From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id E65E2139348 for ; Tue, 13 Jul 2021 11:21:07 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0ED1DE0E78; Tue, 13 Jul 2021 11:21:07 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E8E7CE0E72 for ; Tue, 13 Jul 2021 11:21:06 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 19B9E342CFD for ; Tue, 13 Jul 2021 11:21:06 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 706E47DC for ; Tue, 13 Jul 2021 11:21:03 +0000 (UTC) From: "Marek Szuba" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Marek Szuba" Message-ID: <1626175254.ea8a4b3bcf6a0a57f7cdb8e4d37ff62d099cb6a4.marecki@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: dev-util/ltrace/ X-VCS-Repository: repo/gentoo X-VCS-Files: dev-util/ltrace/ltrace-0.7.3.6.1.ebuild dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild X-VCS-Directories: dev-util/ltrace/ X-VCS-Committer: marecki X-VCS-Committer-Name: Marek Szuba X-VCS-Revision: ea8a4b3bcf6a0a57f7cdb8e4d37ff62d099cb6a4 X-VCS-Branch: master Date: Tue, 13 Jul 2021 11:21:03 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 0d162c0d-bac9-461e-8c86-083630f48cc0 X-Archives-Hash: bd9d14861b1ae37c0f5eff62292a9eb4 commit: ea8a4b3bcf6a0a57f7cdb8e4d37ff62d099cb6a4 Author: Marek Szuba gentoo org> AuthorDate: Tue Jul 13 10:57:54 2021 +0000 Commit: Marek Szuba gentoo org> CommitDate: Tue Jul 13 11:20:54 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ea8a4b3b dev-util/ltrace: skip the attach-process test On modern kernels with the Yama security module enabled the default ptrace behaviour is that a process must have a predefined relationship with the inferior it wants to call ``PTRACE_ATTACH`` on, with two additional modes restricting process tracing even more; for details see [1]. As a result, unless Yama is explicitly reset to classic ptrace permissions the ltrace attach-process test fails due to insufficient permissions - regardless of the sandbox, or even when the test suite is run manually with no involvement of a Gentoo package manager. We could in principle modify the test in question to be compatible with restricted-ptrace mode, however it would still fail on systems with Yama in admin-attach and no-attach mode. Between that and requiring the user to reconfigure Yama prior to running this test being IMHO a Bad Idea, just don't bother with this test at all. [1] https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html Closes: https://bugs.gentoo.org/729046 Signed-off-by: Marek Szuba gentoo.org> dev-util/ltrace/ltrace-0.7.3.6.1.ebuild | 4 ++++ dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild b/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild index 9fd7b01b854..9bb71a61718 100644 --- a/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild +++ b/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild @@ -71,6 +71,10 @@ src_configure() { } src_test() { + # On kernels with Yama enabled this will not run, even without sandbox, + # unless /proc/sys/kernel/yama/ptrace_scope == 0. Just don't bother. + # Note: we only delete it here in order to avoid Makefile.am patching. + rm -f testsuite/ltrace.minor/attach-process.exp # sandbox redirects vfork() to fork(): bug # 774054 # Let's avoid sandbox entirely. SANDBOX_ON=0 LD_PRELOAD= emake check diff --git a/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild b/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild index beb325aa49c..3b6aafcb34d 100644 --- a/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild +++ b/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild @@ -70,6 +70,10 @@ src_configure() { } src_test() { + # On kernels with Yama enabled this will not run, even without sandbox, + # unless /proc/sys/kernel/yama/ptrace_scope == 0. Just don't bother. + # Note: we only delete it here in order to avoid Makefile.am patching. + rm -f testsuite/ltrace.minor/attach-process.exp # sandbox redirects vfork() to fork(): bug # 774054 # Let's avoid sandbox entirely. SANDBOX_ON=0 LD_PRELOAD= emake check