Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

syscall: src/syscall/exec_linux_test.go assumes your UID is also your GID and fails on git tip #11220

Closed
siebenmann opened this issue Jun 15, 2015 · 6 comments
Closed

syscall: src/syscall/exec_linux_test.go assumes your UID is also your GID and fails on git tip #11220

siebenmann opened this issue Jun 15, 2015 · 6 comments
Labels
FrozenDueToAge
Milestone
Go1.5

Comments

@siebenmann
Copy link

On two 64-bit Fedora 21 machines running current kernels and configured without SELinux, current git tip fails self tests with:

--- FAIL: TestCloneNEWUSERAndRemapNoRootDisableSetgroups-4 (0.01s)
        exec_linux_test.go:45: Cmd failed with err fork/exec /usr/bin/whoami: operation not permitted, output: 
FAIL
FAIL    syscall 0.063s

Looking at strace output, the specific failure is an EPERM error writing to /proc/<new pid>/gid_map, although the open() succeeds; specifically it is trying to write '0 19 1\n' to the file. 19 is my UID, but it is not any of my GIDs. What's happening is that the test code implicitly assumes you are in a group that has the same numeric ID as your UID, which is not a safe assumption. When you are not, the kernel rejects the attempt to remap GID 0 to a group that you are not a member of.

I believe that the correct fix is to change things to pass whoamiCmd() the target GID explicitly. For the root versions this is 0, for the non-root versions it is os.Getgid(). A trial run of such a change passes all tests.
@ianlancetaylor
Copy link
Contributor

What kernel version?

@ianlancetaylor ianlancetaylor added this to the Go1.5 milestone Jun 15, 2015
@ianlancetaylor ianlancetaylor self-assigned this Jun 15, 2015
@siebenmann
Copy link
Author

I saw this on Fedora's 3.19.7 and 4.0.4 (64-bit) kernels.

@gopherbot
Copy link

CL https://golang.org/cl/11124 mentions this issue.

@ALTree
Copy link
Member

ALTree commented Jun 17, 2015

This test is failing for me at tip

go version devel +dd44d49 Wed Jun 17 20:00:06 2015 +0200 linux/amd64

$ uname -a
Linux gauss 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1 (2015-05-24) x86_64 GNU/Linux

./all.bash

--- FAIL: TestCloneNEWUSERAndRemapNoRootDisableSetgroups (0.00s)
    exec_linux_test.go:45: Cmd failed with err fork/exec /usr/bin/whoami: operation not permitted, output: 
FAIL
FAIL    syscall 0.022s

@ianlancetaylor
Copy link
Contributor

We've solved the problem that this issue describes, so you are encountering a different problem. Please open a new issue. Thanks.

It would be helpful if you could "go test -c syscall" and then "strace -f syscall.test -test.run=TestCloneNEWUSERAndRemapNoRootDisableSetgroups" so that we can see exactly what is failing. Thanks.

@ALTree
Copy link
Member

ALTree commented Jun 17, 2015

Done. Sorry for the noise.

@golang golang locked and limited conversation to collaborators Jun 25, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Go1.5
Development

No branches or pull requests
4 participants
@siebenmann @ianlancetaylor @ALTree @gopherbot