Mea culpa. I clearly misread the capsh output. There is a cap_setgid in there. Looking closer at the output the miscompare is there in the first line. The groups are listed in an unsorted order. That is not expected by the test. Let me see what is causing this to happen. I'll use the bug to investigate and document what I find.
Cheers Andrew On Wednesday, May 12, 2021 at 3:48:15 PM UTC-7 Andrew G. Morgan wrote: > OK. I've filed this bug. If we want to go this route, please assign it to > me: > > https://github.com/golang/go/issues/46145 > > > On Wednesday, May 12, 2021 at 2:53:19 PM UTC-7 Ian Lance Taylor wrote: > >> On Wed, May 12, 2021 at 2:47 PM 'Andrew G. Morgan' via golang-nuts >> <golan...@googlegroups.com> wrote: >> > >> > >> > It looks like the CapBound here is non-default. That is, this container >> is running with non-default restrictions. >> > >> > $ /sbin/capsh --decode=0x00000000a80425fb >> > >> 0x00000000a80425fb=cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap >> > >> > The environment appears to be denying cap_setgid - which is why the >> Setgroups() call is failing. >> > >> > Is adjusting that environmental choice possible? >> >> Alternatively, can the test code detect that those restrictions are >> being applied, and skip the test in that case? That's our usual >> pattern for tests that can't be run in some environments. Thanks. >> >> Ian >> >> >> > On Wednesday, May 12, 2021 at 2:34:09 PM UTC-7 Ian Lance Taylor wrote: >> >> >> >> [ + agm ] >> >> >> >> On Wed, May 12, 2021 at 2:12 PM Kumar Srinivasan <ksri...@gmail.com> >> wrote: >> >> > >> >> > Hello, >> >> > >> >> > This is the first time I am posting to this group, apologies if this >> is the wrong forum. >> >> > >> >> > I am trying to build the go sources and test the built sources, so >> effectively I am running >> >> > % cd go-source-dir/src && GOROOT_BOOTSTRAP=<redacted>/BOOT_GO bash >> ./all.bash >> >> > I am seeing this failure attached below when I build and test within >> a container. >> >> > However I don't see this issue in a Virtual Machine running CentOS7. >> >> > >> >> > Appreciate any help or insights anyone can offer. >> >> > >> >> > Thanks >> >> > Kumar Srinivasan >> >> > >> >> > % uname -a >> >> > >> >> > Linux 7bb298e4-71d7-4f5e-4d4c-d58ac8ce61ac 4.15.0-76-generic >> #86-Ubuntu SMP Fri Jan 17 17:24:28 UTC 2020 x86_64 >> >> > >> >> > <redacted for clarity> >> >> > --- FAIL: TestSetuidEtc (0.12s) >> >> > syscall_linux_test.go:668: [6] "Setgroups([]int{0,1,2,3})" >> comparison: "/proc/32911/status" got:"Groups:\t1 2 3 0" want:"Groups:\t0 1 >> 2 3" (bad) [pid=32911 file:'Name: syscall.test >> >> > Umask: 0022 >> >> > State: S (sleeping) >> >> > Tgid: 32911 >> >> > Ngid: 0 >> >> > Pid: 32911 >> >> > PPid: 10324 >> >> > TracerPid: 0 >> >> > Uid: 0 0 0 0 >> >> > Gid: 0 0 0 0 >> >> > FDSize: 64 >> >> > Groups: 1 2 3 0 >> >> > NStgid: 32911 >> >> > NSpid: 32911 >> >> > NSpgid: 7 >> >> > NSsid: 7 >> >> > VmPeak: 1092152 kB >> >> > VmSize: 1034812 kB >> >> > VmLck: 0 kB >> >> > VmPin: 0 kB >> >> > VmHWM: 5372 kB >> >> > VmRSS: 5372 kB >> >> > RssAnon: 1416 kB >> >> > RssFile: 3956 kB >> >> > RssShmem: 0 kB >> >> > VmData: 169344 kB >> >> > VmStk: 132 kB >> >> > VmExe: 1384 kB >> >> > VmLib: 1464 kB >> >> > VmPTE: 140 kB >> >> > VmSwap: 0 kB >> >> > HugetlbPages: 0 kB >> >> > CoreDumping: 0 >> >> > Threads: 8 >> >> > SigQ: 2/128577 >> >> > SigPnd: 0000000000000000 >> >> > ShdPnd: 0000000000000000 >> >> > SigBlk: 0000000000000000 >> >> > SigIgn: 0000000000300000 >> >> > SigCgt: fffffffdffc1feff >> >> > CapInh: 00000000a80425fb >> >> > CapPrm: 00000000a80425fb >> >> > CapEff: 00000000a80425fb >> >> > CapBnd: 00000000a80425fb >> >> > CapAmb: 0000000000000000 >> >> > NoNewPrivs: 0 >> >> > Seccomp: 2 >> >> > Speculation_Store_Bypass: thread force mitigated >> >> > Cpus_allowed: ff >> >> > Cpus_allowed_list: 0-7 >> >> > Mems_allowed: >> 00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001 >> >> > Mems_allowed_list: 0 >> >> > voluntary_ctxt_switches: 22 >> >> > nonvoluntary_ctxt_switches: 52 >> >> > ' Pid: 32911] >> >> > FAIL >> >> > FAIL syscall 0.724s >> >> > >> >> > <redacted for clarity> >> >> > >> >> > -- >> >> > You received this message because you are subscribed to the Google >> Groups "golang-nuts" group. >> >> > To unsubscribe from this group and stop receiving emails from it, >> send an email to golang-nuts...@googlegroups.com. >> >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/golang-nuts/9675fc9a-75df-4253-9112-e85d3026a185n%40googlegroups.com >> . >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups "golang-nuts" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an email to golang-nuts...@googlegroups.com. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/golang-nuts/54f8ac32-f306-4bfd-bd8b-360f31b9415dn%40googlegroups.com >> . >> > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/b6d8a1f0-583c-465f-b259-3995baa37e91n%40googlegroups.com.
