The mock fopen() function will abort if "/proc/mounts" is
requested with "r" permissions and VIR_CGROUP_MOCK_FILENAME
env var is not set.
Unfortunately this is triggering by the libselinux library
constructor when it tries to read /proc/mounts to find out
if selinuxfs is mounted in an unusual place.
This, however, only affects libselinux in Debian as that
opens with "r", while in Fedora / RHEL it opens "re" and
thus luckily never triggered the abort(), instead getting
an EACCESS.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
tests/vircgroupmock.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/tests/vircgroupmock.c b/tests/vircgroupmock.c
index 06bd0a5f29..9c67a44b0d 100644
--- a/tests/vircgroupmock.c
+++ b/tests/vircgroupmock.c
@@ -460,8 +460,10 @@ FILE *fopen(const char *path, const char *mode)
}
if (type) {
- if (!filename)
- abort();
+ if (!filename) {
+ errno = EACCES;
+ return NULL;
+ }
if (virAsprintfQuiet(&filepath, "%s/vircgroupdata/%s.%s",
abs_srcdir, filename, type) < 0) {
abort();
--
2.20.1
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-listOn 3/27/19 11:31 AM, Daniel P. Berrangé wrote:
> The mock fopen() function will abort if "/proc/mounts" is
> requested with "r" permissions and VIR_CGROUP_MOCK_FILENAME
> env var is not set.
>
> Unfortunately this is triggering by the libselinux library
> constructor when it tries to read /proc/mounts to find out
> if selinuxfs is mounted in an unusual place.
>
> This, however, only affects libselinux in Debian as that
> opens with "r", while in Fedora / RHEL it opens "re" and
> thus luckily never triggered the abort(), instead getting
> an EACCESS.
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
> tests/vircgroupmock.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/tests/vircgroupmock.c b/tests/vircgroupmock.c
> index 06bd0a5f29..9c67a44b0d 100644
> --- a/tests/vircgroupmock.c
> +++ b/tests/vircgroupmock.c
> @@ -460,8 +460,10 @@ FILE *fopen(const char *path, const char *mode)
> }
>
> if (type) {
> - if (!filename)
> - abort();
> + if (!filename) {
> + errno = EACCES;
> + return NULL;
> + }
> if (virAsprintfQuiet(&filepath, "%s/vircgroupdata/%s.%s",
> abs_srcdir, filename, type) < 0) {
> abort();
>
How about:
diff --git i/tests/vircgroupmock.c w/tests/vircgroupmock.c
index 06bd0a5f29..83f43e72bf 100644
--- i/tests/vircgroupmock.c
+++ w/tests/vircgroupmock.c
@@ -459,9 +459,7 @@ FILE *fopen(const char *path, const char *mode)
}
}
- if (type) {
- if (!filename)
- abort();
+ if (filename && type) {
if (virAsprintfQuiet(&filepath, "%s/vircgroupdata/%s.%s",
abs_srcdir, filename, type) < 0) {
abort();
Michal
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On Wed, Mar 27, 2019 at 12:55:18PM +0100, Michal Privoznik wrote:
> On 3/27/19 11:31 AM, Daniel P. Berrangé wrote:
> > The mock fopen() function will abort if "/proc/mounts" is
> > requested with "r" permissions and VIR_CGROUP_MOCK_FILENAME
> > env var is not set.
> >
> > Unfortunately this is triggering by the libselinux library
> > constructor when it tries to read /proc/mounts to find out
> > if selinuxfs is mounted in an unusual place.
> >
> > This, however, only affects libselinux in Debian as that
> > opens with "r", while in Fedora / RHEL it opens "re" and
> > thus luckily never triggered the abort(), instead getting
> > an EACCESS.
