Re: [go-nuts] TestSetuidEtc fails during test execution in a container
This should be fully resolved at HEAD now.
On Friday, May 14, 2021 at 10:57:22 AM UTC-7 Andrew G. Morgan wrote:
>
> Indeed. I neglected to heed the comment I left expressly for this purpose.
> :(
>
> Thanks!
>
> Andrew
>
> On Friday, May 14, 2021 at 10:25:18 AM UTC-7 ksri...@gmail.com wrote:
>
>> I applied your patch in-flight from your review,
>> https://go-review.googlesource.com/c/go/+/319591/,
>> and I am seeing other failures. It appears we need to apply the ordering
>> of setgids to the following tests as well.
>>
>> Also, I grepped around for the pattern syscall.Setgroups there are no
>> others I could see.
>>
>> Thanks
>> Kumar
>>
>>
>> % grep -i -r SetGroup misc/cgo/*
>> misc/cgo/test/issue1435.go: {call:
>> "Setgroups([]int{0,1,2,3})", fn: func() error { return
>> syscall.Setgroups([]int{0, 1, 2, 3}) }, filter: "Groups:", expect: "\t0 1 2
>> 3"},
>> misc/cgo/test/issue1435.go: {call: "Setgroups(nil)", fn:
>> func() error { return syscall.Setgroups(nil) }, filter: "Groups:", expect:
>> ""},
>> misc/cgo/test/issue1435.go: {call: "Setgroups([]int{0})", fn:
>> func() error { return syscall.Setgroups([]int{0}) }, filter: "Groups:",
>> expect: "\t0"},
>>
>> # ../misc/cgo/test
>> --- FAIL: Test1435 (0.01s)
>> issue1435.go:181: [6] "Setgroups([]int{0,1,2,3})" comparison:
>> "/proc/29462/status" got:"Groups:\t1 2 3 0" want:"Groups:\t0 1 2 3" (bad)
>> [pid=29462 file:'Name: test.test
>> Umask: 0022
>> State: S (sleeping)
>> Tgid: 29462
>> Ngid: 0
>> Pid: 29462
>> PPid: 27896
>> TracerPid: 0
>> Uid: 0 0 0 0
>> Gid: 0 0 0 0
>> FDSize: 64
>> Groups: 1 2 3 0
>> NStgid: 29462
>> NSpid: 29462
>> NSpgid: 9
>> NSsid: 9
>> VmPeak: 1215460 kB
>> VmSize: 1191416 kB
>> VmLck: 0 kB
>> VmPin: 0 kB
>> VmHWM:5848 kB
>> VmRSS:5848 kB
>> RssAnon:1724 kB
>> RssFile:4124 kB
>> RssShmem: 0 kB
>> VmData: 194472 kB
>> VmStk: 132 kB
>> VmExe:1580 kB
>> VmLib:1700 kB
>> VmPTE: 156 kB
>> VmSwap: 0 kB
>> HugetlbPages: 0 kB
>> CoreDumping: 0
>> Threads: 12
>> SigQ: 0/128577
>> SigPnd:
>> ShdPnd:
>> SigBlk: fffc3bfa3a00
>> SigIgn:
>> SigCgt: fffdffc1feff
>> CapInh: a80425fb
>> CapPrm: a80425fb
>> CapEff: a80425fb
>> CapBnd: a80425fb
>> CapAmb:
>> NoNewPrivs: 0
>> Seccomp: 2
>> Speculation_Store_Bypass: thread force mitigated
>> Cpus_allowed: ff
>> Cpus_allowed_list: 0-7
>> Mems_allowed:
>> ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0001
>> Mems_allowed_list: 0
>> voluntary_ctxt_switches: 19
>> nonvoluntary_ctxt_switches: 0
>> ' Pid: 29462]
>> FAIL
>> exit status 1
>> FAIL misc/cgo/test 6.853s
>> 2021/05/14 16:53:14 Failed: exit status 1
>> --- FAIL: Test1435 (0.01s)
>> issue1435.go:181: [6] "Setgroups([]int{0,1,2,3})" comparison:
>> "/proc/29422/status" got:"Groups:\t1 2 3 0" want:"Groups:\t0 1 2 3" (bad)
>> [pid=29422 file:'Name: test.test
>> Umask: 0022
>> State: S (sleeping)
>> Tgid: 29422
>> Ngid: 0
>> Pid: 29422
>> PPid: 27897
>> TracerPid: 0
>> Uid: 0 0 0 0
>> Gid: 0 0 0 0
>> FDSize: 64
>> Groups: 1 2 3 0
>> NStgid: 29422
>> NSpid: 29422
>> NSpgid: 9
>> NSsid: 9
>> VmPeak: 1215712 kB
>> VmSize: 1192820 kB
>> VmLck: 0 kB
>> VmPin: 0 kB
>> VmHWM:5104 kB
>> VmRSS:5104 kB
>> RssAnon:1464 kB
>> RssFile:3640 kB
>> RssShmem: 0 kB
>> VmData: 195880 kB
>> VmStk: 132 kB
>> VmExe:1556 kB
>> VmLib:1728 kB
>> VmPTE: 176 kB
>> VmSwap: 0 kB
>> HugetlbPages: 0 kB
>> CoreDumping: 0
>> Threads: 12
>> SigQ: 0/128577
>> SigPnd:
>> ShdPnd:
>> SigBlk: fffc3bfa3a00
>> SigIgn:
>> SigCgt: fffdffc1feff
>> CapInh: a80425fb
>> CapPrm: a80425fb
>> CapEff: a80425fb
>> CapBnd: a80425fb
>> CapAmb:
>> NoNewPrivs: 0
>> Seccomp: 2
>>
Re: [go-nuts] TestSetuidEtc fails during test execution in a container
Indeed. I neglected to heed the comment I left expressly for this purpose.
:(
Thanks!
Andrew
On Friday, May 14, 2021 at 10:25:18 AM UTC-7 ksri...@gmail.com wrote:
> I applied your patch in-flight from your review,
> https://go-review.googlesource.com/c/go/+/319591/,
> and I am seeing other failures. It appears we need to apply the ordering
> of setgids to the following tests as well.
>
> Also, I grepped around for the pattern syscall.Setgroups there are no
> others I could see.
