| 1 |
commit: ea8a4b3bcf6a0a57f7cdb8e4d37ff62d099cb6a4 |
| 2 |
Author: Marek Szuba <marecki <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Tue Jul 13 10:57:54 2021 +0000 |
| 4 |
Commit: Marek Szuba <marecki <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Tue Jul 13 11:20:54 2021 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ea8a4b3b |
| 7 |
|
| 8 |
dev-util/ltrace: skip the attach-process test |
| 9 |
|
| 10 |
On modern kernels with the Yama security module enabled the default |
| 11 |
ptrace behaviour is that a process must have a predefined relationship |
| 12 |
with the inferior it wants to call ``PTRACE_ATTACH`` on, with two |
| 13 |
additional modes restricting process tracing even more; for details see |
| 14 |
[1]. As a result, unless Yama is explicitly reset to classic ptrace |
| 15 |
permissions the ltrace attach-process test fails due to |
| 16 |
insufficient permissions - regardless of the sandbox, or even when the |
| 17 |
test suite is run manually with no involvement of a Gentoo package |
| 18 |
manager. |
| 19 |
|
| 20 |
We could in principle modify the test in question to be compatible with |
| 21 |
restricted-ptrace mode, however it would still fail on systems with |
| 22 |
Yama in admin-attach and no-attach mode. Between that and requiring the |
| 23 |
user to reconfigure Yama prior to running this test being IMHO a Bad |
| 24 |
Idea, just don't bother with this test at all. |
| 25 |
|
| 26 |
[1] https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html |
| 27 |
|
| 28 |
Closes: https://bugs.gentoo.org/729046 |
| 29 |
Signed-off-by: Marek Szuba <marecki <AT> gentoo.org> |
| 30 |
|
| 31 |
dev-util/ltrace/ltrace-0.7.3.6.1.ebuild | 4 ++++ |
| 32 |
dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild | 4 ++++ |
| 33 |
2 files changed, 8 insertions(+) |
| 34 |
|
| 35 |
diff --git a/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild b/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild |
| 36 |
index 9fd7b01b854..9bb71a61718 100644 |
| 37 |
--- a/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild |
| 38 |
+++ b/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild |
| 39 |
@@ -71,6 +71,10 @@ src_configure() { |
| 40 |
} |
| 41 |
|
| 42 |
src_test() { |
| 43 |
+ # On kernels with Yama enabled this will not run, even without sandbox, |
| 44 |
+ # unless /proc/sys/kernel/yama/ptrace_scope == 0. Just don't bother. |
| 45 |
+ # Note: we only delete it here in order to avoid Makefile.am patching. |
| 46 |
+ rm -f testsuite/ltrace.minor/attach-process.exp |
| 47 |
# sandbox redirects vfork() to fork(): bug # 774054 |
| 48 |
# Let's avoid sandbox entirely. |
| 49 |
SANDBOX_ON=0 LD_PRELOAD= emake check |
| 50 |
|
| 51 |
diff --git a/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild b/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild |
| 52 |
index beb325aa49c..3b6aafcb34d 100644 |
| 53 |
--- a/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild |
| 54 |
+++ b/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild |
| 55 |
@@ -70,6 +70,10 @@ src_configure() { |
| 56 |
} |
| 57 |
|
| 58 |
src_test() { |
| 59 |
+ # On kernels with Yama enabled this will not run, even without sandbox, |
| 60 |
+ # unless /proc/sys/kernel/yama/ptrace_scope == 0. Just don't bother. |
| 61 |
+ # Note: we only delete it here in order to avoid Makefile.am patching. |
| 62 |
+ rm -f testsuite/ltrace.minor/attach-process.exp |
| 63 |
# sandbox redirects vfork() to fork(): bug # 774054 |
| 64 |
# Let's avoid sandbox entirely. |
| 65 |
SANDBOX_ON=0 LD_PRELOAD= emake check |
Archives