Skip to content

bpo-38692: Skip test_posix.test_pidfd_open() on EPERM #17290

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 21, 2019
Merged

bpo-38692: Skip test_posix.test_pidfd_open() on EPERM #17290

merged 1 commit into from
Nov 21, 2019

Conversation

vstinner
Copy link
Member

@vstinner vstinner commented Nov 20, 2019
edited by bedevere-bot
Loading

Skip test_posix.test_pidfd_open() test if os.pidfd_open() fails with
a PermissionError. It can happen in a Linux sandbox using a whitelist
of syscalls which doesn't allow pidfd_open syscall yet.

https://bugs.python.org/issue38692

@vstinner vstinner requested a review from benjaminp November 20, 2019 14:42
@bedevere-bot bedevere-bot added tests Tests in the Lib/test dir awaiting core review labels Nov 20, 2019
@vstinner
Copy link
Member Author

Concrete example such whitelist sandbox: systemd-nspawn doesn't allow pidfd_open syscall yet. This issue affects mock tool used to build packages on Fedora.
https://bugs.python.org/issue38692#msg357054

The issue was already discussed at:
https://bugs.python.org/issue38692#msg356289
@benjaminp wrote " It seems like systemd-nspawn is just breaking everything: https://sourceware.org/ml/libc-alpha/2019-11/msg00277.html "

Honestly, I'm not interested to discuss if a sandbox is "broken" or not. Such sandboxes exist, it's just a fact. IMHO it's not a big deal to add 2 lines to test_posix just to not be annoyed by the sandbox policy.

@hroncok
Copy link
Contributor

hroncok commented Nov 20, 2019

This indeed workarounds the issue we have in Fedora. I will also try get pidfd_open whitelisted in systemd-nspawn, but that can take a while. In the meantime, this is IMHO the best we can get.

@vstinner
Copy link
Member Author

@benjaminp @pablogsal @nanjekyejoannah : does it look like reasonable to you to skip the test if Python is running in a sandbox?

pablogsal
pablogsal approved these changes Nov 20, 2019
View reviewed changes
Copy link
Member

@pablogsal pablogsal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@benjaminp @pablogsal @nanjekyejoannah : does it look like reasonable to you to skip the test if Python is running in a sandbox?

This sounds very reasonable to me :)

pablogsal
pablogsal reviewed Nov 20, 2019
View reviewed changes
pablogsal
pablogsal reviewed Nov 20, 2019
View reviewed changes
pablogsal
pablogsal reviewed Nov 20, 2019
View reviewed changes
@yan12125
Copy link
Contributor

I got another test failure during our weekly python 3.9 update on Arch Linux:

======================================================================
FAIL: test_pidfd_send_signal (test.test_signal.PidfdSignalTest)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/build/python-git/src/cpython/Lib/test/test_signal.py", line 1287, in test_pidfd_send_signal
    self.assertEqual(cm.exception.errno, errno.EBADF)
AssertionError: 1 != 9

----------------------------------------------------------------------

Could that test be skipped in case of EPERM from the system call pidfd_send_signal, too?

@vstinner
Copy link
Member Author

I got another test failure during our weekly python 3.9 update on Arch Linux: (...)

This PR fix it, no? You get a EPERM error (errno 1).

Could that test be skipped in case of EPERM from the system call pidfd_send_signal, too?

My PR skip pidfd_open() test if the syscall fails with EPERM. Python doesn't expose pidfd_send_signal() yet, so I don't understand your question.

@vstinner
bpo-38692: Skip test_posix.test_pidfd_open() on EPERM
fcd4a18 
Skip the test_posix.test_pidfd_open() test if os.pidfd_open() fails
with a PermissionError. This situation can happen in a Linux sandbox
using a syscall whitelist which doesn't allow the pidfd_open()
syscall yet.
@vstinner
Copy link
Member Author

I got another test failure during our weekly python 3.9 update on Arch Linux: (...)

Would yo mind to describe your issue in https://bugs.python.org/issue38692 ? What is your kernel version? Are you running the Python test suite in any sandbox? If you are not using a sandbox, I'm surprised that you got a EPERM error.

@vstinner
Copy link
Member Author

I got another test failure during our weekly python 3.9 update on Arch Linux: (...)

Oh. Is it a similar issue than https://bugs.python.org/issue38692#msg356235 where you ran the Python test suite using systemd-nspawn sandbox?

@vstinner vstinner merged commit 3ab479a into python:master Nov 21, 2019
@vstinner vstinner deleted the test_pidfd_open_eperm branch November 21, 2019 11:54
@vstinner
Copy link
Member Author

Thanks for your review @pablogsal.

yan12125 added a commit to archlinuxcn/repo that referenced this pull request Nov 22, 2019
@yan12125
python-git: another workaround for test failures
a124d85 
The previous workaround is merged upstream [1]

[1] python/cpython#17290
jacobneiltaylor pushed a commit to jacobneiltaylor/cpython that referenced this pull request Dec 5, 2019
@vstinner
bpo-38692: Skip test_posix.test_pidfd_open() on EPERM (pythonGH-17290)
94cfa63 
Skip the test_posix.test_pidfd_open() test if os.pidfd_open() fails
with a PermissionError. This situation can happen in a Linux sandbox
using a syscall whitelist which doesn't allow the pidfd_open()
syscall yet (like systemd-nspawn).
shihai1991 pushed a commit to shihai1991/cpython that referenced this pull request Jan 31, 2020
@vstinner @shihai1991
bpo-38692: Skip test_posix.test_pidfd_open() on EPERM (pythonGH-17290)
f3c121f 
Skip the test_posix.test_pidfd_open() test if os.pidfd_open() fails
with a PermissionError. This situation can happen in a Linux sandbox
using a syscall whitelist which doesn't allow the pidfd_open()
syscall yet (like systemd-nspawn).
dundee pushed a commit to dundee/pkgbuilds that referenced this pull request Feb 13, 2022
@yan12125 @dundee
another workaround for test failures
82607d2 
The previous workaround is merged upstream [1]

[1] python/cpython#17290
dundee pushed a commit to dundee/pkgbuilds that referenced this pull request Sep 6, 2022
@yan12125
another workaround for test failures
e01eb86 
The previous workaround is merged upstream [1]

[1] python/cpython#17290
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pablogsal pablogsal pablogsal approved these changes

@benjaminp benjaminp Awaiting requested review from benjaminp

Assignees
No one assigned
Labels
tests Tests in the Lib/test dir
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@vstinner @hroncok @yan12125 @pablogsal @the-knights-who-say-ni @bedevere-bot