>
> Thanks
> Kumar
>
>
> % grep -i -r SetGroup misc/cgo/*
> misc/cgo/test/issue1435.go: {call:
> "Setgroups([]int{0,1,2,3})", fn: func() error { return
> syscall.Setgroups([]int{0, 1, 2, 3}) }, filter: "Groups:", expect: "\t0 1 2
> 3"},
> misc/cgo/test/issue1435.go: {call: "Setgroups(nil)", fn:
> func() error { return syscall.Setgroups(nil) }, filter: "Groups:", expect:
> ""},
> misc/cgo/test/issue1435.go: {call: "Setgroups([]int{0})", fn:
> func() error { return syscall.Setgroups([]int{0}) }, filter: "Groups:",
> expect: "\t0"},
>
> # ../misc/cgo/test
> --- FAIL: Test1435 (0.01s)
> issue1435.go:181: [6] "Setgroups([]int{0,1,2,3})" comparison:
> "/proc/29462/status" got:"Groups:\t1 2 3 0" want:"Groups:\t0 1 2 3" (bad)
> [pid=29462 file:'Name: test.test
> Umask: 0022
> State: S (sleeping)
> Tgid: 29462
> Ngid: 0
> Pid: 29462
> PPid: 27896
> TracerPid: 0
> Uid: 0 0 0 0
> Gid: 0 0 0 0
> FDSize: 64
> Groups: 1 2 3 0
> NStgid: 29462
> NSpid: 29462
> NSpgid: 9
> NSsid: 9
> VmPeak: 1215460 kB
> VmSize: 1191416 kB
> VmLck: 0 kB
> VmPin: 0 kB
> VmHWM:5848 kB
> VmRSS:5848 kB
> RssAnon:1724 kB
> RssFile:4124 kB
> RssShmem: 0 kB
> VmData: 194472 kB
> VmStk: 132 kB
> VmExe:1580 kB
> VmLib:1700 kB
> VmPTE: 156 kB
> VmSwap: 0 kB
> HugetlbPages: 0 kB
> CoreDumping: 0
> Threads: 12
> SigQ: 0/128577
> SigPnd:
> ShdPnd:
> SigBlk: fffc3bfa3a00
> SigIgn:
> SigCgt: fffdffc1feff
> CapInh: a80425fb
> CapPrm: a80425fb
> CapEff: a80425fb
> CapBnd: a80425fb
> CapAmb:
> NoNewPrivs: 0
> Seccomp: 2
> Speculation_Store_Bypass: thread force mitigated
> Cpus_allowed: ff
> Cpus_allowed_list: 0-7
> Mems_allowed:
> ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0001
> Mems_allowed_list: 0
> voluntary_ctxt_switches: 19
> nonvoluntary_ctxt_switches: 0
> ' Pid: 29462]
> FAIL
> exit status 1
> FAIL misc/cgo/test 6.853s
> 2021/05/14 16:53:14 Failed: exit status 1
> --- FAIL: Test1435 (0.01s)
> issue1435.go:181: [6] "Setgroups([]int{0,1,2,3})" comparison:
> "/proc/29422/status" got:"Groups:\t1 2 3 0" want:"Groups:\t0 1 2 3" (bad)
> [pid=29422 file:'Name: test.test
> Umask: 0022
> State: S (sleeping)
> Tgid: 29422
> Ngid: 0
> Pid: 29422
> PPid: 27897
> TracerPid: 0
> Uid: 0 0 0 0
> Gid: 0 0 0 0
> FDSize: 64
> Groups: 1 2 3 0
> NStgid: 29422
> NSpid: 29422
> NSpgid: 9
> NSsid: 9
> VmPeak: 1215712 kB
> VmSize: 1192820 kB
> VmLck: 0 kB
> VmPin: 0 kB
> VmHWM:5104 kB
> VmRSS:5104 kB
> RssAnon:1464 kB
> RssFile:3640 kB
> RssShmem: 0 kB
> VmData: 195880 kB
> VmStk: 132 kB
> VmExe:1556 kB
> VmLib:1728 kB
> VmPTE: 176 kB
> VmSwap: 0 kB
> HugetlbPages: 0 kB
> CoreDumping: 0
> Threads: 12
> SigQ: 0/128577
> SigPnd:
> ShdPnd:
> SigBlk: fffc3bfa3a00
> SigIgn:
> SigCgt: fffdffc1feff
> CapInh: a80425fb
> CapPrm: a80425fb
> CapEff: a80425fb
> CapBnd: a80425fb
> CapAmb:
> NoNewPrivs: 0
> Seccomp: 2
> Speculation_Store_Bypass: thread force mitigated
> Cpus_allowed: ff
> Cpus_allowed_list: 0-7
> Mems_allowed:
>
Re: [go-nuts] TestSetuidEtc fails during test execution in a container
I applied your patch in-flight from your review,
https://go-review.googlesource.com/c/go/+/319591/,
and I am seeing other failures. It appears we need to apply the ordering of
setgids to the following tests as well.
Also, I grepped around for the pattern syscall.Setgroups there are no
others I could see.
Thanks
Kumar
% grep -i -r SetGroup misc/cgo/*
misc/cgo/test/issue1435.go: {call: "Setgroups([]int{0,1,2,3})",
fn: func() error { return syscall.Setgroups([]int{0, 1, 2, 3}) }, filter:
"Groups:", expect: "\t0 1 2 3"},
misc/cgo/test/issue1435.go: {call: "Setgroups(nil)", fn: func()
error { return syscall.Setgroups(nil) }, filter: "Groups:", expect: ""},
misc/cgo/test/issue1435.go: {call: "Setgroups([]int{0})", fn:
func() error { return syscall.Setgroups([]int{0}) }, filter: "Groups:",
expect: "\t0"},
# ../misc/cgo/test
--- FAIL: Test1435 (0.01s)
issue1435.go:181: [6] "Setgroups([]int{0,1,2,3})" comparison:
"/proc/29462/status" got:"Groups:\t1 2 3 0" want:"Groups:\t0 1 2 3" (bad)
[pid=29462 file:'Name: test.test
Umask: 0022
State: S (sleeping)
Tgid: 29462
Ngid: 0
Pid: 29462
PPid: 27896
TracerPid: 0
Uid: 0 0 0 0
Gid: 0 0 0 0
FDSize: 64
Groups: 1 2 3 0
NStgid: 29462
NSpid: 29462
NSpgid: 9
NSsid: 9
VmPeak: 1215460 kB
VmSize: 1191416 kB
VmLck: 0 kB
VmPin: 0 kB
VmHWM:5848 kB
VmRSS:5848 kB
RssAnon:1724 kB
RssFile:4124 kB
RssShmem: 0 kB
VmData: 194472 kB
VmStk: 132 kB
VmExe:1580 kB
VmLib:1700 kB
VmPTE: 156 kB
VmSwap: 0 kB
HugetlbPages: 0 kB
CoreDumping: 0
Threads: 12
SigQ: 0/128577
SigPnd:
ShdPnd:
SigBlk: fffc3bfa3a00
SigIgn:
SigCgt: fffdffc1feff
CapInh: a80425fb
CapPrm: a80425fb
CapEff: a80425fb
CapBnd: a80425fb
CapAmb:
NoNewPrivs: 0
Seccomp: 2
Speculation_Store_Bypass: thread force mitigated
Cpus_allowed: ff
Cpus_allowed_list: 0-7
Mems_allowed:
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0001
Mems_allowed_list: 0
voluntary_ctxt_switches: 19
nonvoluntary_ctxt_switches: 0
' Pid: 29462]
FAIL
exit status 1
FAIL misc/cgo/test 6.853s
2021/05/14 16:53:14 Failed: exit status 1
--- FAIL: Test1435 (0.01s)
issue1435.go:181: [6] "Setgroups([]int{0,1,2,3})" comparison:
"/proc/29422/status" got:"Groups:\t1 2 3 0" want:"Groups:\t0 1 2 3" (bad)
[pid=29422 file:'Name: test.test
Umask: 0022
State: S (sleeping)
Tgid: 29422
Ngid: 0
Pid: 29422
PPid: 27897
TracerPid: 0
Uid: 0 0 0 0
Gid: 0 0 0 0
FDSize: 64
Groups: 1 2 3 0
NStgid: 29422
NSpid: 29422
NSpgid: 9
NSsid: 9
VmPeak: 1215712 kB
VmSize: 1192820 kB
VmLck: 0 kB
VmPin: 0 kB
VmHWM:5104 kB
VmRSS:5104 kB
RssAnon:1464 kB
RssFile:3640 kB
RssShmem: 0 kB
VmData: 195880 kB
VmStk: 132 kB
VmExe:1556 kB
VmLib:1728 kB
VmPTE: 176 kB
VmSwap: 0 kB
HugetlbPages: 0 kB
CoreDumping: 0
Threads: 12
SigQ: 0/128577
SigPnd:
ShdPnd:
SigBlk: fffc3bfa3a00
SigIgn:
SigCgt: fffdffc1feff
CapInh: a80425fb
CapPrm: a80425fb
CapEff: a80425fb
CapBnd: a80425fb
CapAmb:
NoNewPrivs: 0
Seccomp: 2
Speculation_Store_Bypass: thread force mitigated
Cpus_allowed: ff
Cpus_allowed_list: 0-7
Mems_allowed:
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0001
Mems_allowed_list: 0
voluntary_ctxt_switches: 19
nonvoluntary_ctxt_switches: 4
' Pid: 29422]
FAIL
exit status 1
FAIL misc/cgo/test 6.429s
2021/05/14 16:53:15 Failed: exit status 1
--- FAIL: Test1435 (0.02s)
issue1435.go:181: [6] "Setgroups([]int{0,1,2,3})" comparison:
Re: [go-nuts] TestSetuidEtc fails during test execution in a container
Thanks for looking into this, Andrew.
