Gentoo Archives: gentoo-commits

From: Marek Szuba <marecki@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-util/ltrace/
Date: Tue, 13 Jul 2021 11:21:07
Message-Id: 1626175254.ea8a4b3bcf6a0a57f7cdb8e4d37ff62d099cb6a4.marecki@gentoo
1 commit: ea8a4b3bcf6a0a57f7cdb8e4d37ff62d099cb6a4
2 Author: Marek Szuba <marecki <AT> gentoo <DOT> org>
3 AuthorDate: Tue Jul 13 10:57:54 2021 +0000
4 Commit: Marek Szuba <marecki <AT> gentoo <DOT> org>
5 CommitDate: Tue Jul 13 11:20:54 2021 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ea8a4b3b
7
8 dev-util/ltrace: skip the attach-process test
9
10 On modern kernels with the Yama security module enabled the default
11 ptrace behaviour is that a process must have a predefined relationship
12 with the inferior it wants to call ``PTRACE_ATTACH`` on, with two
13 additional modes restricting process tracing even more; for details see
14 [1]. As a result, unless Yama is explicitly reset to classic ptrace
15 permissions the ltrace attach-process test fails due to
16 insufficient permissions - regardless of the sandbox, or even when the
17 test suite is run manually with no involvement of a Gentoo package
18 manager.
19
20 We could in principle modify the test in question to be compatible with
21 restricted-ptrace mode, however it would still fail on systems with
22 Yama in admin-attach and no-attach mode. Between that and requiring the
23 user to reconfigure Yama prior to running this test being IMHO a Bad
24 Idea, just don't bother with this test at all.
25
26 [1] https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html
27
28 Closes: https://bugs.gentoo.org/729046
29 Signed-off-by: Marek Szuba <marecki <AT> gentoo.org>
30
31 dev-util/ltrace/ltrace-0.7.3.6.1.ebuild | 4 ++++
32 dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild | 4 ++++
33 2 files changed, 8 insertions(+)
34
35 diff --git a/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild b/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild
36 index 9fd7b01b854..9bb71a61718 100644
37 --- a/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild
38 +++ b/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild
39 @@ -71,6 +71,10 @@ src_configure() {
40 }
41
42 src_test() {
43 + # On kernels with Yama enabled this will not run, even without sandbox,
44 + # unless /proc/sys/kernel/yama/ptrace_scope == 0. Just don't bother.
45 + # Note: we only delete it here in order to avoid Makefile.am patching.
46 + rm -f testsuite/ltrace.minor/attach-process.exp
47 # sandbox redirects vfork() to fork(): bug # 774054
48 # Let's avoid sandbox entirely.
49 SANDBOX_ON=0 LD_PRELOAD= emake check
50
51 diff --git a/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild b/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild
52 index beb325aa49c..3b6aafcb34d 100644
53 --- a/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild
54 +++ b/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild
55 @@ -70,6 +70,10 @@ src_configure() {
56 }
57
58 src_test() {
59 + # On kernels with Yama enabled this will not run, even without sandbox,
60 + # unless /proc/sys/kernel/yama/ptrace_scope == 0. Just don't bother.
61 + # Note: we only delete it here in order to avoid Makefile.am patching.
62 + rm -f testsuite/ltrace.minor/attach-process.exp
63 # sandbox redirects vfork() to fork(): bug # 774054
64 # Let's avoid sandbox entirely.
65 SANDBOX_ON=0 LD_PRELOAD= emake check