From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id ueN7B+/XW2ge0B0AWB0awg (envelope-from ) for ; Wed, 25 Jun 2025 07:05:19 -0400 Authentication-Results: simark.ca; dkim=pass (1024-bit key; unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=LkZshP5D; dkim=pass header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=TxNcm8PW; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=fB7nBYrF; dkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=yH8+m2JO; dkim-atps=neutral Received: by simark.ca (Postfix, from userid 112) id 0DCF51E11C; Wed, 25 Jun 2025 07:05:19 -0400 (EDT) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-9.1 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL, RCVD_IN_VALIDITY_SAFE autolearn=ham autolearn_force=no version=4.0.1 Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id C723C1E089 for ; Wed, 25 Jun 2025 07:05:17 -0400 (EDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 598E13857B9E for ; Wed, 25 Jun 2025 11:05:12 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 598E13857B9E Authentication-Results: sourceware.org; dkim=pass (1024-bit key, unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=LkZshP5D; dkim=pass header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=TxNcm8PW; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=fB7nBYrF; dkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=yH8+m2JO Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) by sourceware.org (Postfix) with ESMTPS id 005FA3857BA0 for ; Wed, 25 Jun 2025 11:02:03 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 005FA3857BA0 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=suse.de ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 005FA3857BA0 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=195.135.223.130 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1750849324; cv=none; b=YtR+l2F0uPidhj8a+4jt19iB3yGZUBjJwhJRs9WIgoqjNckJWh//SbWBPqdekEtrkFliC/z3M0Dg2LL2ekCfjy0z9uBv7Ydh2eI5v857g0aEb2v25eqjHYgquPEKq5r34pqCPGkzTzNcLP463lSsnSt7KQQpFtFvLGaDbDnxROQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1750849324; c=relaxed/simple; bh=d7aNf9VLntiOLf4WkuhJmmUyy0lRW/5uKFJdw2FDXKE=; h=DKIM-Signature:DKIM-Signature:DKIM-Signature:DKIM-Signature: Message-ID:Date:MIME-Version:Subject:To:From; b=kMEPmBvNQMOYkM4K62DJ4LoibGSw2cKfsw4Yeuk4P5Zwd0mge4B9vE/Og3eQhJVmqL+si1SNWywgUTfdO18nqSFquKjQrCwfT5cWaL5Ii+kXwQoL+wqIpDhf9sxV8SCYk7ehZtS4b68W20IsnsKQ0WP/t8MSM/H/8K5UjuwvNCE= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 005FA3857BA0 Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id DAC532119B; Wed, 25 Jun 2025 11:02:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1750849323; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LHt0oc+3Tb4XxgEWRWJLxFGSJh180gIGyNNbjanLC1s=; b=LkZshP5Dlh4xpdKf6QOP1v1TVlKwCe85/3/D9RLLNG1tWH8wVzVhK7O1AIanQFncIokZGh 3ckY3eUlU9U8yvoojzcyLUxLjgCVTwJjP2qYn0vabi5UZWAipexQGzgXssn/H6ltBu99QZ EWd69Vj2nCsXusTUr2YmSMW+Ja3S3JQ= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1750849323; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LHt0oc+3Tb4XxgEWRWJLxFGSJh180gIGyNNbjanLC1s=; b=TxNcm8PWZuovSQU2uAdxKif3e2oI9cGm1cwJadGrO1xoZCvZ0zHh4Tr5Rey5Z7/wKNnYjH fFreVNc3QHaMcyCQ== Authentication-Results: smtp-out1.suse.de; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=fB7nBYrF; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=yH8+m2JO DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1750849322; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LHt0oc+3Tb4XxgEWRWJLxFGSJh180gIGyNNbjanLC1s=; b=fB7nBYrFPCpbcH7OsU7LwQYXDkjH9tK5oSOx9PG6i7pZ+wcz3KFmlVuVXopU5hHpZF+B8I I4brm/ztJ5jU2a+bwZl+i1mOlm6UOIWGJaapgcbv2t/lcIjAmBDFiNVZ3baC9GpjjoSUcZ tMt6yHD6xnZVD0jEszV9O5z0Xy4t3Mc= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1750849322; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LHt0oc+3Tb4XxgEWRWJLxFGSJh180gIGyNNbjanLC1s=; b=yH8+m2JO3UUjjUpU5uvmqYe6gjcq14eqfPDzZe8Di0H88hGLpwIdbyEdcJNcPiHIVSz78e 6LuF7XBBxF2kJQCQ== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id B02BA13485; Wed, 25 Jun 2025 11:02:02 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id 8x1NKSrXW2ivUQAAD6G6ig (envelope-from ); Wed, 25 Jun 2025 11:02:02 +0000 Message-ID: <9656c79d-fb13-4689-9254-d59262d9ca6c@suse.de> Date: Wed, 25 Jun 2025 13:01:52 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCHv3] gdb: linux-namespaces: enter user namespace when appropriate To: Andrew Burgess , gdb-patches@sourceware.org Cc: Benjamin Berg References: <824ee908821f07452286730643c1efd5f8b01eb2.1749741769.git.aburgess@redhat.com> <87qzzak1ct.fsf@redhat.com> <68c9f369-bd11-48dd-90c8-8c7a61771de7@suse.de> <87ecv8jejc.fsf@redhat.com> Content-Language: en-US From: Tom de Vries In-Reply-To: <87ecv8jejc.fsf@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Server: rspamd2.dmz-prg2.suse.org X-Rspamd-Queue-Id: DAC532119B X-Rspamd-Action: no action X-Spamd-Result: default: False [-4.51 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FUZZY_BLOCKED(0.00)[rspamd.com]; ARC_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[sourceware.org:url,suse.de:mid,suse.de:dkim,suse.de:email,imap1.dmz-prg2.suse.org:rdns,imap1.dmz-prg2.suse.org:helo]; DNSWL_BLOCKED(0.00)[2a07:de40:b281:104:10:150:64:97:from,2a07:de40:b281:106:10:150:64:167:received]; DKIM_TRACE(0.00)[suse.de:+] X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-patches-bounces~public-inbox=simark.ca@sourceware.org On 6/25/25 12:34, Andrew Burgess wrote: > Tom de Vries writes: > >> On 6/23/25 15:56, Andrew Burgess wrote: >>> Andrew Burgess writes: >>> >>>> From: Benjamin Berg >>>> >>>> In v2: >>>> >>>> - Update the test to ignore a warning seen when running the test on >>>> a machine with libc debug information installed, but without the >>>> libc source being available, e.g.: >>>> >>>> warning: 46 ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S: No such file or directory >>>> >>>> This was causing some CI failures to be reported from Linaro. >>>> >>>> - Rebased to current upstream/master. >>>> >>>> In v3: >>>> >>>> - Same as V2, but fix the test pattern correctly this time. >>>> >>>> -- >>>> >>>> The use of user namespaces is required for normal users to use mount >>>> namespaces. Consider trying this as an unprivileged user: >>>> >>>> $ unshare --mount /bin/true >>>> unshare: unshare failed: Operation not permitted >>>> >>>> The problem here is that an unprivileged user doesn't have the >>>> required permissions to create a new mount namespace. If, instead, we >>>> do this: >>>> >>>> $ unshare --mount --map-root-user /bin/true >>>> >>>> then this will succeed. The new option causes unshare to create a >>>> user namespace in which the unprivileged user is mapped to UID/GID 0, >>>> and so gains all privileges (inside the namespace), the user is then >>>> able to create the mount namespace as required. >>>> >>>> So, how does this relate to GDB? >>>> >>>> When a user attaches to a process running in a separate mount >>>> namespace, GDB makes use of a separate helper process (see >>>> linux_mntns_get_helper in nat/linux-namespaces.c), which will then use >>>> the `setns` function to enter (or try to enter) the mount namespace of >>>> the process GDB is attaching too. The helper process will then handle >>>> file I/O requests received from GDB, and return the results back to >>>> GDB, this allows GDB to access files within the mount namespace. >>>> >>>> The problem here is that, switching to a mount namespace requires that >>>> a process hold CAP_SYS_CHROOT and CAP_SYS_ADMIN capabilities within >>>> its user namespace (actually it's a little more complex, see 'man 2 >>>> setns'). Assuming GDB is running as an unprivileged user, then GDB >>>> will not have the required permissions. >>>> >>>> However, if GDB enters the user namespace that the `unshare` process >>>> created, then the current user will be mapped to UID/GID 0, and will >>>> have the required permissions. >>>> >>>> And so, this patch extends linux_mntns_access_fs (in >>>> nat/linux-namespace.c) to first try and switch to the user namespace >>>> of the inferior before trying to switch to the mount namespace. If >>>> the inferior does have a user namespace, and does have elevated >>>> privileges within that namespace, then this first switch by GDB will >>>> mean that the second step, into the mount namespace, will succeed. >>>> >>>> If there is no user namespace, or the inferior doesn't have elevated >>>> privileges within the user namespace, then the switch into the mount >>>> namespace will fail, just as it currently does, and the user will need >>>> to give elevated privileges to GDB via some other mechanism (e.g. run >>>> as root). >>>> >>>> This work was originally posted here: >>>> >>>> https://inbox.sourceware.org/gdb-patches/20230321120126.1418012-1-benjamin@sipsolutions.net >>>> >>>> I (Andrew Burgess) have made some cleanups to the code to comply with >>>> GDB's coding standard, and the test is entirely mine. This commit >>>> message is also entirely mine -- the original message was very terse >>>> and required the reader to understand how the various namespaces >>>> work and interact. The above is my attempt to document what I now >>>> understand about the problem being fixed. >>>> >>>> I've left the original author in place as the core of the GDB change >>>> itself is largely as originally presented, but any inaccuracies in the >>>> commit message, or problems with the test, are all