My 2 cents, there ought to be an elegant mechanism of excluding or
disabling regression tests temporarily.
For example this is how OpenJDK handles specific or generic platform
exclusions.
https://github.com/openjdk/jdk/blob/master/test/jdk/ProblemList.txt
Kumar
On Wed, May 12, 2021 at 9:02 PM 'Andrew G. Morgan' via golang-nuts <
golang-nuts@googlegroups.com> wrote:
>
> As a quick hack, you could just delete the
> src/syscall/syscall_linux_test.go file. Obviously, that will not test a
> bunch of stuff, but it should unblock you.
>
> Alternatively, you could try one of the 'Download' options from:
>
>https://go-review.googlesource.com/c/go/+/319591/
>
> while we go through the review cycle for this change (or something evolved
> from it).
>
> Cheers
>
> Andrew
>
> On Wednesday, May 12, 2021 at 8:27:35 PM UTC-7 ksri...@gmail.com wrote:
>
>> Yes I was wondering about that.
>>
>> Meanwhile, is there a way to exclude that test ?
>>
>> Kumar
>>
>> On Wed, May 12, 2021, 7:31 PM 'Andrew G. Morgan' via golang-nuts <
>> golan...@googlegroups.com> wrote:
>>
>>> Mea culpa. I clearly misread the capsh output.
>>>
>>> There is a cap_setgid in there. Looking closer at the output the
>>> miscompare is there in the first line. The groups are listed in an unsorted
>>> order. That is not expected by the test. Let me see what is causing this to
>>> happen. I'll use the bug to investigate and document what I find.
>>>
>>> Cheers
>>>
>>> Andrew
>>>
>>> On Wednesday, May 12, 2021 at 3:48:15 PM UTC-7 Andrew G. Morgan wrote:
>>>
OK. I've filed this bug. If we want to go this route, please assign it
to me:
https://github.com/golang/go/issues/46145
On Wednesday, May 12, 2021 at 2:53:19 PM UTC-7 Ian Lance Taylor wrote:
> On Wed, May 12, 2021 at 2:47 PM 'Andrew G. Morgan' via golang-nuts
> wrote:
> >
> >
> > It looks like the CapBound here is non-default. That is, this
> container is running with non-default restrictions.
> >
> > $ /sbin/capsh --decode=0xa80425fb
> >
> 0xa80425fb=cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap
>
> >
> > The environment appears to be denying cap_setgid - which is why the
> Setgroups() call is failing.
> >
> > Is adjusting that environmental choice possible?
>
> Alternatively, can the test code detect that those restrictions are
> being applied, and skip the test in that case? That's our usual
> pattern for tests that can't be run in some environments. Thanks.
>
> Ian
>
>
> > On Wednesday, May 12, 2021 at 2:34:09 PM UTC-7 Ian Lance Taylor
> wrote:
> >>
> >> [ + agm ]
> >>
> >> On Wed, May 12, 2021 at 2:12 PM Kumar Srinivasan
> wrote:
> >> >
> >> > Hello,
> >> >
> >> > This is the first time I am posting to this group, apologies if
> this is the wrong forum.
> >> >
> >> > I am trying to build the go sources and test the built sources,
> so effectively I am running
> >> > % cd go-source-dir/src && GOROOT_BOOTSTRAP=/BOOT_GO
> bash ./all.bash
> >> > I am seeing this failure attached below when I build and test
> within a container.
> >> > However I don't see this issue in a Virtual Machine running
> CentOS7.
> >> >
> >> > Appreciate any help or insights anyone can offer.
> >> >
> >> > Thanks
> >> > Kumar Srinivasan
> >> >
> >> > % uname -a
> >> >
> >> > Linux 7bb298e4-71d7-4f5e-4d4c-d58ac8ce61ac 4.15.0-76-generic
> #86-Ubuntu SMP Fri Jan 17 17:24:28 UTC 2020 x86_64
> >> >
> >> >
> >> > --- FAIL: TestSetuidEtc (0.12s)
> >> > syscall_linux_test.go:668: [6] "Setgroups([]int{0,1,2,3})"
> comparison: "/proc/32911/status" got:"Groups:\t1 2 3 0" want:"Groups:\t0 1
> 2 3" (bad) [pid=32911 file:'Name: syscall.test
> >> > Umask: 0022
> >> > State: S (sleeping)
> >> > Tgid: 32911
> >> > Ngid: 0
> >> > Pid: 32911
> >> > PPid: 10324
> >> > TracerPid: 0
> >> > Uid: 0 0 0 0
> >> > Gid: 0 0 0 0
> >> > FDSize: 64
> >> > Groups: 1 2 3 0
> >> > NStgid: 32911
> >> > NSpid: 32911
> >> > NSpgid: 7
> >> > NSsid: 7
> >> > VmPeak: 1092152 kB
> >> > VmSize: 1034812 kB
> >> > VmLck: 0 kB
> >> > VmPin: 0 kB
> >> > VmHWM: 5372 kB
> >> > VmRSS: 5372 kB
> >> > RssAnon: 1416 kB
> >> > RssFile: 3956 kB
> >> > RssShmem: 0 kB
> >> > VmData: 169344 kB
> >> > VmStk: 132 kB
> >> > VmExe: 1384 kB
> >> > VmLib: 1464 kB
> >> > VmPTE: 140 kB
> >> > VmSwap: 0 kB
> >> > HugetlbPages: 0 kB
> >> > CoreDumping: 0
> >> > Threads: 8
> >> > SigQ: 2/128577
> >> > SigPnd:
> >> > ShdPnd:
> >> > SigBlk:
Re: [go-nuts] TestSetuidEtc fails during test execution in a container
As a quick hack, you could just delete the src/syscall/syscall_linux_test.go
file. Obviously, that will not test a bunch of stuff, but it should unblock
you.
Alternatively, you could try one of the 'Download' options from:
https://go-review.googlesource.com/c/go/+/319591/
while we go through the review cycle for this change (or something evolved
from it).
Cheers
Andrew
On Wednesday, May 12, 2021 at 8:27:35 PM UTC-7 ksri...@gmail.com wrote:
> Yes I was wondering about that.
>
> Meanwhile, is there a way to exclude that test ?
>
> Kumar
>
> On Wed, May 12, 2021, 7:31 PM 'Andrew G. Morgan' via golang-nuts <
> golan...@googlegroups.com> wrote:
>
>> Mea culpa. I clearly misread the capsh output.
>>
>> There is a cap_setgid in there. Looking closer at the output the
>> miscompare is there in the first line. The groups are listed in an unsorted
>> order. That is not expected by the test. Let me see what is causing this to
>> happen. I'll use the bug to investigate and document what I find.
