* [Bug 1897194] [NEW] Test failure in test-crypto-secret.c
@ 2020-09-25 1:33 Toolybird
2020-10-07 2:44 ` [Bug 1897194] " Toolybird
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Toolybird @ 2020-09-25 1:33 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
When running qemu test suite I'm seeing a test failure:
ERROR:../qemu/tests/test-crypto-secret.c:144:test_secret_keyring_good:
assertion failed: (key >= 0)
Host is Arch Linux running in the standard Arch build environment
(essentially an nspawn container).
I first noticed this at release of 5.1.0 but it's still there on current
trunk. For 5.1.0 I was able to sidestep the issue by building with
`--disable-keyring' but this no longer works (I think due to
9866a33cbb7046891dec3dcc9ca2015828673afe)
Any clues on what might be the cause? Not sure how to debug.
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1897194
Title:
Test failure in test-crypto-secret.c
Status in QEMU:
New
Bug description:
When running qemu test suite I'm seeing a test failure:
ERROR:../qemu/tests/test-crypto-secret.c:144:test_secret_keyring_good:
assertion failed: (key >= 0)
Host is Arch Linux running in the standard Arch build environment
(essentially an nspawn container).
I first noticed this at release of 5.1.0 but it's still there on
current trunk. For 5.1.0 I was able to sidestep the issue by building
with `--disable-keyring' but this no longer works (I think due to
9866a33cbb7046891dec3dcc9ca2015828673afe)
Any clues on what might be the cause? Not sure how to debug.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1897194/+subscriptions
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 1897194] Re: Test failure in test-crypto-secret.c
2020-09-25 1:33 [Bug 1897194] [NEW] Test failure in test-crypto-secret.c Toolybird
@ 2020-10-07 2:44 ` Toolybird
2020-10-27 7:18 ` Toolybird
2020-10-28 23:18 ` Toolybird
2 siblings, 0 replies; 4+ messages in thread
From: Toolybird @ 2020-10-07 2:44 UTC (permalink / raw)
To: qemu-devel
Ping. Nobody else seeing this?
I can only assume you don't have keyutils-dev (or equivalent) installed
on your system.
This is a key difference (pardon the pun!) between Arch and the bigger
distros. Arch tends to avoid splitting development libs and headers into
separate packages, which might explain why others are not seeing the
test failure.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1897194
Title:
Test failure in test-crypto-secret.c
Status in QEMU:
New
Bug description:
When running qemu test suite I'm seeing a test failure:
ERROR:../qemu/tests/test-crypto-secret.c:144:test_secret_keyring_good:
assertion failed: (key >= 0)
Host is Arch Linux running in the standard Arch build environment
(essentially an nspawn container).
I first noticed this at release of 5.1.0 but it's still there on
current trunk. For 5.1.0 I was able to sidestep the issue by building
with `--disable-keyring' but this no longer works (I think due to
9866a33cbb7046891dec3dcc9ca2015828673afe)
Any clues on what might be the cause? Not sure how to debug.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1897194/+subscriptions
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 1897194] Re: Test failure in test-crypto-secret.c
2020-09-25 1:33 [Bug 1897194] [NEW] Test failure in test-crypto-secret.c Toolybird
2020-10-07 2:44 ` [Bug 1897194] " Toolybird
@ 2020-10-27 7:18 ` Toolybird
2020-10-28 23:18 ` Toolybird
2 siblings, 0 replies; 4+ messages in thread
From: Toolybird @ 2020-10-27 7:18 UTC (permalink / raw)
To: qemu-devel
strace shows the problem:
add_key("user", "qemu_test_secret", "Test Payload", 12,
KEY_SPEC_PROCESS_KEYRING) = -1 EPERM (Operation not permitted)
It appears systemd-nspawn containers don't have CAP_SYS_ADMIN which is
apparently needed for the keyring stuff to work. Fair enough.
But the underlying problem here is configure switch `--disable-keyring'
does not work. It previously worked in the 5.1.0 release but now it's
broken.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1897194
Title:
Test failure in test-crypto-secret.c
Status in QEMU:
New
Bug description:
When running qemu test suite I'm seeing a test failure:
ERROR:../qemu/tests/test-crypto-secret.c:144:test_secret_keyring_good:
assertion failed: (key >= 0)
Host is Arch Linux running in the standard Arch build environment
(essentially an nspawn container).
I first noticed this at release of 5.1.0 but it's still there on
current trunk. For 5.1.0 I was able to sidestep the issue by building
with `--disable-keyring' but this no longer works (I think due to
9866a33cbb7046891dec3dcc9ca2015828673afe)
Any clues on what might be the cause? Not sure how to debug.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1897194/+subscriptions
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 1897194] Re: Test failure in test-crypto-secret.c
2020-09-25 1:33 [Bug 1897194] [NEW] Test failure in test-crypto-secret.c Toolybird
2020-10-07 2:44 ` [Bug 1897194] " Toolybird
2020-10-27 7:18 ` Toolybird
@ 2020-10-28 23:18 ` Toolybird
2 siblings, 0 replies; 4+ messages in thread
From: Toolybird @ 2020-10-28 23:18 UTC (permalink / raw)
To: qemu-devel
> systemd-nspawn containers don't have CAP_SYS_ADMIN
Above statement is utter bollocks. Please ignore..
I finally got to the bottom of all this and now have the test suite passing.
- don't use `--disable-keyring', it's busted
- systemd-nspawn containers need to be configured with additional
capabilities/syscalls (see below)
I noticed another test failing (postcopy-ram in tests/qtest/migration-
test.c). It needs access to munlockall which is covered by CAP_IPC_LOCK
capability.
Here is my .nspawn config needed to get the test suite passing inside a
systemd-nspawn container:
[Exec]
Capability=CAP_IPC_LOCK
SystemCallFilter=add_key keyctl
** Changed in: qemu
Status: New => Invalid
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1897194
Title:
Test failure in test-crypto-secret.c
Status in QEMU:
Invalid
Bug description:
When running qemu test suite I'm seeing a test failure:
ERROR:../qemu/tests/test-crypto-secret.c:144:test_secret_keyring_good:
assertion failed: (key >= 0)
Host is Arch Linux running in the standard Arch build environment
(essentially an nspawn container).
I first noticed this at release of 5.1.0 but it's still there on
current trunk. For 5.1.0 I was able to sidestep the issue by building
with `--disable-keyring' but this no longer works (I think due to
9866a33cbb7046891dec3dcc9ca2015828673afe)
Any clues on what might be the cause? Not sure how to debug.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1897194/+subscriptions
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-10-28 23:32 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-25 1:33 [Bug 1897194] [NEW] Test failure in test-crypto-secret.c Toolybird
2020-10-07 2:44 ` [Bug 1897194] " Toolybird
2020-10-27 7:18 ` Toolybird
2020-10-28 23:18 ` Toolybird
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.