[3.14] gh-151519: Check effective gid in `_test_all_chown_common` group-0 guard (GH-151521) (#151550)
gh-151519: Check effective gid in `_test_all_chown_common` group-0 guard (GH-151521)
The guard that skips the "chown to gid 0 should fail" assertion used
only `os.getgroups()` (supplementary groups). The kernel also accepts
the effective/filesystem gid for chown, so when a process runs with
egid 0 and a non-zero uid (common in containers and user namespaces),
chown(-1, 0) succeeds and the assertion spuriously fails.
Add an `os.getegid() != 0` check alongside the existing
`0 not in os.getgroups()` guard.
(cherry picked from commit
2ce260033b457a0ad2c9767a1d9902bef5a30b0e)
Co-authored-by: Itamar Oren <itamarost@gmail.com>
projects / thirdparty / Python / cpython.git / commit
