Bug 24816 - nss/tst-nss-files-hosts-long fails when no interface has AF_INET6 address (ie docker)
Summary: nss/tst-nss-files-hosts-long fails when no interface has AF_INET6 address (ie...
Status: UNCONFIRMED
Alias: None
Product: glibc
Classification: Unclassified
Component: nss (show other bugs)
Version: 2.30
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-07-17 12:31 UTC by Romain Geissler
Modified: 2019-07-17 13:26 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Romain Geissler 2019-07-17 12:31:19 UTC
Hi,

I am running the glibc build and test suite in a Docker container. Everything works, except the newly added nss/tst-nss-files-hosts-long which works for IPv4 but fails with IPv6. Even without long lines in /etc/hosts, getent always returns the exit code 2. After using "strace", it looks like "getent" fails before /etc/hosts is even opened, it fails after we receive the interfaces address from the socket AF_NETLINK which lists no AF_INET6 interfaces.

Also running this in docker confirms I have no ipv6 inside the container:

ubuntu@olaf:~> docker run --rm debian ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
10: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever

I am testing this patch which I will submit if it works:

commit 9f580abbdc43b7f69dd8959ccf860f0f59bd167b (HEAD -> master)
Author: Romain Geissler <romain.geissler@amadeus.com>
Date:   Wed Jul 17 12:29:21 2019 +0000

    Fix nss/tst-nss-files-hosts-long.c when there is no IPv6 support.

diff --git a/nss/tst-nss-files-hosts-long.c b/nss/tst-nss-files-hosts-long.c
index 32f849e481b..aa79b88e41a 100644
--- a/nss/tst-nss-files-hosts-long.c
+++ b/nss/tst-nss-files-hosts-long.c
@@ -22,6 +22,31 @@
 #include <stdlib.h>
 #include <nss.h>
 #include <support/check.h>
+#include <ifaddrs.h>
+
+static int
+supports_inet_family(int family)
+{
+  struct ifaddrs *ifaddr, *ifa;
+  int ret = 0;
+
+  if (getifaddrs(&ifaddr) == -1)
+    FAIL_EXIT1("getifaddrs failed");
+
+  for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) {
+    if (ifa->ifa_addr == NULL)
+      continue;
+
+    if (ifa->ifa_addr->sa_family == family) {
+      ret = 1;
+      break;
+    }
+  }
+
+  freeifaddrs(ifaddr);
+
+  return ret;
+}

 static int
 do_test (void)
@@ -30,14 +55,20 @@ do_test (void)

   /* Run getent to fetch the IPv4 address for host test4.
      This forces /etc/hosts to be parsed.  */
-  ret = system("getent ahostsv4 test4");
-  if (ret != 0)
-    FAIL_EXIT1("ahostsv4 failed");
-
-  /* Likewise for IPv6.  */
-  ret = system("getent ahostsv6 test6");
-  if (ret != 0)
-    FAIL_EXIT1("ahostsv6 failed");
+  if (supports_inet_family(AF_INET))
+  {
+    ret = system("getent ahostsv4 test4");
+    if (ret != 0)
+      FAIL_EXIT1("ahostsv4 failed");
+  }
+
+    /* Likewise for IPv6.  */
+  if (supports_inet_family(AF_INET6))
+  {
+    ret = system("getent ahostsv6 test6");
+    if (ret != 0)
+      FAIL_EXIT1("ahostsv6 failed");
+  }

   exit (0);
 }

Cheers,
Romain
Comment 1 Florian Weimer 2019-07-17 13:26:29 UTC
FYI, I tested this against my own nss/tst-nss-files-hosts-long failure, and your patch does NOT fix that.  It would have been to easy. 8-(

But it looks this is a step in the right direction.  Would you please post the patch to the mailing list?  Thanks.