diff options
author | Marek Szuba <marecki@gentoo.org> | 2021-07-13 11:57:54 +0100 |
---|---|---|
committer | Marek Szuba <marecki@gentoo.org> | 2021-07-13 12:20:54 +0100 |
commit | ea8a4b3bcf6a0a57f7cdb8e4d37ff62d099cb6a4 (patch) | |
tree | c5af06296f30912f4b8e764e79925e8f27e85ca8 | |
parent | net-mail/mailutils: keyword 3.12-r2 for ~riscv (diff) | |
download | gentoo-ea8a4b3bcf6a0a57f7cdb8e4d37ff62d099cb6a4.tar.gz gentoo-ea8a4b3bcf6a0a57f7cdb8e4d37ff62d099cb6a4.tar.bz2 gentoo-ea8a4b3bcf6a0a57f7cdb8e4d37ff62d099cb6a4.zip |
dev-util/ltrace: skip the attach-process test
On modern kernels with the Yama security module enabled the default
ptrace behaviour is that a process must have a predefined relationship
with the inferior it wants to call ``PTRACE_ATTACH`` on, with two
additional modes restricting process tracing even more; for details see
[1]. As a result, unless Yama is explicitly reset to classic ptrace
permissions the ltrace attach-process test fails due to
insufficient permissions - regardless of the sandbox, or even when the
test suite is run manually with no involvement of a Gentoo package
manager.
We could in principle modify the test in question to be compatible with
restricted-ptrace mode, however it would still fail on systems with
Yama in admin-attach and no-attach mode. Between that and requiring the
user to reconfigure Yama prior to running this test being IMHO a Bad
Idea, just don't bother with this test at all.
[1] https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html
Closes: https://bugs.gentoo.org/729046
Signed-off-by: Marek Szuba <marecki@gentoo.org>
-rw-r--r-- | dev-util/ltrace/ltrace-0.7.3.6.1.ebuild | 4 | ||||
-rw-r--r-- | dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild b/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild index 9fd7b01b8545..9bb71a617185 100644 --- a/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild +++ b/dev-util/ltrace/ltrace-0.7.3.6.1.ebuild @@ -71,6 +71,10 @@ src_configure() { } src_test() { + # On kernels with Yama enabled this will not run, even without sandbox, + # unless /proc/sys/kernel/yama/ptrace_scope == 0. Just don't bother. + # Note: we only delete it here in order to avoid Makefile.am patching. + rm -f testsuite/ltrace.minor/attach-process.exp # sandbox redirects vfork() to fork(): bug # 774054 # Let's avoid sandbox entirely. SANDBOX_ON=0 LD_PRELOAD= emake check diff --git a/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild b/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild index beb325aa49c3..3b6aafcb34d6 100644 --- a/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild +++ b/dev-util/ltrace/ltrace-0.7.3_p4-r1.ebuild @@ -70,6 +70,10 @@ src_configure() { } src_test() { + # On kernels with Yama enabled this will not run, even without sandbox, + # unless /proc/sys/kernel/yama/ptrace_scope == 0. Just don't bother. + # Note: we only delete it here in order to avoid Makefile.am patching. + rm -f testsuite/ltrace.minor/attach-process.exp # sandbox redirects vfork() to fork(): bug # 774054 # Let's avoid sandbox entirely. SANDBOX_ON=0 LD_PRELOAD= emake check |