mine. >>>> >>>> Co-Authored-by: Andrew Burgess >>> >>> I've pushed this patch. >>> >> >> The new test-case fails on arm32 (Linaro CI reported this, and I was >> able to reproduce) due to insufficient permissions: >> ... >> (gdb) attach 184732 >> Attaching to process 184732 >> warning: process 184732 is a zombie - the process has already terminated >> ptrace: Operation not permitted. >> (gdb) FAIL: gdb.base/user-namespace-attach.exp: flags=--mount >> --map-root-user: attach to inferior >> ... >> >> In essence, the test-case assumes: >> ... >> $ unshare --mount --map-root-user /bin/true; echo $? >> 0 >> ... >> but we get instead: >> ... >> $ unshare --mount --map-root-user /bin/true; echo $? >> unshare: unshare failed: Operation not permitted >> 1 >> ... >> >> Filed here ( https://sourceware.org/bugzilla/show_bug.cgi?id=33108 ). > > Hi! > > Thanks for raising this issue. > > What do you think to the patch below? > > I've tested this by passing a bogus flag to `unshare`, e.g. "unshare > -blahblah", which has the same effect of causing the `unshare` process > to exit immediately with an exit code of 1. I now see the test reported > as unsupported. > Hi Andrew, thanks for picking this up. FWIW, the problem with this solution is that a timeout now looks like unsupported. More concretely, by doing this (on x86_64-linux, where the test-case passes for me): ... diff --git a/gdb/testsuite/gdb.base/user-namespace-attach.exp b/gdb/testsuite/gdb.base/user -namespace-attach.exp index 01f3dae1693..c5ec5ef6369 100644 --- a/gdb/testsuite/gdb.base/user-namespace-attach.exp +++ b/gdb/testsuite/gdb.base/user-namespace-attach.exp @@ -66,6 +66,7 @@ proc run_test { flags } { } set inferior_pid [spawn_id_get_pid $inferior_spawn_id] + sleep 90 clean_restart ... I trigger the timeout of 60 seconds in the exec, and with your patch get: ... === gdb Summary === # of unsupported tests 3 ... but without your patch I get: ... # of unexpected failures 6 ... I don't think it's terribly important though. You could try the approach I proposed in the PR, or you could pursue this one. In the latter case, please add a comment that a timeout may trigger the same message. Thanks, - Tom > Thanks, > Andrew > > --- > > commit 1c61ee90c22666a6f33a474c27a901d03bbc5da9 > Author: Andrew Burgess > Date: Wed Jun 25 11:24:30 2025 +0100 > > gdb/testsuite: handle failure to start process to later attach to > > Commit: > > commit b23903836007d1acaf7f8c059ab000ee83fcebfa > Date: Tue Mar 21 13:01:26 2023 +0100 > > gdb: linux-namespaces: enter user namespace when appropriate > > added a new test gdb.base/user-namespace-attach.exp. It has been > reported that this test will sometimes fail, like this: > > (gdb) attach 184732 > Attaching to process 184732 > warning: process 184732 is a zombie - the process has already terminated > ptrace: Operation not permitted. > (gdb) FAIL: gdb.base/user-namespace-attach.exp: flags=--mount --map-root-user: attach to inferior > > the test tries to run the 'unshare' application. Sometimes though, > the application is present, but the set of flags used is not > supported (maybe due to restrictions on the local machine), so we see > behaviour like this: > > $ unshare --mount --map-root-user /bin/true; echo $? > unshare: unshare failed: Operation not permitted > 1 > > Handle this case by checking for the warning: > > warning: process 184732 is a zombie - the process has already terminated > > when GDB tries to attach. If we see this warning then we assume the > 'unshare' process failed to start correctly, in which case we report > the test as unsupported and perform an early return. > > Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=33108 > > diff --git a/gdb/testsuite/gdb.base/user-namespace-attach.exp b/gdb/testsuite/gdb.base/user-namespace-attach.exp > index 9936bb998eb..01f3dae1693 100644 > --- a/gdb/testsuite/gdb.base/user-namespace-attach.exp > +++ b/gdb/testsuite/gdb.base/user-namespace-attach.exp > @@ -69,12 +69,18 @@ proc run_test { flags } { > > clean_restart > > + set saw_failure_to_start false > set saw_bad_warning false > gdb_test_multiple "attach $inferior_pid" "attach to inferior" { > -re "^attach $::decimal\r\n" { > exp_continue > } > > + -re "^warning: process $::decimal is a zombie - the process has already terminated\r\n" { > + set saw_failure_to_start true > + exp_continue > + } > + > -re "^warning: \[^\r\n\]+: could not open as an executable file: \[^\r\n\]+\r\n" { > set saw_bad_warning true > exp_continue > @@ -112,6 +118,11 @@ proc run_test { flags } { > } > > -re "^$::gdb_prompt $" { > + if { $saw_failure_to_start } { > + unsupported "unshare process failed to start" > + return > + } > + > gdb_assert { !$saw_bad_warning } $gdb_test_name > } > >