Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

syscall: test failures on CentOS #19296

Closed
ghost opened this issue Feb 27, 2017 · 8 comments
Closed

syscall: test failures on CentOS #19296

ghost opened this issue Feb 27, 2017 · 8 comments
Labels
FrozenDueToAge help wanted NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. OS-Linux Testing An issue that has been verified to require only test changes, not just a test failure. WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Milestone

Comments

@ghost
Copy link

ghost commented Feb 27, 2017

Testing packages.

ok sync/atomic 0.017s
--- FAIL: TestCloneNEWUSERAndRemapRootDisableSetgroups (0.00s)
exec_linux_test.go:81: Cmd failed with err fork/exec /usr/bin/whoami: invalid argument, output:
--- FAIL: TestCloneNEWUSERAndRemapRootEnableSetgroups (0.00s)
exec_linux_test.go:81: Cmd failed with err fork/exec /usr/bin/whoami: invalid argument, output:
--- FAIL: TestEmptyCredGroupsDisableSetgroups (0.00s)
exec_linux_test.go:129: fork/exec /usr/bin/whoami: invalid argument
--- FAIL: TestGroupCleanupUserNamespace (0.00s)
exec_linux_test.go:238: Cmd failed with err fork/exec /usr/bin/id: invalid argument, output:
FAIL
FAIL syscall 0.057s
ok testing 1.130s

2017/02/27 10:18:18 Failed: exit status 1

LSB Version: :core-4.1-amd64:core-4.1-noarch
Distributor ID: CentOS
Description: CentOS Linux release 7.2.1511 (Core)
Release: 7.2.1511
Codename: Core

@bradfitz bradfitz changed the title install 1.8 FAIL syscall syscall: test failures on CentOS Feb 27, 2017
@bradfitz bradfitz added this to the Go1.9 milestone Feb 27, 2017
@bradfitz bradfitz added help wanted NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Testing An issue that has been verified to require only test changes, not just a test failure. labels Feb 27, 2017
@bradfitz
Copy link
Contributor

/cc @ianlancetaylor @minux

@mattn
Copy link
Member

mattn commented Feb 27, 2017

package main

import (
    "log"
    "os/exec"
    "syscall"
)

func main() {
    cmd := exec.Command("whoami")
    cmd.SysProcAttr = &syscall.SysProcAttr{
        Cloneflags: syscall.CLONE_NEWUSER,
        UidMappings: []syscall.SysProcIDMap{
            {ContainerID: 0, HostID: 505, Size: 1},
        },
        GidMappings: []syscall.SysProcIDMap{
            {ContainerID: 0, HostID: 505, Size: 1},
        },
        GidMappingsEnableSetgroups: true,
    }
    b, err := cmd.CombinedOutput()
    if err != nil {
        log.Fatal(err)
    }
    println(string(b))
}

505 is my uid/gid on my environment. Then sudo ./whoami return 2017/02/27 18:02:05 fork/exec /usr/bin/whoami: no such file or directory, whoami exists in /usr/bin/whoami.

@ianlancetaylor
Copy link
Contributor

@mattn Your test when running as root passes for me on Ubuntu Trusty but fails with no such file or directory on CentOS 7. The CentOS 7 error is indicating that the parent process fails to open /proc/PID/uid_map where PID is the child. That is how UidMappings is implemented. This is consistent with running ls /proc/self/; on Ubuntu Trusty I see the file /proc/self/uid_map, on CentOS 7 I do not. I conclude that the UidMappings (and GidMappings) fields do not work on CentOS 7.

When I run Go tip on CentOS the syscall tests all pass, whether I run them as a normal user or as root. The original poster is clearly running as root (probably a bad idea). When I run the syscall tests as root with -test.v I see this (among other output):

--- SKIP: TestCloneNEWUSERAndRemapRootDisableSetgroups (0.00s)
	exec_linux_test.go:32: kernel doesn't support user namespaces
=== RUN   TestCloneNEWUSERAndRemapRootEnableSetgroups
--- SKIP: TestCloneNEWUSERAndRemapRootEnableSetgroups (0.00s)
	exec_linux_test.go:32: kernel doesn't support user namespaces
=== RUN   TestEmptyCredGroupsDisableSetgroups
--- SKIP: TestEmptyCredGroupsDisableSetgroups (0.00s)
	exec_linux_test.go:32: kernel doesn't support user namespaces
=== RUN   TestGroupCleanupUserNamespace
--- SKIP: TestGroupCleanupUserNamespace (0.00s)
	exec_linux_test.go:32: kernel doesn't support user namespaces

So apparently on my CentOS 7 system the test detects that the test will fail, but on the OP's it does not. The test is simply whether /proc/self/ns/user exists.

@tencert Does /proc/self/ns/user exist on your system?

Can you show us the output of go test -test.v syscall? Thanks.

@bradfitz
Copy link
Contributor

I can't reproduce when running as root on CentOS 7.3.1611 (Core).

I did need to fix the test a bit first. I sent CL 48191.

@gopherbot
Copy link

CL https://golang.org/cl/48191 mentions this issue.

@bradfitz bradfitz modified the milestones: Unplanned, Go1.9 Jul 12, 2017
gopherbot pushed a commit that referenced this issue Jul 12, 2017
Usually this test is skipped (on builders and when not root), so
people are unlikely to see this error.

Updates #19296

Change-Id: I3acb81260034dad8776c305f83d7cbac4b718e75
Reviewed-on: https://go-review.googlesource.com/48191
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
@bradfitz
Copy link
Contributor

Still waiting to hear from @mattn or @ghost on whether this is still reproducible and details if so.

@bradfitz bradfitz added the WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. label Jul 12, 2017
@mattn
Copy link
Member

mattn commented Jul 13, 2017

I'm sorry. I've already deleted vagrant guest that I executed the command. Now I tried this on centos7 just created, but this is not reproduced.

@bradfitz
Copy link
Contributor

Okay, will close this for now. Thanks.

@golang golang locked and limited conversation to collaborators Jul 13, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
FrozenDueToAge help wanted NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. OS-Linux Testing An issue that has been verified to require only test changes, not just a test failure. WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Projects
None yet
Development

No branches or pull requests

4 participants