1 |
commit: ea8a4b3bcf6a0a57f7cdb8e4d37ff62d099cb6a4 |
2 |
Author: Marek Szuba <marecki <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Jul 13 10:57:54 2021 +0000 |
4 |
Commit: Marek Szuba <marecki <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Jul 13 11:20:54 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ea8a4b3b |
7 |
|
8 |
dev-util/ltrace: skip the attach-process test |
9 |
|
10 |
On modern kernels with the Yama security module enabled the default |
11 |
ptrace behaviour is that a process must have a predefined relationship |
12 |
with the inferior it wants to call ``PTRACE_ATTACH`` on, with two |
13 |
additional modes restricting process tracing even more; for details see |
14 |
[1]. As a result, unless Yama is explicitly reset to classic ptrace |
15 |
permissions the ltrace attach-process test fails due to |
16 |
insufficient permissions - regardless of the sandbox, or even when the |
17 |
test suite is run manually with no involvement of a Gentoo package |
18 |
manager. |
19 |
|
20 |
We could in principle modify the test in question to be compatible with |
21 |
restricted-ptrace mode, however it would still fail on systems with |
22 |
Yama in admin-attach and no-attach mode. Between that and requiring the |
23 |
user to reconfigure Yama prior to running this test being IMHO a Bad |
24 |
Idea, just don't bother with this test at all. |
25 |
|
26 |
[1] https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html |
27 |
|
28 |
Closes: https://bugs.gentoo.org/729046 |
29 |
Signed-off-by: Marek Szuba <marecki <AT> gentoo.org> |
30 |
|
31 |
dev-util/ltrace/ltrace-0.7.3.6.1.ebuild | 4 ++++ |
32 |
dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild | 4 ++++ |
33 |
2 files changed, 8 insertions(+) |
34 |
|
35 |
diff --git a/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild b/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild |
36 |
index 9fd7b01b854..9bb71a61718 100644 |
37 |
--- a/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild |
38 |
+++ b/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild |
39 |
@@ -71,6 +71,10 @@ src_configure() { |
40 |
} |
41 |
|
42 |
src_test() { |
43 |
+ # On kernels with Yama enabled this will not run, even without sandbox, |
44 |
+ # unless /proc/sys/kernel/yama/ptrace_scope == 0. Just don't bother. |
45 |
+ # Note: we only delete it here in order to avoid Makefile.am patching. |
46 |
+ rm -f testsuite/ltrace.minor/attach-process.exp |
47 |
# sandbox redirects vfork() to fork(): bug # 774054 |
48 |
# Let's avoid sandbox entirely. |
49 |
SANDBOX_ON=0 LD_PRELOAD= emake check |
50 |
|
51 |
diff --git a/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild b/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild |
52 |
index beb325aa49c..3b6aafcb34d 100644 |
53 |
--- a/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild |
54 |
+++ b/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild |
55 |
@@ -70,6 +70,10 @@ src_configure() { |
56 |
} |
57 |
|
58 |
src_test() { |
59 |
+ # On kernels with Yama enabled this will not run, even without sandbox, |
60 |
+ # unless /proc/sys/kernel/yama/ptrace_scope == 0. Just don't bother. |
61 |
+ # Note: we only delete it here in order to avoid Makefile.am patching. |
62 |
+ rm -f testsuite/ltrace.minor/attach-process.exp |
63 |
# sandbox redirects vfork() to fork(): bug # 774054 |
64 |
# Let's avoid sandbox entirely. |
65 |
SANDBOX_ON=0 LD_PRELOAD= emake check |