[PATCH wayland 2/2] tests: Fix FAIL in sanity-test (*timeout*) when Yama LSM enabled
Bryce Harrington
bryce at osg.samsung.com
Tue Jan 6 17:11:30 PST 2015
This fixes a regression in the testsuite since c3653f7f, where four of
the timeout tests fail with "Timeouts suppressed" messages.
The timeouts are being suppressed because the testsuite is erroneously
detecting that a debugger is attached. This detection mechanism
(adopted from libinput) uses ptrace to test if there is a debugger
parent process that can be attached. Unfortunately, this is an
unreliable test: Kernel security policies exist to restrict the scope of
ptrace to prevent processes from snooping on one another.[1] This
security policy is set as the default on Ubuntu, and potentially other
Linux distributions.[2]
Workarounds including running 'make check' as root, turning off
ptrace_scope systemwide (echo 0 > /proc/sys/kernel/yama/ptrace_scope),
or granting the sanity-test binary ptrace capabilities (sudo setcap
cap_sys_ptrace=eip ./sanity-test). Unfortunately, these all require
superuser intervention so can't be considered as a full solution.
The Yama documentation suggests, "For software that has defined
application-specific relationships between a debugging process and its
inferior (crash handlers, etc), prctl(PR_SET_PTRACER, pid, ...) can be
used. An inferior can declare which other process (and its descendents)
are allowed to call PTRACE_ATTACH against it." However, sanity-test's
parent process is either make or bash, depending on how it's invoked,
but neither of which we can modify to add prctl().
Instead, change the detection mechanism to detect when the ptrace
operation is not permitted, and assume there is no debugger.
1: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2d514487faf188938a4ee4fb3464eeecfbdcf8eb
2: https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace_Protection
Signed-off-by: Bryce Harrington <bryce at osg.samsung.com>
---
tests/test-runner.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/tests/test-runner.c b/tests/test-runner.c
index 9abf22f..06375b4 100644
--- a/tests/test-runner.c
+++ b/tests/test-runner.c
@@ -262,10 +262,18 @@ is_debugger_attached(void)
if (pid == 0) {
int ppid = getppid();
- if (ptrace(PTRACE_ATTACH, ppid, NULL, NULL) == 0) {
+ errno = 0;
+ rc = ptrace(PTRACE_ATTACH, ppid, NULL, NULL);
+ if (rc == 0) {
waitpid(ppid, NULL, 0);
ptrace(PTRACE_CONT, NULL, NULL);
ptrace(PTRACE_DETACH, ppid, NULL, NULL);
+ } else if (errno == EPERM) {
+ /* We're not permitted to perform ptrace on this system.
+ * (Perhaps /proc/sys/kernel/yama/ptrace_scope is enabled?)
+ * We can't verify that a debugger is attached, so return 0
+ */
+ perror("ptrace system call");
rc = 0;
} else {
rc = 1;
@@ -298,6 +306,7 @@ int main(int argc, char *argv[])
if (is_debugger_attached()) {
leak_check_enabled = 0;
timeouts_enabled = 0;
+ fprintf(stderr, "debugger detected\n");
} else {
leak_check_enabled = !getenv("WAYLAND_TEST_NO_LEAK_CHECK");
timeouts_enabled = !getenv("WAYLAND_TEST_NO_TIMEOUTS");
@@ -323,6 +332,9 @@ int main(int argc, char *argv[])
/* set our own XDG_RUNTIME_DIR */
set_xdg_runtime_dir();
+ fprintf(stderr, "leak_check_enabled: %d\n", leak_check_enabled);
+ fprintf(stderr, "timeouts_enabled: %d\n", timeouts_enabled);
+
pass = 0;
for (t = &__start_test_section; t < &__stop_test_section; t++) {
int success = 0;
--
1.9.1
More information about the wayland-devel
mailing list