URL: <https://savannah.gnu.org/bugs/?61621>
Summary: unshare -Upf no longer works on make unless --disable-posix-spawn is given Project: make Submitted by: None Submitted on: Sun 05 Dec 2021 01:51:55 AM UTC Severity: 3 - Normal Item Group: Bug Status: None Privacy: Public Assigned to: None Open/Closed: Open Discussion Lock: Any Component Version: 4.3 Operating System: POSIX-Based Fixed Release: None Triage Status: None _______________________________________________________ Details: Dear maintainer, a common way to use `make` on Continuous Integration systems like Jenkins, and some other batch processing systems, is to wrap it in the `unshare` program from `util-linux`, enabling process namespaces. Example: unshare -Upf --kill-child -- make runMyCI The reason for doing so is so that when you kill `unshare`, it ensures that all recursive child processes are reliably killed, and no zombie processes are left, no matter if they misbehave (e.g. backgrounding by double-forking) due to bugs or bad practices (which is especially annoying for cron jobs, CI servers, or other types of setup where process zombies/reparenting needs to be avoided). This worked great up to including gnumake 4.2.1, but it stopped working with 4.3 A workaround is to configure gnumake with `--disable-posix-spawn`. Concretely, the observed error is: unshare -Ufp --kill-child make make: sh: Invalid argument make: *** [Makefile:6: help] Error 127 `strace -fy` on the above command reveals that this `Invalid argument` comes from the `setresuid()` syscall, which is invoked by the first forked child of the `make` main process: [pid 6545] getuid() = 65534 [pid 6545] setresuid(-1, 65534, -1) = -1 EINVAL (Invalid argument) It would be great to know whether make 4.3 could be made work under `unshare` in general, or if not, if the switch to disable poxix-spawn could be made available at run-time, so that users can use continue to use their distribution packages while still having guaranteed child killing via `unshare`. Thank you! nh2 _______________________________________________________ Reply to this item at: <https://savannah.gnu.org/bugs/?61621> _______________________________________________ Message sent via Savannah https://savannah.gnu.org/