>>
>> Cheers
>>
>> Andrew
>>
>> On Wednesday, May 12, 2021 at 3:48:15 PM UTC-7 Andrew G. Morgan wrote:
>>
>>> OK. I've filed this bug. If we want to go this route, please assign it
>>> to me:
>>>
>>> https://github.com/golang/go/issues/46145
>>>
>>>
>>> On Wednesday, May 12, 2021 at 2:53:19 PM UTC-7 Ian Lance Taylor wrote:
>>>
On Wed, May 12, 2021 at 2:47 PM 'Andrew G. Morgan' via golang-nuts
wrote:
>
>
> It looks like the CapBound here is non-default. That is, this
container is running with non-default restrictions.
>
> $ /sbin/capsh --decode=0xa80425fb
>
0xa80425fb=cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap
>
> The environment appears to be denying cap_setgid - which is why the
Setgroups() call is failing.
>
> Is adjusting that environmental choice possible?
Alternatively, can the test code detect that those restrictions are
being applied, and skip the test in that case? That's our usual
pattern for tests that can't be run in some environments. Thanks.
Ian
> On Wednesday, May 12, 2021 at 2:34:09 PM UTC-7 Ian Lance Taylor
wrote:
>>
>> [ + agm ]
>>
>> On Wed, May 12, 2021 at 2:12 PM Kumar Srinivasan
wrote:
>> >
>> > Hello,
>> >
>> > This is the first time I am posting to this group, apologies if
this is the wrong forum.
>> >
>> > I am trying to build the go sources and test the built sources, so
effectively I am running
>> > % cd go-source-dir/src && GOROOT_BOOTSTRAP=/BOOT_GO bash
./all.bash
>> > I am seeing this failure attached below when I build and test
within a container.
>> > However I don't see this issue in a Virtual Machine running
CentOS7.
>> >
>> > Appreciate any help or insights anyone can offer.
>> >
>> > Thanks
>> > Kumar Srinivasan
>> >
>> > % uname -a
>> >
>> > Linux 7bb298e4-71d7-4f5e-4d4c-d58ac8ce61ac 4.15.0-76-generic
#86-Ubuntu SMP Fri Jan 17 17:24:28 UTC 2020 x86_64
>> >
>> >
>> > --- FAIL: TestSetuidEtc (0.12s)
>> > syscall_linux_test.go:668: [6] "Setgroups([]int{0,1,2,3})"
comparison: "/proc/32911/status" got:"Groups:\t1 2 3 0" want:"Groups:\t0 1
2 3" (bad) [pid=32911 file:'Name: syscall.test
>> > Umask: 0022
>> > State: S (sleeping)
>> > Tgid: 32911
>> > Ngid: 0
>> > Pid: 32911
>> > PPid: 10324
>> > TracerPid: 0
>> > Uid: 0 0 0 0
>> > Gid: 0 0 0 0
>> > FDSize: 64
>> > Groups: 1 2 3 0
>> > NStgid: 32911
>> > NSpid: 32911
>> > NSpgid: 7
>> > NSsid: 7
>> > VmPeak: 1092152 kB
>> > VmSize: 1034812 kB
>> > VmLck: 0 kB
>> > VmPin: 0 kB
>> > VmHWM: 5372 kB
>> > VmRSS: 5372 kB
>> > RssAnon: 1416 kB
>> > RssFile: 3956 kB
>> > RssShmem: 0 kB
>> > VmData: 169344 kB
>> > VmStk: 132 kB
>> > VmExe: 1384 kB
>> > VmLib: 1464 kB
>> > VmPTE: 140 kB
>> > VmSwap: 0 kB
>> > HugetlbPages: 0 kB
>> > CoreDumping: 0
>> > Threads: 8
>> > SigQ: 2/128577
>> > SigPnd:
>> > ShdPnd:
>> > SigBlk:
>> > SigIgn: 0030
>> > SigCgt: fffdffc1feff
>> > CapInh: a80425fb
>> > CapPrm: a80425fb
>> > CapEff: a80425fb
>> > CapBnd: a80425fb
>> > CapAmb:
>> > NoNewPrivs: 0
>> > Seccomp: 2
>> > Speculation_Store_Bypass: thread force mitigated
>> > Cpus_allowed: ff
>> > Cpus_allowed_list: 0-7
>> > Mems_allowed:
Re: [go-nuts] TestSetuidEtc fails during test execution in a container
Yes I was wondering about that.
Meanwhile, is there a way to exclude that test ?
Kumar
On Wed, May 12, 2021, 7:31 PM 'Andrew G. Morgan' via golang-nuts <
golang-nuts@googlegroups.com> wrote:
> Mea culpa. I clearly misread the capsh output.
>
> There is a cap_setgid in there. Looking closer at the output the
> miscompare is there in the first line. The groups are listed in an unsorted
> order. That is not expected by the test. Let me see what is causing this to
> happen. I'll use the bug to investigate and document what I find.
>
> Cheers
>
> Andrew
>
> On Wednesday, May 12, 2021 at 3:48:15 PM UTC-7 Andrew G. Morgan wrote:
>
>> OK. I've filed this bug. If we want to go this route, please assign it to
>> me:
>>
>> https://github.com/golang/go/issues/46145
>>
>>
>> On Wednesday, May 12, 2021 at 2:53:19 PM UTC-7 Ian Lance Taylor wrote:
>>
>>> On Wed, May 12, 2021 at 2:47 PM 'Andrew G. Morgan' via golang-nuts
>>> wrote:
>>> >
>>> >
>>> > It looks like the CapBound here is non-default. That is, this
>>> container is running with non-default restrictions.
>>> >
>>> > $ /sbin/capsh --decode=0xa80425fb
>>> >
>>> 0xa80425fb=cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap
>>>
>>> >
>>> > The environment appears to be denying cap_setgid - which is why the
>>> Setgroups() call is failing.
>>> >
>>> > Is adjusting that environmental choice possible?
>>>
>>> Alternatively, can the test code detect that those restrictions are
>>> being applied, and skip the test in that case? That's our usual
>>> pattern for tests that can't be run in some environments. Thanks.
>>>
>>> Ian
>>>
>>>
>>> > On Wednesday, May 12, 2021 at 2:34:09 PM UTC-7 Ian Lance Taylor wrote:
>>> >>
>>> >> [ + agm ]
>>> >>
>>> >> On Wed, May 12, 2021 at 2:12 PM Kumar Srinivasan
>>> wrote:
>>> >> >
>>> >> > Hello,
>>> >> >
>>> >> > This is the first time I am posting to this group, apologies if
>>> this is the wrong forum.
>>> >> >
>>> >> > I am trying to build the go sources and test the built sources, so
>>> effectively I am running
>>> >> > % cd go-source-dir/src && GOROOT_BOOTSTRAP=/BOOT_GO bash
>>> ./all.bash
>>> >> > I am seeing this failure attached below when I build and test
>>> within a container.
>>> >> > However I don't see this issue in a Virtual Machine running
>>> CentOS7.
>>> >> >
>>> >> > Appreciate any help or insights anyone can offer.
