From: Dan Nicholson Date: Wed, 8 Nov 2023 19:15:22 +0000 (-0700) Subject: test-process-util: Handle unprivileged setrlimit success X-Git-Tag: v255-rc2~70 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9217255427abc2883c67dfcb765ea6b5164e4a47;p=thirdparty%2Fsystemd.git test-process-util: Handle unprivileged setrlimit success Currently test_setpriority_closest assumes that setting RLIMIT_NICE to 30 will fail if the process is unprivileged. If it succeeds, it assumes that the process is privileged and setresuid and setresgid will succeed. However, if RLIMIT_NICE is already >= 30, then setrlimit will succeed even if the process is unprivileged. Guard against that by checking for permission errors in setresuid and setresgid and skipping the full test if so. Fixes #22896. --- diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c index 09ad82d239e..957e2141ef2 100644 --- a/src/test/test-process-util.c +++ b/src/test/test-process-util.c @@ -716,9 +716,16 @@ TEST(setpriority_closest) { assert_se(ERRNO_IS_PRIVILEGE(errno)); full_test = false; } else { - assert_se(setresgid(GID_NOBODY, GID_NOBODY, GID_NOBODY) >= 0); - assert_se(setresuid(UID_NOBODY, UID_NOBODY, UID_NOBODY) >= 0); - full_test = true; + /* However, if the hard limit was above 30, setrlimit would succeed unprivileged, so + * check if the UID/GID can be changed before enabling the full test. */ + if (setresgid(GID_NOBODY, GID_NOBODY, GID_NOBODY) < 0) { + assert_se(ERRNO_IS_PRIVILEGE(errno)); + full_test = false; + } else if (setresuid(UID_NOBODY, UID_NOBODY, UID_NOBODY) < 0) { + assert_se(ERRNO_IS_PRIVILEGE(errno)); + full_test = false; + } else + full_test = true; } errno = 0;