From: Simon McVittie <smcv@collabora.com>
Date: Tue, 4 Dec 2018 12:09:26 +0000 (+0000)
Subject: dbus-daemon test: Don't test fd limits if in an unprivileged container
X-Git-Tag: dbus-1.13.10~55^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3d380a3e932a033fa15394a685c0b54aa6ecf0bd;p=thirdparty%2Fdbus.git

dbus-daemon test: Don't test fd limits if in an unprivileged container

In an unprivileged container, uid 0 doesn't have CAP_SYS_RESOURCE, so
we can't expect the dbus-daemon to be able to escalate its fd limit.

This can be reproduced using bubblewrap:

    sudo bwrap \
        --cap-drop CAP_SYS_RESOURCE \
        --ro-bind / / \
        --dev /dev \
    env \
        DBUS_TEST_DAEMON=.../bus/dbus-daemon \
        DBUS_TEST_DATA=.../test/data \
    .../test/test-dbus-daemon \
        -p /fd-limit \
        --verbose

Bug-Debian: https://bugs.debian.org/908092
---

diff --git a/test/dbus-daemon.c b/test/dbus-daemon.c
index 20935ffb1..407a8dc9d 100644
--- a/test/dbus-daemon.c
+++ b/test/dbus-daemon.c
@@ -1892,6 +1892,7 @@ test_fd_limit (Fixture *f,
 {
 #ifdef HAVE_PRLIMIT
   struct rlimit lim;
+  struct rlimit new_limit;
   const struct passwd *pwd = NULL;
 #endif
 
@@ -1919,7 +1920,7 @@ test_fd_limit (Fixture *f,
     }
 
   if (prlimit (getpid (), RLIMIT_NOFILE, NULL, &lim) < 0)
-    g_error ("prlimit(): %s", g_strerror (errno));
+    g_error ("get prlimit (self): %s", g_strerror (errno));
 
   g_test_message ("our RLIMIT_NOFILE: rlim_cur: %ld, rlim_max: %ld",
                   (long) lim.rlim_cur, (long) lim.rlim_max);
@@ -1931,8 +1932,33 @@ test_fd_limit (Fixture *f,
       return;
     }
 
+  new_limit = lim;
+  new_limit.rlim_cur = DESIRED_RLIMIT;
+  new_limit.rlim_max = DESIRED_RLIMIT;
+
+  /* Try to increase the rlimit ourselves. If we're root in an
+   * unprivileged Linux container, then we won't have CAP_SYS_RESOURCE
+   * and this will fail with EPERM. If so, the dbus-daemon wouldn't be
+   * able to increase its rlimit either. */
+  if (prlimit (getpid (), RLIMIT_NOFILE, &new_limit, NULL) < 0)
+    {
+      gchar *message;
+
+      message = g_strdup_printf ("Cannot test, we cannot change the rlimit so "
+                                 "presumably neither can the dbus-daemon: %s",
+                                 g_strerror (errno));
+      g_test_skip (message);
+      g_free (message);
+      return;
+    }
+
+  /* Immediately put our original limit back so it won't interfere with
+   * subsequent tests. This should always succeed. */
+  if (prlimit (getpid (), RLIMIT_NOFILE, &lim, NULL) < 0)
+    g_error ("Cannot restore our original limits: %s", g_strerror (errno));
+
   if (prlimit (f->daemon_pid, RLIMIT_NOFILE, NULL, &lim) < 0)
-    g_error ("prlimit(): %s", g_strerror (errno));
+    g_error ("get prlimit (dbus-daemon): %s", g_strerror (errno));
 
   g_test_message ("dbus-daemon's RLIMIT_NOFILE: rlim_cur: %ld, rlim_max: %ld",
                   (long) lim.rlim_cur, (long) lim.rlim_max);