>>> >> >
>>> >> > Thanks
>>> >> > Kumar Srinivasan
>>> >> >
>>> >> > % uname -a
>>> >> >
>>> >> > Linux 7bb298e4-71d7-4f5e-4d4c-d58ac8ce61ac 4.15.0-76-generic
>>> #86-Ubuntu SMP Fri Jan 17 17:24:28 UTC 2020 x86_64
>>> >> >
>>> >> >
>>> >> > --- FAIL: TestSetuidEtc (0.12s)
>>> >> > syscall_linux_test.go:668: [6] "Setgroups([]int{0,1,2,3})"
>>> comparison: "/proc/32911/status" got:"Groups:\t1 2 3 0" want:"Groups:\t0 1
>>> 2 3" (bad) [pid=32911 file:'Name: syscall.test
>>> >> > Umask: 0022
>>> >> > State: S (sleeping)
>>> >> > Tgid: 32911
>>> >> > Ngid: 0
>>> >> > Pid: 32911
>>> >> > PPid: 10324
>>> >> > TracerPid: 0
>>> >> > Uid: 0 0 0 0
>>> >> > Gid: 0 0 0 0
>>> >> > FDSize: 64
>>> >> > Groups: 1 2 3 0
>>> >> > NStgid: 32911
>>> >> > NSpid: 32911
>>> >> > NSpgid: 7
>>> >> > NSsid: 7
>>> >> > VmPeak: 1092152 kB
>>> >> > VmSize: 1034812 kB
>>> >> > VmLck: 0 kB
>>> >> > VmPin: 0 kB
>>> >> > VmHWM: 5372 kB
>>> >> > VmRSS: 5372 kB
>>> >> > RssAnon: 1416 kB
>>> >> > RssFile: 3956 kB
>>> >> > RssShmem: 0 kB
>>> >> > VmData: 169344 kB
>>> >> > VmStk: 132 kB
>>> >> > VmExe: 1384 kB
>>> >> > VmLib: 1464 kB
>>> >> > VmPTE: 140 kB
>>> >> > VmSwap: 0 kB
>>> >> > HugetlbPages: 0 kB
>>> >> > CoreDumping: 0
>>> >> > Threads: 8
>>> >> > SigQ: 2/128577
>>> >> > SigPnd:
>>> >> > ShdPnd:
>>> >> > SigBlk:
>>> >> > SigIgn: 0030
>>> >> > SigCgt: fffdffc1feff
>>> >> > CapInh: a80425fb
>>> >> > CapPrm: a80425fb
>>> >> > CapEff: a80425fb
>>> >> > CapBnd: a80425fb
>>> >> > CapAmb:
>>> >> > NoNewPrivs: 0
>>> >> > Seccomp: 2
>>> >> > Speculation_Store_Bypass: thread force mitigated
>>> >> > Cpus_allowed: ff
>>> >> > Cpus_allowed_list: 0-7
>>> >> > Mems_allowed:
>>> ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0001
>>>
>>> >> > Mems_allowed_list: 0
>>> >> > voluntary_ctxt_switches: 22
>>> >> > nonvoluntary_ctxt_switches: 52
>>> >> > ' Pid: 32911]
>>> >> > FAIL
>>> >> > FAIL syscall 0.724s
>>> >> >
>>> >> >
>>> >> >
>>> >> > --
>>> >> > You received this message because you are subscribed to the Google
>>> Groups "golang-nuts" group.
>>> >> > To unsubscribe from this group and stop receiving emails from it,
>>> send an email to
Re: [go-nuts] TestSetuidEtc fails during test execution in a container
Mea culpa. I clearly misread the capsh output.
There is a cap_setgid in there. Looking closer at the output the miscompare
is there in the first line. The groups are listed in an unsorted order.
That is not expected by the test. Let me see what is causing this to
happen. I'll use the bug to investigate and document what I find.
Cheers
Andrew
On Wednesday, May 12, 2021 at 3:48:15 PM UTC-7 Andrew G. Morgan wrote:
> OK. I've filed this bug. If we want to go this route, please assign it to
> me:
>
> https://github.com/golang/go/issues/46145
>
>
> On Wednesday, May 12, 2021 at 2:53:19 PM UTC-7 Ian Lance Taylor wrote:
>
>> On Wed, May 12, 2021 at 2:47 PM 'Andrew G. Morgan' via golang-nuts
>> wrote:
>> >
>> >
>> > It looks like the CapBound here is non-default. That is, this container
>> is running with non-default restrictions.
>> >
>> > $ /sbin/capsh --decode=0xa80425fb
>> >
>> 0xa80425fb=cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap
>> >
>> > The environment appears to be denying cap_setgid - which is why the
>> Setgroups() call is failing.
>> >
>> > Is adjusting that environmental choice possible?
>>
>> Alternatively, can the test code detect that those restrictions are
>> being applied, and skip the test in that case? That's our usual
>> pattern for tests that can't be run in some environments. Thanks.
>>
>> Ian
>>
>>
>> > On Wednesday, May 12, 2021 at 2:34:09 PM UTC-7 Ian Lance Taylor wrote:
>> >>
>> >> [ + agm ]
>> >>
>> >> On Wed, May 12, 2021 at 2:12 PM Kumar Srinivasan
>> wrote:
>> >> >
>> >> > Hello,
>> >> >
>> >> > This is the first time I am posting to this group, apologies if this
>> is the wrong forum.
>> >> >
>> >> > I am trying to build the go sources and test the built sources, so
>> effectively I am running
>> >> > % cd go-source-dir/src && GOROOT_BOOTSTRAP=/BOOT_GO bash
>> ./all.bash
>> >> > I am seeing this failure attached below when I build and test within
>> a container.
>> >> > However I don't see this issue in a Virtual Machine running CentOS7.
>> >> >
>> >> > Appreciate any help or insights anyone can offer.
>> >> >
>> >> > Thanks
>> >> > Kumar Srinivasan
>> >> >
>> >> > % uname -a
>> >> >
>> >> > Linux 7bb298e4-71d7-4f5e-4d4c-d58ac8ce61ac 4.15.0-76-generic
>> #86-Ubuntu SMP Fri Jan 17 17:24:28 UTC 2020 x86_64
>> >> >
>> >> >
>> >> > --- FAIL: TestSetuidEtc (0.12s)
>> >> > syscall_linux_test.go:668: [6] "Setgroups([]int{0,1,2,3})"
>> comparison: "/proc/32911/status" got:"Groups:\t1 2 3 0" want:"Groups:\t0 1
>> 2 3" (bad) [pid=32911 file:'Name: syscall.test
>> >> > Umask: 0022
>> >> > State: S (sleeping)
>> >> > Tgid: 32911
>> >> > Ngid: 0
>> >> > Pid: 32911
>> >> > PPid: 10324
>> >> > TracerPid: 0
>> >> > Uid: 0 0 0 0
>> >> > Gid: 0 0 0 0
>> >> > FDSize: 64
>> >> > Groups: 1 2 3 0
>> >> > NStgid: 32911
>> >> > NSpid: 32911
>> >> > NSpgid: 7
>> >> > NSsid: 7
>> >> > VmPeak: 1092152 kB
>> >> > VmSize: 1034812 kB
>> >> > VmLck: 0 kB
>> >> > VmPin: 0 kB
>> >> > VmHWM: 5372 kB
>> >> > VmRSS: 5372 kB
>> >> > RssAnon: 1416 kB
>> >> > RssFile: 3956 kB
>> >> > RssShmem: 0 kB
>> >> > VmData: 169344 kB
>> >> > VmStk: 132 kB
>> >> > VmExe: 1384 kB
>> >> > VmLib: 1464 kB
>> >> > VmPTE: 140 kB
>> >> > VmSwap: 0 kB
>> >> > HugetlbPages: 0 kB
>> >> > CoreDumping: 0
>> >> > Threads: 8
>> >> > SigQ: 2/128577
>> >> > SigPnd:
>> >> > ShdPnd:
>> >> > SigBlk:
>> >> > SigIgn: 0030
>> >> > SigCgt: fffdffc1feff
>> >> > CapInh: a80425fb
>> >> > CapPrm: a80425fb
>> >> > CapEff: a80425fb
>> >> > CapBnd: a80425fb
>> >> > CapAmb:
>> >> > NoNewPrivs: 0
>> >> > Seccomp: 2
>> >> > Speculation_Store_Bypass: thread force mitigated
>> >> > Cpus_allowed: ff
>> >> > Cpus_allowed_list: 0-7
>> >> > Mems_allowed:
>> ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0001
>> >> > Mems_allowed_list: 0
>> >> > voluntary_ctxt_switches: 22
>> >> > nonvoluntary_ctxt_switches: 52
>> >> > ' Pid: 32911]
>> >> > FAIL
>> >> > FAIL syscall 0.724s
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > You received this message because you are subscribed to the Google
>> Groups "golang-nuts" group.
