GNU bug report logs - #78225
Testsuite failure relating to chgrp in (unprivileged) user namespaces

Previous Next

Package: coreutils;

Reported by: keinflue <keinflue <at> posteo.net>

Date: Sat, 3 May 2025 03:39:01 UTC

Severity: normal

Done: Pádraig Brady <P <at> draigBrady.com>

Bug is archived. No further changes may be made.

Full log

Message #10 received at 78225-done <at> debbugs.gnu.org (full text, mbox):

From: Pádraig Brady <P <at> draigBrady.com>
To: keinflue <keinflue <at> posteo.net>, 78225-done <at> debbugs.gnu.org
Subject: Re: bug#78225: Testsuite failure relating to chgrp in (unprivileged)
 user namespaces
Date: Sat, 3 May 2025 10:03:10 +0100

[Message part 1 (text/plain, inline)]
On 03/05/2025 04:38, keinflue wrote:
> Hello,
> 
> noticed this on Guix (https://issues.guix.gnu.org/77862#5) with
> coreutils 9.1 and also verified with latest release 9.7.
> 
> When building and running the testsuite of coreutils on Linux in a user
> namespace as unprivileged user the latter may fail chgrp test cases:
> 
>> FAIL: tests/chgrp/default-no-deref.sh
>> FAIL: tests/chgrp/no-x.sh
>> FAIL: tests/chgrp/posix-H.sh
>> FAIL: tests/chgrp/recurse.sh
>> FAIL: tests/chgrp/basic.sh
> 
> The cause for this are supplementary groups of the build process which
> are not mapped in the user namespace via /proc/pid/gid_map.
> 
> Inside the user namespace these groups are reported as the overflow gid
> (by default 65534). require_membership_in_two_groups_ in init.cfg has no
> exemption for this gid and the chgrp tests will attempt to change
> ownership to this gid, assuming this to be valid as usually is the case
> when changing ownership to a supplementary group. However, this is not
> allowed for the unmapped overflow gid and the syscall will fail.
> 
> The same problem occurs in gnulib-tests, but I suppose I should report
> this to the bug-gnulib list.
> 
> This was noticed during experimentation with Guix's new feature to run
> the build daemon as unprivileged user process, which relies on
> unprivileged user namespaces to construct the build container. As
> discussed in the linked issue it isn't really an option to drop the
> supplementary groups in this setting.
> 
> I think the overflow gid should be exempt in
> require_membership_in_two_groups_ as was already implemented for special
> gids on MacOS.

Thanks for the details.

I pushed the attached to avoid this issue.

Marking this as done.

cheers,
Padraig.
[tests-overflowgid.patch (text/x-patch, attachment)]
This bug report was last modified 105 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.