summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Nicholson <dbn@endlessos.org>2023-11-08 20:15:22 +0100
committerFrantisek Sumsal <frantisek@sumsal.cz>2023-11-08 22:29:16 +0100
commit9217255427abc2883c67dfcb765ea6b5164e4a47 (patch)
tree3d88e383701e065331d9424ef7c3163ec47adf93
parentMerge pull request #29932 from yuwata/default-network-cleanups (diff)
downloadsystemd-9217255427abc2883c67dfcb765ea6b5164e4a47.tar.xz
systemd-9217255427abc2883c67dfcb765ea6b5164e4a47.zip
test-process-util: Handle unprivileged setrlimit success
Currently test_setpriority_closest assumes that setting RLIMIT_NICE to 30 will fail if the process is unprivileged. If it succeeds, it assumes that the process is privileged and setresuid and setresgid will succeed. However, if RLIMIT_NICE is already >= 30, then setrlimit will succeed even if the process is unprivileged. Guard against that by checking for permission errors in setresuid and setresgid and skipping the full test if so. Fixes #22896.
-rw-r--r--src/test/test-process-util.c13
1 files changed, 10 insertions, 3 deletions
diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
index 09ad82d239..957e2141ef 100644
--- a/src/test/test-process-util.c
+++ b/src/test/test-process-util.c
@@ -716,9 +716,16 @@ TEST(setpriority_closest) {
assert_se(ERRNO_IS_PRIVILEGE(errno));
full_test = false;
} else {
- assert_se(setresgid(GID_NOBODY, GID_NOBODY, GID_NOBODY) >= 0);
- assert_se(setresuid(UID_NOBODY, UID_NOBODY, UID_NOBODY) >= 0);
- full_test = true;
+ /* However, if the hard limit was above 30, setrlimit would succeed unprivileged, so
+ * check if the UID/GID can be changed before enabling the full test. */
+ if (setresgid(GID_NOBODY, GID_NOBODY, GID_NOBODY) < 0) {
+ assert_se(ERRNO_IS_PRIVILEGE(errno));
+ full_test = false;
+ } else if (setresuid(UID_NOBODY, UID_NOBODY, UID_NOBODY) < 0) {
+ assert_se(ERRNO_IS_PRIVILEGE(errno));
+ full_test = false;
+ } else
+ full_test = true;
}
errno = 0;