>> >> > To unsubscribe from this group and stop receiving emails from it,
>> send an email to golang-nuts...@googlegroups.com.
>> >> > To view this discussion on the web visit
>> https://groups.google.com/d/msgid/golang-nuts/9675fc9a-75df-4253-9112-e85d3026a185n%40googlegroups.com
>> .
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> Groups "golang-nuts" group.
>> > To unsubscribe from this group and
Re: [go-nuts] TestSetuidEtc fails during test execution in a container
OK. I've filed this bug. If we want to go this route, please assign it to
me:
https://github.com/golang/go/issues/46145
On Wednesday, May 12, 2021 at 2:53:19 PM UTC-7 Ian Lance Taylor wrote:
> On Wed, May 12, 2021 at 2:47 PM 'Andrew G. Morgan' via golang-nuts
> wrote:
> >
> >
> > It looks like the CapBound here is non-default. That is, this container
> is running with non-default restrictions.
> >
> > $ /sbin/capsh --decode=0xa80425fb
> >
> 0xa80425fb=cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap
> >
> > The environment appears to be denying cap_setgid - which is why the
> Setgroups() call is failing.
> >
> > Is adjusting that environmental choice possible?
>
> Alternatively, can the test code detect that those restrictions are
> being applied, and skip the test in that case? That's our usual
> pattern for tests that can't be run in some environments. Thanks.
>
> Ian
>
>
> > On Wednesday, May 12, 2021 at 2:34:09 PM UTC-7 Ian Lance Taylor wrote:
> >>
> >> [ + agm ]
> >>
> >> On Wed, May 12, 2021 at 2:12 PM Kumar Srinivasan
> wrote:
> >> >
> >> > Hello,
> >> >
> >> > This is the first time I am posting to this group, apologies if this
> is the wrong forum.
> >> >
> >> > I am trying to build the go sources and test the built sources, so
> effectively I am running
> >> > % cd go-source-dir/src && GOROOT_BOOTSTRAP=/BOOT_GO bash
> ./all.bash
> >> > I am seeing this failure attached below when I build and test within
> a container.
> >> > However I don't see this issue in a Virtual Machine running CentOS7.
> >> >
> >> > Appreciate any help or insights anyone can offer.
> >> >
> >> > Thanks
> >> > Kumar Srinivasan
> >> >
> >> > % uname -a
> >> >
> >> > Linux 7bb298e4-71d7-4f5e-4d4c-d58ac8ce61ac 4.15.0-76-generic
> #86-Ubuntu SMP Fri Jan 17 17:24:28 UTC 2020 x86_64
> >> >
> >> >
> >> > --- FAIL: TestSetuidEtc (0.12s)
> >> > syscall_linux_test.go:668: [6] "Setgroups([]int{0,1,2,3})"
> comparison: "/proc/32911/status" got:"Groups:\t1 2 3 0" want:"Groups:\t0 1
> 2 3" (bad) [pid=32911 file:'Name: syscall.test
> >> > Umask: 0022
> >> > State: S (sleeping)
> >> > Tgid: 32911
> >> > Ngid: 0
> >> > Pid: 32911
> >> > PPid: 10324
> >> > TracerPid: 0
> >> > Uid: 0 0 0 0
> >> > Gid: 0 0 0 0
> >> > FDSize: 64
> >> > Groups: 1 2 3 0
> >> > NStgid: 32911
> >> > NSpid: 32911
> >> > NSpgid: 7
> >> > NSsid: 7
> >> > VmPeak: 1092152 kB
> >> > VmSize: 1034812 kB
> >> > VmLck: 0 kB
> >> > VmPin: 0 kB
> >> > VmHWM: 5372 kB
> >> > VmRSS: 5372 kB
> >> > RssAnon: 1416 kB
> >> > RssFile: 3956 kB
> >> > RssShmem: 0 kB
> >> > VmData: 169344 kB
> >> > VmStk: 132 kB
> >> > VmExe: 1384 kB
> >> > VmLib: 1464 kB
> >> > VmPTE: 140 kB
> >> > VmSwap: 0 kB
> >> > HugetlbPages: 0 kB
> >> > CoreDumping: 0
> >> > Threads: 8
> >> > SigQ: 2/128577
> >> > SigPnd:
> >> > ShdPnd:
> >> > SigBlk:
> >> > SigIgn: 0030
> >> > SigCgt: fffdffc1feff
> >> > CapInh: a80425fb
> >> > CapPrm: a80425fb
> >> > CapEff: a80425fb
> >> > CapBnd: a80425fb
> >> > CapAmb:
> >> > NoNewPrivs: 0
> >> > Seccomp: 2
> >> > Speculation_Store_Bypass: thread force mitigated
> >> > Cpus_allowed: ff
> >> > Cpus_allowed_list: 0-7
> >> > Mems_allowed:
> ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0001
> >> > Mems_allowed_list: 0
> >> > voluntary_ctxt_switches: 22
> >> > nonvoluntary_ctxt_switches: 52
> >> > ' Pid: 32911]
> >> > FAIL
> >> > FAIL syscall 0.724s
> >> >
> >> >
> >> >
> >> > --
> >> > You received this message because you are subscribed to the Google
> Groups "golang-nuts" group.
> >> > To unsubscribe from this group and stop receiving emails from it,
> send an email to golang-nuts...@googlegroups.com.
> >> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/golang-nuts/9675fc9a-75df-4253-9112-e85d3026a185n%40googlegroups.com
> .
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "golang-nuts" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to golang-nuts...@googlegroups.com.
> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/golang-nuts/54f8ac32-f306-4bfd-bd8b-360f31b9415dn%40googlegroups.com
> .
>
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit
Re: [go-nuts] TestSetuidEtc fails during test execution in a container
On Wed, May 12, 2021 at 2:47 PM 'Andrew G. Morgan' via golang-nuts
wrote:
>
>
> It looks like the CapBound here is non-default. That is, this container is
> running with non-default restrictions.
>
> $ /sbin/capsh --decode=0xa80425fb
> 0xa80425fb=cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap
>
> The environment appears to be denying cap_setgid - which is why the
> Setgroups() call is failing.
>
> Is adjusting that environmental choice possible?
Alternatively, can the test code detect that those restrictions are
being applied, and skip the test in that case? That's our usual
pattern for tests that can't be run in some environments. Thanks.
Ian
> On Wednesday, May 12, 2021 at 2:34:09 PM UTC-7 Ian Lance Taylor wrote:
>>
>> [ + agm ]
>>
>> On Wed, May 12, 2021 at 2:12 PM Kumar Srinivasan wrote:
>> >
>> > Hello,
>> >
>> > This is the first time I am posting to this group, apologies if this is
>> > the wrong forum.
