From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,BAYES_00 shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id 4EA151F4BD; Thu, 3 Oct 2019 01:28:09 +0000 (UTC) Date: Thu, 3 Oct 2019 01:28:07 +0000 From: Eric Wong To: Alyssa Ross Cc: meta@public-inbox.org Subject: Re: Test failures in build sandbox Message-ID: <20191003012807.GA52684@ailurophile> References: <20190915134819.1406-1-hi@alyssa.is> <20190915185519.GA4891@dcvr> <87zhiu4hxl.fsf@alyssa.is> <20190924040123.6jbtvpadnk6negox@whir> <87r245tkbz.fsf@alyssa.is> <20190926084431.ukv53sfskk7qvere@dcvr> <87bluyhguc.fsf@alyssa.is> <878sq2hd08.fsf@alyssa.is> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <878sq2hd08.fsf@alyssa.is> List-Id: Alyssa Ross wrote: > Alyssa Ross writes: > > > After some rather extensive debugging, I've determined that most of > > these are to do with not being able to set the setgid bit. If I mask it > > off in git's adjust_shared_perm function, I get down to two failures. I > > don't know enough about filesystem permissions to know why this wouldn't > > be allowed inside the sandbox if it is allowed normally, though. > > Aha! setuid and setgid permissions are disallowed in Nix builds using > seccomp[1]. > > So, I suppose it would be reasonable for us to either disable the test > suite, or try to disable just the tests that try to create setgid > things, unless you're open to adding a check for such a restriction and > skipping tests if so. More than reasonable not to, though -- seccomp is > a nightmare and next to impossible to reasonably support as upstream. How do "git init --shared" tests work for the Nix git package? We could try to follow that as an example... > > [1]: https://github.com/NixOS/nix/blob/5038e1bec43a71c97ae7f8be07218a8a2edbb6a1/src/libstore/build.cc#L2678