GNU bug report logs - #78225
Testsuite failure relating to chgrp in (unprivileged) user namespaces

Previous Next

Package: coreutils;

Reported by: keinflue <keinflue <at> posteo.net>

Date: Sat, 3 May 2025 03:39:01 UTC

Severity: normal

Done: Pádraig Brady <P <at> draigBrady.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Pádraig Brady <P <at> draigBrady.com>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#78225: closed (Testsuite failure relating to chgrp in
 (unprivileged) user namespaces)
Date: Sat, 03 May 2025 09:04:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Sat, 3 May 2025 10:03:10 +0100
with message-id <e3b4ec18-c788-4d88-b59c-579c1f710571 <at> draigBrady.com>
and subject line Re: bug#78225: Testsuite failure relating to chgrp in (unprivileged) user namespaces
has caused the debbugs.gnu.org bug report #78225,
regarding Testsuite failure relating to chgrp in (unprivileged) user namespaces
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
78225: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78225
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: keinflue <keinflue <at> posteo.net>
To: bug-coreutils <at> gnu.org
Subject: Testsuite failure relating to chgrp in (unprivileged) user namespaces
Date: Sat, 03 May 2025 03:38:11 +0000

Hello,

noticed this on Guix (https://issues.guix.gnu.org/77862#5) with 
coreutils 9.1 and also verified with latest release 9.7.

When building and running the testsuite of coreutils on Linux in a user 
namespace as unprivileged user the latter may fail chgrp test cases:

> FAIL: tests/chgrp/default-no-deref.sh
> FAIL: tests/chgrp/no-x.sh
> FAIL: tests/chgrp/posix-H.sh
> FAIL: tests/chgrp/recurse.sh
> FAIL: tests/chgrp/basic.sh

The cause for this are supplementary groups of the build process which 
are not mapped in the user namespace via /proc/pid/gid_map.

Inside the user namespace these groups are reported as the overflow gid 
(by default 65534). require_membership_in_two_groups_ in init.cfg has no 
exemption for this gid and the chgrp tests will attempt to change 
ownership to this gid, assuming this to be valid as usually is the case 
when changing ownership to a supplementary group. However, this is not 
allowed for the unmapped overflow gid and the syscall will fail.

The same problem occurs in gnulib-tests, but I suppose I should report 
this to the bug-gnulib list.

This was noticed during experimentation with Guix's new feature to run 
the build daemon as unprivileged user process, which relies on 
unprivileged user namespaces to construct the build container. As 
discussed in the linked issue it isn't really an option to drop the 
supplementary groups in this setting.

I think the overflow gid should be exempt in 
require_membership_in_two_groups_ as was already implemented for special 
gids on MacOS.

Best,
keinflue



[Message part 3 (message/rfc822, inline)]
From: Pádraig Brady <P <at> draigBrady.com>
To: keinflue <keinflue <at> posteo.net>, 78225-done <at> debbugs.gnu.org
Subject: Re: bug#78225: Testsuite failure relating to chgrp in (unprivileged)
 user namespaces
Date: Sat, 3 May 2025 10:03:10 +0100

[Message part 4 (text/plain, inline)]
On 03/05/2025 04:38, keinflue wrote:
> Hello,
> 
> noticed this on Guix (https://issues.guix.gnu.org/77862#5) with
> coreutils 9.1 and also verified with latest release 9.7.
> 
> When building and running the testsuite of coreutils on Linux in a user
> namespace as unprivileged user the latter may fail chgrp test cases:
> 
>> FAIL: tests/chgrp/default-no-deref.sh
>> FAIL: tests/chgrp/no-x.sh
>> FAIL: tests/chgrp/posix-H.sh
>> FAIL: tests/chgrp/recurse.sh
>> FAIL: tests/chgrp/basic.sh
> 
> The cause for this are supplementary groups of the build process which
> are not mapped in the user namespace via /proc/pid/gid_map.
> 
> Inside the user namespace these groups are reported as the overflow gid
> (by default 65534). require_membership_in_two_groups_ in init.cfg has no
> exemption for this gid and the chgrp tests will attempt to change
> ownership to this gid, assuming this to be valid as usually is the case
> when changing ownership to a supplementary group. However, this is not
> allowed for the unmapped overflow gid and the syscall will fail.
> 
> The same problem occurs in gnulib-tests, but I suppose I should report
> this to the bug-gnulib list.
> 
> This was noticed during experimentation with Guix's new feature to run
> the build daemon as unprivileged user process, which relies on
> unprivileged user namespaces to construct the build container. As
> discussed in the linked issue it isn't really an option to drop the
> supplementary groups in this setting.
> 
> I think the overflow gid should be exempt in
> require_membership_in_two_groups_ as was already implemented for special
> gids on MacOS.

Thanks for the details.

I pushed the attached to avoid this issue.

Marking this as done.

cheers,
Padraig.
[tests-overflowgid.patch (text/x-patch, attachment)]
This bug report was last modified 105 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.