>> >
>> > I am trying to build the go sources and test the built sources, so
>> > effectively I am running
>> > % cd go-source-dir/src && GOROOT_BOOTSTRAP=/BOOT_GO bash
>> > ./all.bash
>> > I am seeing this failure attached below when I build and test within a
>> > container.
>> > However I don't see this issue in a Virtual Machine running CentOS7.
>> >
>> > Appreciate any help or insights anyone can offer.
>> >
>> > Thanks
>> > Kumar Srinivasan
>> >
>> > % uname -a
>> >
>> > Linux 7bb298e4-71d7-4f5e-4d4c-d58ac8ce61ac 4.15.0-76-generic #86-Ubuntu
>> > SMP Fri Jan 17 17:24:28 UTC 2020 x86_64
>> >
>> >
>> > --- FAIL: TestSetuidEtc (0.12s)
>> > syscall_linux_test.go:668: [6] "Setgroups([]int{0,1,2,3})" comparison:
>> > "/proc/32911/status" got:"Groups:\t1 2 3 0" want:"Groups:\t0 1 2 3" (bad)
>> > [pid=32911 file:'Name: syscall.test
>> > Umask: 0022
>> > State: S (sleeping)
>> > Tgid: 32911
>> > Ngid: 0
>> > Pid: 32911
>> > PPid: 10324
>> > TracerPid: 0
>> > Uid: 0 0 0 0
>> > Gid: 0 0 0 0
>> > FDSize: 64
>> > Groups: 1 2 3 0
>> > NStgid: 32911
>> > NSpid: 32911
>> > NSpgid: 7
>> > NSsid: 7
>> > VmPeak: 1092152 kB
>> > VmSize: 1034812 kB
>> > VmLck: 0 kB
>> > VmPin: 0 kB
>> > VmHWM: 5372 kB
>> > VmRSS: 5372 kB
>> > RssAnon: 1416 kB
>> > RssFile: 3956 kB
>> > RssShmem: 0 kB
>> > VmData: 169344 kB
>> > VmStk: 132 kB
>> > VmExe: 1384 kB
>> > VmLib: 1464 kB
>> > VmPTE: 140 kB
>> > VmSwap: 0 kB
>> > HugetlbPages: 0 kB
>> > CoreDumping: 0
>> > Threads: 8
>> > SigQ: 2/128577
>> > SigPnd:
>> > ShdPnd:
>> > SigBlk:
>> > SigIgn: 0030
>> > SigCgt: fffdffc1feff
>> > CapInh: a80425fb
>> > CapPrm: a80425fb
>> > CapEff: a80425fb
>> > CapBnd: a80425fb
>> > CapAmb:
>> > NoNewPrivs: 0
>> > Seccomp: 2
>> > Speculation_Store_Bypass: thread force mitigated
>> > Cpus_allowed: ff
>> > Cpus_allowed_list: 0-7
>> > Mems_allowed:
>> > ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0001
>> > Mems_allowed_list: 0
>> > voluntary_ctxt_switches: 22
>> > nonvoluntary_ctxt_switches: 52
>> > ' Pid: 32911]
>> > FAIL
>> > FAIL syscall 0.724s
>> >
>> >
>> >
>> > --
>> > You received this message because you are subscribed to the Google Groups
>> > "golang-nuts" group.
>> > To unsubscribe from this group and stop receiving emails from it, send an
>> > email to golang-nuts...@googlegroups.com.
>> > To view this discussion on the web visit
>> > https://groups.google.com/d/msgid/golang-nuts/9675fc9a-75df-4253-9112-e85d3026a185n%40googlegroups.com.
>
> --
> You received this message because you are subscribed to the Google Groups
> "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to golang-nuts+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/golang-nuts/54f8ac32-f306-4bfd-bd8b-360f31b9415dn%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/CAOyqgcU_O7neHnQw7siewYt8Cz2QFW7%2BL5VvidfPM_bQGU2efA%40mail.gmail.com.
Re: [go-nuts] TestSetuidEtc fails during test execution in a container
It looks like the CapBound here is non-default. That is, this container is
running with non-default restrictions.
$ /sbin/capsh --decode=0xa80425fb
0xa80425fb=cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap
The environment appears to be denying cap_setgid - which is why the
Setgroups() call is failing.
Is adjusting that environmental choice possible?
Cheers
Andrew
On Wednesday, May 12, 2021 at 2:34:09 PM UTC-7 Ian Lance Taylor wrote:
> [ + agm ]
>
> On Wed, May 12, 2021 at 2:12 PM Kumar Srinivasan
> wrote:
> >
> > Hello,
> >
> > This is the first time I am posting to this group, apologies if this is
> the wrong forum.
> >
> > I am trying to build the go sources and test the built sources, so
> effectively I am running
> > % cd go-source-dir/src && GOROOT_BOOTSTRAP=/BOOT_GO bash
> ./all.bash
> > I am seeing this failure attached below when I build and test within a
> container.
> > However I don't see this issue in a Virtual Machine running CentOS7.
> >
> > Appreciate any help or insights anyone can offer.
> >
> > Thanks
> > Kumar Srinivasan
> >
> > % uname -a
> >
> > Linux 7bb298e4-71d7-4f5e-4d4c-d58ac8ce61ac 4.15.0-76-generic #86-Ubuntu
> SMP Fri Jan 17 17:24:28 UTC 2020 x86_64
> >
> >
> > --- FAIL: TestSetuidEtc (0.12s)
> > syscall_linux_test.go:668: [6] "Setgroups([]int{0,1,2,3})" comparison:
> "/proc/32911/status" got:"Groups:\t1 2 3 0" want:"Groups:\t0 1 2 3" (bad)
> [pid=32911 file:'Name: syscall.test
> > Umask: 0022
> > State: S (sleeping)
> > Tgid: 32911
> > Ngid: 0
> > Pid: 32911
> > PPid: 10324
> > TracerPid: 0
> > Uid: 0 0 0 0
> > Gid: 0 0 0 0
> > FDSize: 64
> > Groups: 1 2 3 0
> > NStgid: 32911
> > NSpid: 32911
> > NSpgid: 7
> > NSsid: 7
> > VmPeak: 1092152 kB
> > VmSize: 1034812 kB
> > VmLck: 0 kB
> > VmPin: 0 kB
> > VmHWM: 5372 kB
> > VmRSS: 5372 kB
> > RssAnon: 1416 kB
> > RssFile: 3956 kB
> > RssShmem: 0 kB
> > VmData: 169344 kB
> > VmStk: 132 kB
> > VmExe: 1384 kB
> > VmLib: 1464 kB
> > VmPTE: 140 kB
> > VmSwap: 0 kB
> > HugetlbPages: 0 kB
> > CoreDumping: 0
> > Threads: 8
> > SigQ: 2/128577
> > SigPnd:
> > ShdPnd:
> > SigBlk:
> > SigIgn: 0030
> > SigCgt: fffdffc1feff
> > CapInh: a80425fb
> > CapPrm: a80425fb
> > CapEff: a80425fb
> > CapBnd: a80425fb
> > CapAmb:
> > NoNewPrivs: 0
> > Seccomp: 2
> > Speculation_Store_Bypass: thread force mitigated
> > Cpus_allowed: ff
> > Cpus_allowed_list: 0-7
> > Mems_allowed:
> ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0001
> > Mems_allowed_list: 0
> > voluntary_ctxt_switches: 22
> > nonvoluntary_ctxt_switches: 52
> > ' Pid: 32911]
> > FAIL
> > FAIL syscall 0.724s
> >
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "golang-nuts" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to golang-nuts...@googlegroups.com.
> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/golang-nuts/9675fc9a-75df-4253-9112-e85d3026a185n%40googlegroups.com
> .
>
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/54f8ac32-f306-4bfd-bd8b-360f31b9415dn%40googlegroups.com.
Re: [go-nuts] TestSetuidEtc fails during test execution in a container
Whoops, I missed mentioning I was trying to build and test this branch +
hash:
https://go.googlesource.com/go/+/fcee6b930a01407527e3a0386af2ea7ac4e66d44
Thanks
Kumar
On Wed, May 12, 2021 at 2:33 PM Ian Lance Taylor wrote:
> [ + agm ]
>
> On Wed, May 12, 2021 at 2:12 PM Kumar Srinivasan
> wrote:
> >
> > Hello,
> >
> > This is the first time I am posting to this group, apologies if this is
> the wrong forum.
> >
> > I am trying to build the go sources and test the built sources, so
> effectively I am running
> > % cd go-source-dir/src && GOROOT_BOOTSTRAP=/BOOT_GO bash
> ./all.bash
> > I am seeing this failure attached below when I build and test within a
> container.
> > However I don't see this issue in a Virtual Machine running CentOS7.
> >
> > Appreciate any help or insights anyone can offer.
> >
> > Thanks
> > Kumar Srinivasan
> >
> > % uname -a
> >
> > Linux 7bb298e4-71d7-4f5e-4d4c-d58ac8ce61ac 4.15.0-76-generic #86-Ubuntu
> SMP Fri Jan 17 17:24:28 UTC 2020 x86_64
> >
> >
> > --- FAIL: TestSetuidEtc (0.12s)
> > syscall_linux_test.go:668: [6] "Setgroups([]int{0,1,2,3})" comparison:
> "/proc/32911/status" got:"Groups:\t1 2 3 0" want:"Groups:\t0 1 2 3" (bad)
> [pid=32911 file:'Name: syscall.test
> > Umask: 0022
> > State: S (sleeping)
> > Tgid: 32911
> > Ngid: 0
> > Pid: 32911
> > PPid: 10324
> > TracerPid: 0
> > Uid: 0 0 0 0
> > Gid: 0 0 0 0
> > FDSize: 64
> > Groups: 1 2 3 0
> > NStgid: 32911
> > NSpid: 32911
> > NSpgid: 7
> > NSsid: 7
> > VmPeak: 1092152 kB
> > VmSize: 1034812 kB
> > VmLck: 0 kB
> > VmPin: 0 kB
> > VmHWM: 5372 kB
> > VmRSS: 5372 kB
> > RssAnon: 1416 kB
> > RssFile: 3956 kB
> > RssShmem: 0 kB
> > VmData: 169344 kB
> > VmStk: 132 kB
> > VmExe: 1384 kB
> > VmLib: 1464 kB
> > VmPTE: 140 kB
> > VmSwap: 0 kB
> > HugetlbPages: 0 kB
> > CoreDumping: 0
> > Threads: 8
> > SigQ: 2/128577
> > SigPnd:
> > ShdPnd:
> > SigBlk:
> > SigIgn: 0030
> > SigCgt: fffdffc1feff
> > CapInh: a80425fb
> > CapPrm: a80425fb
> > CapEff: a80425fb
> > CapBnd: a80425fb
> > CapAmb:
> > NoNewPrivs: 0
> > Seccomp: 2
> > Speculation_Store_Bypass: thread force mitigated
> > Cpus_allowed: ff
> > Cpus_allowed_list: 0-7
> > Mems_allowed:
> ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0001
> > Mems_allowed_list: 0
> > voluntary_ctxt_switches: 22
> > nonvoluntary_ctxt_switches: 52
> > ' Pid: 32911]
> > FAIL
> > FAIL syscall 0.724s
> >
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "golang-nuts" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to golang-nuts+unsubscr...@googlegroups.com.
> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/golang-nuts/9675fc9a-75df-4253-9112-e85d3026a185n%40googlegroups.com
> .
>
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/CAEXt0tRQPwv_9pwvETGBZR%2BtgNVY02Mh_dQBvmMh%2BwnroKAYCQ%40mail.gmail.com.
Re: [go-nuts] TestSetuidEtc fails during test execution in a container
[ + agm ]
On Wed, May 12, 2021 at 2:12 PM Kumar Srinivasan wrote:
>
> Hello,
>
> This is the first time I am posting to this group, apologies if this is the
> wrong forum.
>
> I am trying to build the go sources and test the built sources, so
> effectively I am running
> % cd go-source-dir/src && GOROOT_BOOTSTRAP=/BOOT_GO bash ./all.bash
> I am seeing this failure attached below when I build and test within a
> container.
> However I don't see this issue in a Virtual Machine running CentOS7.
>
> Appreciate any help or insights anyone can offer.
>
> Thanks
> Kumar Srinivasan
>
> % uname -a
>
> Linux 7bb298e4-71d7-4f5e-4d4c-d58ac8ce61ac 4.15.0-76-generic #86-Ubuntu SMP
> Fri Jan 17 17:24:28 UTC 2020 x86_64
>
>
> --- FAIL: TestSetuidEtc (0.12s)
> syscall_linux_test.go:668: [6] "Setgroups([]int{0,1,2,3})" comparison:
> "/proc/32911/status" got:"Groups:\t1 2 3 0" want:"Groups:\t0 1 2 3" (bad)
> [pid=32911 file:'Name: syscall.test
> Umask: 0022
> State: S (sleeping)
> Tgid: 32911
> Ngid: 0
> Pid: 32911
> PPid: 10324
> TracerPid: 0
> Uid: 0 0 0 0
> Gid: 0 0 0 0
> FDSize: 64
> Groups: 1 2 3 0
> NStgid: 32911
> NSpid: 32911
> NSpgid: 7
> NSsid: 7
> VmPeak: 1092152 kB
> VmSize: 1034812 kB
> VmLck: 0 kB
> VmPin: 0 kB
> VmHWM: 5372 kB
> VmRSS: 5372 kB
> RssAnon: 1416 kB
> RssFile: 3956 kB
> RssShmem: 0 kB
> VmData: 169344 kB
> VmStk: 132 kB
> VmExe: 1384 kB
> VmLib: 1464 kB
> VmPTE: 140 kB
> VmSwap: 0 kB
> HugetlbPages: 0 kB
> CoreDumping: 0
> Threads: 8
> SigQ: 2/128577
> SigPnd:
> ShdPnd:
> SigBlk:
> SigIgn: 0030
> SigCgt: fffdffc1feff
> CapInh: a80425fb
> CapPrm: a80425fb
> CapEff: a80425fb
> CapBnd: a80425fb
> CapAmb:
> NoNewPrivs: 0
> Seccomp: 2
> Speculation_Store_Bypass: thread force mitigated
> Cpus_allowed: ff
> Cpus_allowed_list: 0-7
> Mems_allowed:
> ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0001
> Mems_allowed_list: 0
> voluntary_ctxt_switches: 22
> nonvoluntary_ctxt_switches: 52
> ' Pid: 32911]
> FAIL
> FAIL syscall 0.724s
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to golang-nuts+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/golang-nuts/9675fc9a-75df-4253-9112-e85d3026a185n%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/CAOyqgcUNzYvg08iVxaaUGK%3DtZf5h1d6kNj_0_cbQk0y2nU%3D70w%40mail.gmail.com.
