[gentoo-commits] repo/gentoo:master commit in: dev-util/ltrace/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Marek Szuba" <marecki@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-util/ltrace/
Date: Tue, 13 Jul 2021 11:21:03 +0000 (UTC)	[thread overview]
Message-ID: <1626175254.ea8a4b3bcf6a0a57f7cdb8e4d37ff62d099cb6a4.marecki@gentoo> (raw)

commit:     ea8a4b3bcf6a0a57f7cdb8e4d37ff62d099cb6a4
Author:     Marek Szuba <marecki <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 13 10:57:54 2021 +0000
Commit:     Marek Szuba <marecki <AT> gentoo <DOT> org>
CommitDate: Tue Jul 13 11:20:54 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ea8a4b3b

dev-util/ltrace: skip the attach-process test

On modern kernels with the Yama security module enabled the default
ptrace behaviour is that a process must have a predefined relationship
with the inferior it wants to call ``PTRACE_ATTACH`` on, with two
additional modes restricting process tracing even more; for details see
[1]. As a result, unless Yama is explicitly reset to classic ptrace
permissions the ltrace attach-process test fails due to
insufficient permissions - regardless of the sandbox, or even when the
test suite is run manually with no involvement of a Gentoo package
manager.

We could in principle modify the test in question to be compatible with
restricted-ptrace mode, however it would still fail on systems with
Yama in admin-attach and no-attach mode. Between that and requiring the
user to reconfigure Yama prior to running this test being IMHO a Bad
Idea, just don't bother with this test at all.

[1] https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html

Closes: https://bugs.gentoo.org/729046
Signed-off-by: Marek Szuba <marecki <AT> gentoo.org>

 dev-util/ltrace/ltrace-0.7.3.6.1.ebuild   | 4 ++++
 dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild b/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild
index 9fd7b01b854..9bb71a61718 100644
--- a/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild
+++ b/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild
@@ -71,6 +71,10 @@ src_configure() {
 }
 
 src_test() {
+	# On kernels with Yama enabled this will not run, even without sandbox,
+	# unless /proc/sys/kernel/yama/ptrace_scope == 0. Just don't bother.
+	# Note: we only delete it here in order to avoid Makefile.am patching.
+	rm -f testsuite/ltrace.minor/attach-process.exp
 	# sandbox redirects vfork() to fork(): bug # 774054
 	# Let's avoid sandbox entirely.
 	SANDBOX_ON=0 LD_PRELOAD= emake check

diff --git a/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild b/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild
index beb325aa49c..3b6aafcb34d 100644
--- a/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild
+++ b/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild
@@ -70,6 +70,10 @@ src_configure() {
 }
 
 src_test() {
+	# On kernels with Yama enabled this will not run, even without sandbox,
+	# unless /proc/sys/kernel/yama/ptrace_scope == 0. Just don't bother.
+	# Note: we only delete it here in order to avoid Makefile.am patching.
+	rm -f testsuite/ltrace.minor/attach-process.exp
 	# sandbox redirects vfork() to fork(): bug # 774054
 	# Let's avoid sandbox entirely.
 	SANDBOX_ON=0 LD_PRELOAD= emake check

next             reply	other threads:[~2021-07-13 11:21 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-13 11:21 Marek Szuba [this message]
  -- strict thread matches above, loose matches on Subject: below --
2023-12-22 11:55 [gentoo-commits] repo/gentoo:master commit in: dev-util/ltrace/ Marek Szuba
2023-08-04 11:31 Sam James
2023-07-15  8:19 Arthur Zamarin
2023-07-15  8:19 Arthur Zamarin
2023-04-03  6:50 Marek Szuba
2023-03-30 22:09 Marek Szuba
2023-03-30 22:09 Marek Szuba
2021-11-25 18:13 Marek Szuba
2021-11-18  8:39 Marek Szuba
2021-11-18  5:37 Sam James
2021-11-17 22:47 Sam James
2021-08-18 12:46 Agostino Sarubbo
2021-07-05  8:13 Sergei Trofimovich
2021-07-02 18:31 Marek Szuba
2021-07-02  9:18 Marek Szuba
2020-06-20 19:49 Sergei Trofimovich
2020-06-15 15:16 Agostino Sarubbo
2020-06-15 15:06 Agostino Sarubbo
2020-06-15 14:59 Agostino Sarubbo
2019-10-29 20:01 Sergei Trofimovich
2019-10-29 20:01 Sergei Trofimovich
2018-10-26 20:19 Sergei Trofimovich
2018-10-20 17:56 Mikle Kolyada
2018-10-18 11:31 Thomas Deutschmann
2018-07-13 19:30 Sergei Trofimovich
2017-08-27 21:22 Sergei Trofimovich
2016-04-02 16:59 Sergei Trofimovich
2016-03-23 16:03 Mike Frysinger
2016-02-06 17:43 Sergei Trofimovich

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:9fd7b01b85 dfblob:9bb71a6171 dfblob:beb325aa49
dfblob:3b6aafcb34 )
 OR (
bs:"[gentoo-commits] repo/gentoo:master commit in: dev-util/ltrace/" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1626175254.ea8a4b3bcf6a0a57f7cdb8e4d37ff62d099cb6a4.marecki@gentoo \
    --to=marecki@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox