Re: [go-nuts] TestSetuidEtc fails during test execution in a container

['Andrew G. Morgan' via golang-nuts]

It looks like the CapBound here is non-default. That is, this container is 
running with non-default restrictions.

$ /sbin/capsh --decode=0x00000000a80425fb
0x00000000a80425fb=cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap

The environment appears to be denying cap_setgid - which is why the 
Setgroups() call is failing.

Is adjusting that environmental choice possible?

Cheers

Andrew

On Wednesday, May 12, 2021 at 2:34:09 PM UTC-7 Ian Lance Taylor wrote:

> [ + agm ]
>
> On Wed, May 12, 2021 at 2:12 PM Kumar Srinivasan <ksri...@gmail.com> 
> wrote:
> >
> > Hello,
> >
> > This is the first time I am posting to this group, apologies if this is 
> the wrong forum.
> >
> > I am trying to build the go sources and test the built sources, so 
> effectively I am running
> > % cd go-source-dir/src && GOROOT_BOOTSTRAP=<redacted>/BOOT_GO bash 
> ./all.bash
> > I am seeing this failure attached below when I build and test within a 
> container.
> > However I don't see this issue in a Virtual Machine running CentOS7.
> >
> > Appreciate any help or insights anyone can offer.
> >
> > Thanks
> > Kumar Srinivasan
> >
> > % uname -a
> >
> > Linux 7bb298e4-71d7-4f5e-4d4c-d58ac8ce61ac 4.15.0-76-generic #86-Ubuntu 
> SMP Fri Jan 17 17:24:28 UTC 2020 x86_64
> >
> > <redacted for clarity>
> > --- FAIL: TestSetuidEtc (0.12s)
> > syscall_linux_test.go:668: [6] "Setgroups([]int{0,1,2,3})" comparison: 
> "/proc/32911/status" got:"Groups:\t1 2 3 0" want:"Groups:\t0 1 2 3" (bad) 
> [pid=32911 file:'Name: syscall.test
> > Umask: 0022
> > State: S (sleeping)
> > Tgid: 32911
> > Ngid: 0
> > Pid: 32911
> > PPid: 10324
> > TracerPid: 0
> > Uid: 0 0 0 0
> > Gid: 0 0 0 0
> > FDSize: 64
> > Groups: 1 2 3 0
> > NStgid: 32911
> > NSpid: 32911
> > NSpgid: 7
> > NSsid: 7
> > VmPeak: 1092152 kB
> > VmSize: 1034812 kB
> > VmLck: 0 kB
> > VmPin: 0 kB
> > VmHWM: 5372 kB
> > VmRSS: 5372 kB
> > RssAnon: 1416 kB
> > RssFile: 3956 kB
> > RssShmem: 0 kB
> > VmData: 169344 kB
> > VmStk: 132 kB
> > VmExe: 1384 kB
> > VmLib: 1464 kB
> > VmPTE: 140 kB
> > VmSwap: 0 kB
> > HugetlbPages: 0 kB
> > CoreDumping: 0
> > Threads: 8
> > SigQ: 2/128577
> > SigPnd: 0000000000000000
> > ShdPnd: 0000000000000000
> > SigBlk: 0000000000000000
> > SigIgn: 0000000000300000
> > SigCgt: fffffffdffc1feff
> > CapInh: 00000000a80425fb
> > CapPrm: 00000000a80425fb
> > CapEff: 00000000a80425fb
> > CapBnd: 00000000a80425fb
> > CapAmb: 0000000000000000
> > NoNewPrivs: 0
> > Seccomp: 2
> > Speculation_Store_Bypass: thread force mitigated
> > Cpus_allowed: ff
> > Cpus_allowed_list: 0-7
> > Mems_allowed: 
> 00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001
> > Mems_allowed_list: 0
> > voluntary_ctxt_switches: 22
> > nonvoluntary_ctxt_switches: 52
> > ' Pid: 32911]
> > FAIL
> > FAIL syscall 0.724s
> >
> > <redacted for clarity>
> >
> > --
> > You received this message because you are subscribed to the Google 
> Groups "golang-nuts" group.
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to golang-nuts...@googlegroups.com.
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/golang-nuts/9675fc9a-75df-4253-9112-e85d3026a185n%40googlegroups.com
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/golang-nuts/54f8ac32-f306-4bfd-bd8b-360f31b9415dn%40googlegroups.com.