GNU bug report logs - #24108
CLONE_NEWUSER tests fail with EPERM instead of being skipped on Grsecurity kernels

Previous Next

Package: guix;

Reported by: sapientech <at> openmailbox.org

Date: Fri, 29 Jul 2016 23:51:01 UTC

Severity: normal

Tags: notabug

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 24108 <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: sapientech <at> openmailbox.org
Cc: 24108 <at> debbugs.gnu.org
Subject: Re: bug#24108: guix make tests failure
Date: Sat, 30 Jul 2016 15:07:25 +0200

Hi,

sapientech <at> openmailbox.org skribis:

> test-name: substitute query, alternating URLs
> location: /home/sapientech/Dev/guix/guix_wip/tests/store.scm:456

[...]

> substitute: guix/ui.scm:1209:6: In procedure run-guix-command:
> substitute: guix/ui.scm:1209:6: unmatched line "<html><head><meta http-equiv=\"refresh\" content=\"0;url=http://www.dnsrsearch.com/index.php?origURL=http://does-not-exist/nix-cache-info&bc=\"/></head><body><script type=\"text/javascript\">window.location=\"http://www.dnsrsearch.com/index.php?origURL=\"+escape(window.location)+\"&r=\"+escape(document.referrer)+\"&bc=\";</script></body></html>"

It seems there’s a DNS hijacker in place where domain names such as
“does-not-exist” (used in this and other tests) are resolved to some
ISP-specific host or something.  This explains this and more of the
other test failures you are seeing; this is unsupported.

> test-name: clone
> location: /home/sapientech/Dev/guix/guix_wip/tests/syscalls.scm:109
> source:
> + (test-assert
> +   "clone"
> +   (match (clone (logior CLONE_NEWUSER SIGCHLD))
> +          (0 (primitive-exit 42))
> +          (pid (and (not (equal?
> +                           (readlink (user-namespace pid))
> +                           (readlink (user-namespace (getpid)))))
> +                    (match (waitpid pid)
> +                           ((_ . status) (= 42 (status:exit-val status))))))))
> actual-value: #f
> actual-error:
> + (system-error
> +   "clone"
> +   "~d: ~A"
> +   (268435473 "Operation not permitted")
> +   (1))
> result: FAIL

What does “uname -srv” report on this machine?  It seems this kernel
does not support namespaces.

Thanks,
Ludo’.
This bug report was last modified 5 years and 30 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.