This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.28.9000-351-gb2e93de
- From: dj at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 4 Dec 2018 05:04:24 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.28.9000-351-gb2e93de
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via b2e93de0ffedcfe2cfba100d47a4d4f6f85cea0b (commit)
from 477a02f63751c4b759ddd9454d17f2a7ad120ee3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b2e93de0ffedcfe2cfba100d47a4d4f6f85cea0b
commit b2e93de0ffedcfe2cfba100d47a4d4f6f85cea0b
Author: DJ Delorie <dj@redhat.com>
Date: Tue Dec 4 00:03:12 2018 -0500
test-container: add "su" command to run test as root, add unshare hints
* support/test-container.c (check_for_unshare_hints): New.
(main): Call it if unshare fails. Add support for "su" scriptlet
command.
diff --git a/ChangeLog b/ChangeLog
index a7adb8b..b151078 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2018-12-03 DJ Delorie <dj@delorie.com>
+
+ * support/test-container.c (check_for_unshare_hints): New.
+ (main): Call it if unshare fails. Add support for "su" scriptlet
+ command.
+
2018-12-03 Joseph Myers <joseph@codesourcery.com>
* scripts/gen-as-const.py (compute_c_consts): Take an argument
diff --git a/support/test-container.c b/support/test-container.c
index b58f0f7..df450ad 100644
--- a/support/test-container.c
+++ b/support/test-container.c
@@ -88,15 +88,22 @@ int verbose = 0;
* mytest.root/ is rsync'd into container
* mytest.root/preclean.req causes fresh rsync (with delete) before
test if present
- * mytest.root/mytset.script has a list of "commands" to run:
+ * mytest.root/mytest.script has a list of "commands" to run:
syntax:
# comment
+ su
mv FILE FILE
cp FILE FILE
rm FILE
FILE must start with $B/, $S/, $I/, $L/, or /
(expands to build dir, source dir, install dir, library dir
(in container), or container's root)
+ details:
+ - '#': A comment.
+ - 'su': Enables running test as root in the container.
+ - 'mv': A minimal move files command.
+ - 'cp': A minimal copy files command.
+ - 'rm': A minimal remove files command.
* mytest.root/postclean.req causes fresh rsync (with delete) after
test if present
@@ -349,6 +356,7 @@ recursive_remove (char *path)
switch (child) {
case -1:
+ perror("fork");
FAIL_EXIT1 ("Unable to fork");
case 0:
/* Child. */
@@ -610,6 +618,47 @@ rsync (char *src, char *dest, int and_delete)
}
�
+
+/* See if we can detect what the user needs to do to get unshare
+ support working for us. */
+void
+check_for_unshare_hints (void)
+{
+ FILE *f;
+ int i;
+
+ /* Default Debian Linux disables user namespaces, but allows a way
+ to enable them. */
+ f = fopen ("/proc/sys/kernel/unprivileged_userns_clone", "r");
+ if (f != NULL)
+ {
+ i = 99; /* Sentinel. */
+ fscanf (f, "%d", &i);
+ if (i == 0)
+ {
+ printf ("To enable test-container, please run this as root:\n");
+ printf (" echo 1 > /proc/sys/kernel/unprivileged_userns_clone\n");
+ }
+ fclose (f);
+ return;
+ }
+
+ /* ALT Linux has an alternate way of doing the same. */
+ f = fopen ("/proc/sys/kernel/userns_restrict", "r");
+ if (f != NULL)
+ {
+ i = 99; /* Sentinel. */
+ fscanf (f, "%d", &i);
+ if (i == 1)
+ {
+ printf ("To enable test-container, please run this as root:\n");
+ printf (" echo 0 > /proc/sys/kernel/userns_restrict\n");
+ }
+ fclose (f);
+ return;
+ }
+}
+
int
main (int argc, char **argv)
{
@@ -628,6 +677,8 @@ main (int argc, char **argv)
uid_t original_uid;
gid_t original_gid;
+ /* If set, the test runs as root instead of the user running the testsuite. */
+ int be_su = 0;
int UMAP;
int GMAP;
/* Used for "%lld %lld 1" so need not be large. */
@@ -857,6 +908,10 @@ main (int argc, char **argv)
{
maybe_xunlink (the_words[1]);
}
+ else if (nt == 1 && strcmp (the_words[0], "su") == 0)
+ {
+ be_su = 1;
+ }
else if (nt > 0 && the_words[0][0] != '#')
{
printf ("\033[31minvalid [%s]\033[0m\n", the_words[0]);
@@ -873,7 +928,12 @@ main (int argc, char **argv)
/* Older kernels may not support all the options, or security
policy may block this call. */
if (errno == EINVAL || errno == EPERM)
- FAIL_UNSUPPORTED ("unable to unshare user/fs: %s", strerror (errno));
+ {
+ int saved_errno = errno;
+ if (errno == EPERM)
+ check_for_unshare_hints ();
+ FAIL_UNSUPPORTED ("unable to unshare user/fs: %s", strerror (saved_errno));
+ }
else
FAIL_EXIT1 ("unable to unshare user/fs: %s", strerror (errno));
}
@@ -952,7 +1012,7 @@ main (int argc, char **argv)
FAIL_EXIT1 ("can't write to /proc/self/uid_map\n");
sprintf (tmp, "%lld %lld 1\n",
- (long long) original_uid, (long long) original_uid);
+ (long long) (be_su ? 0 : original_uid), (long long) original_uid);
write (UMAP, tmp, strlen (tmp));
xclose (UMAP);
@@ -973,7 +1033,7 @@ main (int argc, char **argv)
FAIL_EXIT1 ("can't write to /proc/self/gid_map\n");
sprintf (tmp, "%lld %lld 1\n",
- (long long) original_gid, (long long) original_gid);
+ (long long) (be_su ? 0 : original_gid), (long long) original_gid);
write (GMAP, tmp, strlen (tmp));
xclose (GMAP);
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 6 ++++
support/test-container.c | 68 +++++++++++++++++++++++++++++++++++++++++++---
2 files changed, 70 insertions(+), 4 deletions(-)
hooks/post-receive
--
GNU C Library master sources