authpolicy: unittest failed with glibc 2.27 |
||||||
Issue description
With glibc 2.27,
FEATURES="test" emerge-samus authpolicy
[ RUN ] AuthPolicyTest.UsesEncTypesFromDevicePolicy
[0723/222630:INFO:authpolicy.cc(265)] Received 'JoinADDomain' request
[0723/222630:INFO:samba_interface.cc(1352)] Wrote machine password file '/tmp/.org.chromium.Chromium.JApaAI/state/machine_pass'
[0723/222630:INFO:samba_interface.cc(1401)] Wrote configuration file '/tmp/.org.chromium.Chromium.JApaAI/state/config.dat'
[0723/222630:INFO:authpolicy.cc(55)] JoinADDomain succeeded
[0723/222630:INFO:authpolicy.cc(312)] Received 'RefreshDevicePolicy' request
[0723/222630:INFO:samba_interface.cc(1574)] Getting device GPO list for device account
[0723/222631:ERROR:process_executor.cc(190)] Seccomp filter blocked a system call
[0723/222631:ERROR:samba_interface.cc(1795)] Failed to parse preg files
[0723/222631:INFO:authpolicy.cc(57)] RefreshDevicePolicy failed with code 12
../../../../../../../../../mnt/host/source/src/platform2/authpolicy/authpolicy_unittest.cc:291: Failure
Expected: expected_error
Which is: 0
To be equal to: actual_error
Which is: 12
Also, I cannot ssh to the DUT with glibc 2.27 image, I am not sure whether this is related.
,
Aug 8
Yunlian, how do I reproduce this locally? Seccomp failures mean that the code performs some syscall that is not whitelisted. I can debug this if I can reproduce it. If that's not possible, I could write a test that prints the syscall that has to be whitelisted.
,
Aug 30
Luts, to reproduce it, you need you do the following: 1) Get a fresh checkout 2) cherry pick this CL https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/1022974 3) run cros_sdk --bootstsrap 4) run cros_sdk to get in chroot: 5) inside chroot: sudo emerge rpcsvc-proto ./setup_board --board samus --nousepkg ./build_packages --board samus authpolicy --nousepkg FEATURES="test" emerge-samus authpolicy
,
Aug 30
Thanks for the steps! How urgent is it?
,
Aug 30
We plan to upgrade glibc at the beginning of next quarter, I would appreciate if this can be fixed by the end of this Q.
,
Aug 31
,
Aug 31
cros_sdk --bootstrap does not finish for me (already running for 1.5 hours). It's not fresh checkout though - my working one. Any workarounds?
,
Aug 31
nvm, I fetched a fresh checkout
,
Aug 31
I updated the glibc patch and it seems it does not apply cleanly, I will update here once I verify that new glibc is working.
,
Sep 4
The glibc patch https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/1022974 is ready. Thanks
,
Sep 17
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/d6f1b699ce00b81740e344c0cb2d1e077f5bd3d0 commit d6f1b699ce00b81740e344c0cb2d1e077f5bd3d0 Author: Roman Sorokin <rsorokin@chromium.org> Date: Mon Sep 17 15:40:55 2018 authpolicy: Disable seccomp filter for unittests Unit tests usually run code that only exists in tests (like the framework), so disable the seccomp filters for it. BUG= chromium:866683 TEST=cros_workon_make --board samus authpolicy --test Change-Id: I68fd0139ee55772c0fe2a0b07f855ed23dd5be7f Reviewed-on: https://chromium-review.googlesource.com/1221548 Commit-Ready: Roman Sorokin <rsorokin@chromium.org> Tested-by: Roman Sorokin <rsorokin@chromium.org> Reviewed-by: Roman Sorokin <rsorokin@chromium.org> [modify] https://crrev.com/d6f1b699ce00b81740e344c0cb2d1e077f5bd3d0/authpolicy/authpolicy_unittest.cc [modify] https://crrev.com/d6f1b699ce00b81740e344c0cb2d1e077f5bd3d0/authpolicy/samba_interface.cc [modify] https://crrev.com/d6f1b699ce00b81740e344c0cb2d1e077f5bd3d0/authpolicy/samba_interface.h
,
Sep 17
,
Sep 17
as per #12
,
Nov 23
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/ff2a4a1b24fe7732fdc3591bbcf7a8219f0bb29c commit ff2a4a1b24fe7732fdc3591bbcf7a8219f0bb29c Author: Lutz Justen <ljusten@chromium.org> Date: Fri Nov 23 03:07:41 2018 authpolicy: Add test for seccomp filtering CL:1221548 turned off seccomp filtering for authpolicyd unit tests. This CL adds a test that turns seccomp filtering back on for that test and deliberately triggers seccomp failures to see if they get caught properly. BUG= chromium:866683 TEST=cros_workon_make --board=amd64-generic --test authpolicy Change-Id: I7da9808e501824af9956666605b44bfd0a4aae24 Reviewed-on: https://chromium-review.googlesource.com/1337709 Commit-Ready: Lutz Justen <ljusten@chromium.org> Tested-by: Lutz Justen <ljusten@chromium.org> Reviewed-by: Roman Sorokin <rsorokin@chromium.org> [modify] https://crrev.com/ff2a4a1b24fe7732fdc3591bbcf7a8219f0bb29c/authpolicy/stub_smbclient_main.cc [modify] https://crrev.com/ff2a4a1b24fe7732fdc3591bbcf7a8219f0bb29c/authpolicy/authpolicy_unittest.cc [modify] https://crrev.com/ff2a4a1b24fe7732fdc3591bbcf7a8219f0bb29c/authpolicy/stub_common.h [modify] https://crrev.com/ff2a4a1b24fe7732fdc3591bbcf7a8219f0bb29c/authpolicy/stub_kinit_main.cc [modify] https://crrev.com/ff2a4a1b24fe7732fdc3591bbcf7a8219f0bb29c/authpolicy/samba_interface.h [modify] https://crrev.com/ff2a4a1b24fe7732fdc3591bbcf7a8219f0bb29c/authpolicy/stub_common.cc [modify] https://crrev.com/ff2a4a1b24fe7732fdc3591bbcf7a8219f0bb29c/authpolicy/stub_net_main.cc |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by rsorokin@chromium.org
, Jul 24Components: Enterprise
Labels: -Pri-3 Enterprise-Triaged Chromad M-70 OS-Chrome Pri-1
Owner: ljusten@chromium.org
Status: Assigned (was: Untriaged)