Created attachment 1013474 [details] Proposed patch Description of problem: The 'run-deleted.sh' and 'vdsosyms' tests fail when the Yama policy disallows uses of PTRACE_ATTACH for non-CAP_SYS_PTRACE processes, as is the case by default in recent Linux kernels (such as 3.19.3.) Version-Release number of selected component (if applicable): 0.161 How reproducible: 100% Steps to Reproduce: 1. Pick a Linux 3.19ish system. 2. echo 1 > /proc/sys/kernel/yama/ptrace_scope (as root) 3. Run "make check". Actual results: run-deleted.sh and vdosyms fail. Expected results: These tests should be skipped in this case. Additional info: Patch attached (this patch is currently used in GNU Guix.)
(In reply to Ludovic Courtès from comment #0) > The 'run-deleted.sh' and 'vdsosyms' tests fail when the Yama policy > disallows uses of PTRACE_ATTACH for non-CAP_SYS_PTRACE processes, as is the > case by default in recent Linux kernels (such as 3.19.3.) > [...] > Steps to Reproduce: > 1. Pick a Linux 3.19ish system. > 2. echo 1 > /proc/sys/kernel/yama/ptrace_scope (as root) So do not do that! :) Really, that policy is not very helpful. It disallows users to inspect their own processes. > Patch attached (this patch is currently used in GNU Guix.) I think there is an upstream patch that is better for working around such crippled systems: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=cc74c21c0de87cc3c7b293234808b3118c4d85db commit cc74c21c0de87cc3c7b293234808b3118c4d85db Author: Mark Wielaard <mjw> Date: Thu Jan 15 13:39:06 2015 +0100 tests: Make deleted and vdsosyms testcases work with "restricted ptrace". Some systems might have "restricted ptrace" that doesn't allow process inspection of arbitrary processes. Change the deleted testcase to explicitly allow any other process to inspect it using the PR_SET_PTRACER prctl set to PR_SET_PTRACER_ANY. Change the vdsosyms testcase to inspect the process itself which should always be allowed. Reported-by: Anatol Pomozov <anatol.pomozov> Signed-off-by: Mark Wielaard <mjw> Could you try the above?
(In reply to Mark Wielaard from comment #1) > (In reply to Ludovic Courtès from comment #0) > > The 'run-deleted.sh' and 'vdsosyms' tests fail when the Yama policy > > disallows uses of PTRACE_ATTACH for non-CAP_SYS_PTRACE processes, as is the > > case by default in recent Linux kernels (such as 3.19.3.) > > [...] > > Steps to Reproduce: > > 1. Pick a Linux 3.19ish system. > > 2. echo 1 > /proc/sys/kernel/yama/ptrace_scope (as root) > > So do not do that! :) > > Really, that policy is not very helpful. Yeah agreed. It just turns out to be the upstream default. :-/ > I think there is an upstream patch that is better for working around such > crippled systems: > > https://git.fedorahosted.org/cgit/elfutils.git/commit/ > ?id=cc74c21c0de87cc3c7b293234808b3118c4d85db > > commit cc74c21c0de87cc3c7b293234808b3118c4d85db > Author: Mark Wielaard <mjw> > Date: Thu Jan 15 13:39:06 2015 +0100 > > tests: Make deleted and vdsosyms testcases work with "restricted ptrace". > > Some systems might have "restricted ptrace" that doesn't allow process > inspection of arbitrary processes. Change the deleted testcase to > explicitly allow any other process to inspect it using the PR_SET_PTRACER > prctl set to PR_SET_PTRACER_ANY. Change the vdsosyms testcase to inspect > the process itself which should always be allowed. > > Reported-by: Anatol Pomozov <anatol.pomozov> > Signed-off-by: Mark Wielaard <mjw> Better, indeed. Thanks! Ludo'.