> >
> > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> > ---
> > tests/vircgroupmock.c | 6 ++++--
> > 1 file changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/tests/vircgroupmock.c b/tests/vircgroupmock.c
> > index 06bd0a5f29..9c67a44b0d 100644
> > --- a/tests/vircgroupmock.c
> > +++ b/tests/vircgroupmock.c
> > @@ -460,8 +460,10 @@ FILE *fopen(const char *path, const char *mode)
> > }
> > if (type) {
> > - if (!filename)
> > - abort();
> > + if (!filename) {
> > + errno = EACCES;
> > + return NULL;
> > + }
> > if (virAsprintfQuiet(&filepath, "%s/vircgroupdata/%s.%s",
> > abs_srcdir, filename, type) < 0) {
> > abort();
> >
>
> How about:
>
> diff --git i/tests/vircgroupmock.c w/tests/vircgroupmock.c
> index 06bd0a5f29..83f43e72bf 100644
> --- i/tests/vircgroupmock.c
> +++ w/tests/vircgroupmock.c
> @@ -459,9 +459,7 @@ FILE *fopen(const char *path, const char *mode)
> }
> }
>
> - if (type) {
> - if (!filename)
> - abort();
> + if (filename && type) {
> if (virAsprintfQuiet(&filepath, "%s/vircgroupdata/%s.%s",
> abs_srcdir, filename, type) < 0) {
> abort();
That will cause it to try to open the real /proc/mounts, which feels
like an undesirable thing as it means the test could silently start
relying on host state by mistake.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On 3/27/19 12:57 PM, Daniel P. Berrangé wrote:
> On Wed, Mar 27, 2019 at 12:55:18PM +0100, Michal Privoznik wrote:
>> On 3/27/19 11:31 AM, Daniel P. Berrangé wrote:
>>> The mock fopen() function will abort if "/proc/mounts" is
>>> requested with "r" permissions and VIR_CGROUP_MOCK_FILENAME
>>> env var is not set.
>>>
>>> Unfortunately this is triggering by the libselinux library
>>> constructor when it tries to read /proc/mounts to find out
>>> if selinuxfs is mounted in an unusual place.
>>>
>>> This, however, only affects libselinux in Debian as that
>>> opens with "r", while in Fedora / RHEL it opens "re" and
>>> thus luckily never triggered the abort(), instead getting
>>> an EACCESS.
>>>
>>> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
>>> ---
>>> tests/vircgroupmock.c | 6 ++++--
>>> 1 file changed, 4 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/tests/vircgroupmock.c b/tests/vircgroupmock.c
>>> index 06bd0a5f29..9c67a44b0d 100644
>>> --- a/tests/vircgroupmock.c
>>> +++ b/tests/vircgroupmock.c
>>> @@ -460,8 +460,10 @@ FILE *fopen(const char *path, const char *mode)
>>> }
>>> if (type) {
>>> - if (!filename)
>>> - abort();
>>> + if (!filename) {
>>> + errno = EACCES;
>>> + return NULL;
>>> + }
>>> if (virAsprintfQuiet(&filepath, "%s/vircgroupdata/%s.%s",
>>> abs_srcdir, filename, type) < 0) {
>>> abort();
>>>
>>
>> How about:
>>
>> diff --git i/tests/vircgroupmock.c w/tests/vircgroupmock.c
>> index 06bd0a5f29..83f43e72bf 100644
>> --- i/tests/vircgroupmock.c
>> +++ w/tests/vircgroupmock.c
>> @@ -459,9 +459,7 @@ FILE *fopen(const char *path, const char *mode)
>> }
>> }
>>
>> - if (type) {
>> - if (!filename)
>> - abort();
>> + if (filename && type) {
>> if (virAsprintfQuiet(&filepath, "%s/vircgroupdata/%s.%s",
>> abs_srcdir, filename, type) < 0) {
>> abort();
>
> That will cause it to try to open the real /proc/mounts, which feels
> like an undesirable thing as it means the test could silently start
> relying on host state by mistake.
>
Ah, good point. ACK to your version then.
Michal
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2024 Red Hat, Inc.