusOfBorg
Copy link
Author

@LocutusOfBorg LocutusOfBorg commented Sep 3, 2019

on a Debian/Ubuntu system (I'm using ubuntu 18.04 LTS amd64)

pbuilder-dist sid create
pbuilder-dist sid login (remember the directory where the chroot is extracted)
pull-debian-source golang-1.13

copy the downloaded files into the chroot

go inside the chroot (the login command above does it)
cd golang-*
apt build-dep ../golang*dsc
dpkg-buildpackage

enjoy your failure!

Of course, inside the chroot you can install/play with whatever you want, install git, download stuff and so on...

@LocutusOfBorg
Copy link
Author

@LocutusOfBorg LocutusOfBorg commented Sep 3, 2019

inside an Ubuntu/Debian machine you probably just need to install "ubuntu-dev-tools"

@LocutusOfBorg
Copy link
Author

@LocutusOfBorg LocutusOfBorg commented Sep 3, 2019

This is my default kernel configuration

config-5.0.0-25-generic.txt

longsleep added a commit to longsleep/golang-deb that referenced this issue Sep 4, 2019
Launchpad has no support for userns and the tests in the Go source are
insufficient to detect that it is not supported. This change disables
those tests when building this package.

Refrence: golang/go#34015
@gopherbot
Copy link

@gopherbot gopherbot commented Sep 17, 2019

Change https://golang.org/cl/195738 mentions this issue: syscall: skip TestAmbientCapsUserns if user namespaces are not supported

@tklauser
Copy link
Member

@tklauser tklauser commented Sep 17, 2019

@LocutusOfBorg @longsleep Could you please check whether https://golang.org/cl/195738 fixes the test failure for you?

@gopherbot gopherbot closed this in d3595f7 Sep 18, 2019
@LocutusOfBorg
Copy link
Author

@LocutusOfBorg LocutusOfBorg commented Sep 18, 2019

Hello, looks like still failing...

 ok strings 0.272s
ok sync 0.513s
ok sync/atomic 0.077s
--- FAIL: TestAmbientCapsUserns (0.02s)
    exec_linux_test.go:672: fork/exec /tmp/gotest797948891: operation not permitted
FAIL
FAIL syscall 0.142s
ok testing 0.098s
@LocutusOfBorg
Copy link
Author

@LocutusOfBorg LocutusOfBorg commented Sep 18, 2019

In my case, the kernel is 5.3, so the patch is not skipping the test...

FWIW we have new systemd 241, so maybe /tmp is not able anymore to fork processes?
e.g. now builders have sticky bit in /tmp

@tklauser
Copy link
Member

@tklauser tklauser commented Sep 18, 2019

Thanks for the feedback @LocutusOfBorg. Reopening the issue for further investigation.

@tklauser tklauser reopened this Sep 18, 2019
@tklauser
Copy link
Member

@tklauser tklauser commented Sep 19, 2019

Trying the instructions in #34015 (comment) I was able to reproduce this in a chroot. I think we need to check in TestAmbientCapsUserns whether we're chrooted like it is already done for all other tests involving user namespaces, see the comment here:

if isChrooted(t) {
// create_user_ns in the kernel (see
// https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/kernel/user_namespace.c)
// forbids the creation of user namespaces when chrooted.
t.Skip("cannot create user namespaces when chrooted")
}

@LocutusOfBorg do you only see the issue inside a chroot or also outside?

@gopherbot
Copy link

@gopherbot gopherbot commented Sep 19, 2019

Change https://golang.org/cl/196500 mentions this issue: syscall: extend skip criteria for TestAmbientCapsUserns

gopherbot pushed a commit that referenced this issue Sep 19, 2019
TestAmbientCapsUserns also needs to be skipped, e.g. in case the test is
run inside a chroot.

Updates #34015

Change-Id: I53913432fe9408217edfe64619adbfd911a51a7a
Reviewed-on: https://go-review.googlesource.com/c/go/+/196500
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
@LocutusOfBorg
Copy link
Author

@LocutusOfBorg LocutusOfBorg commented Sep 20, 2019

@tklauser only inside chroots, Ubuntu builders can't build outside.

In my machine, and local builds are good

@tklauser
Copy link
Member

@tklauser tklauser commented Sep 20, 2019

@LocutusOfBorg thanks for confirming. Thus considering this fixed by https://golang.org/cl/196500 which skips TestAmbientCapsUserns in case of the test running in a chroot.

@tklauser tklauser closed this Sep 20, 2019
@LocutusOfBorg
Copy link
Author

@LocutusOfBorg LocutusOfBorg commented Sep 21, 2019

thanks!
I'll happily drop my patch on the next upstream release...
unfortunately that commit doesn't apply on top of the official 1.13 version, so I'll wait for the next tarball :)

@LocutusOfBorg
Copy link
Author

@LocutusOfBorg LocutusOfBorg commented Nov 2, 2019

Hello, we had a few golang 1.13 releases since 20 September, but none including this patch...

@ALTree
Copy link
Member

@ALTree ALTree commented Nov 2, 2019

@LocutusOfBorg we generally don't backport fixes to tests to minor releases.

See: https://github.com/golang/go/wiki/MinorReleases

@golang golang locked and limited conversation to collaborators Nov 1, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.