test-process-util: Handle unprivileged setrlimit success

Currently test_setpriority_closest assumes that setting RLIMIT_NICE to 30 will
fail if the process is unprivileged. If it succeeds, it assumes that the
process is privileged and setresuid and setresgid will succeed.

However, if RLIMIT_NICE is already >= 30, then setrlimit will succeed even if
the process is unprivileged. Guard against that by checking for permission
errors in setresuid and setresgid and skipping the full test if so.

Fixes #22896.

diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
index 09ad82d239eda7884ff0ff7fcf839b228ddf4c33..957e2141ef2a7b5c5620027d9fccf020e98a6e00 100644 (file)
--- a/src/test/test-process-util.c
+++ b/src/test/test-process-util.c
@@ -716,9 +716,16 @@ TEST(setpriority_closest) {
                         assert_se(ERRNO_IS_PRIVILEGE(errno));
                         full_test = false;
                 } else {
-                        assert_se(setresgid(GID_NOBODY, GID_NOBODY, GID_NOBODY) >= 0);
-                        assert_se(setresuid(UID_NOBODY, UID_NOBODY, UID_NOBODY) >= 0);
-                        full_test = true;
+                        /* However, if the hard limit was above 30, setrlimit would succeed unprivileged, so
+                         * check if the UID/GID can be changed before enabling the full test. */
+                        if (setresgid(GID_NOBODY, GID_NOBODY, GID_NOBODY) < 0) {
+                                assert_se(ERRNO_IS_PRIVILEGE(errno));
+                                full_test = false;
+                        } else if (setresuid(UID_NOBODY, UID_NOBODY, UID_NOBODY) < 0) {
+                                assert_se(ERRNO_IS_PRIVILEGE(errno));
+                                full_test = false;
+                        } else
+                                full_test = true;
                 }
 
                 errno = 0;