search

bus1 / dbus-broker

Linux D-Bus Message Broker
https://github.com/bus1/dbus-broker/wiki
Apache License 2.0
661 stars 78 forks source link

A couple of test tweaks #350

Closed mrc0mmand closed 3 months ago

mrc0mmand commented 3 months ago

This gets rid of two meson deprecation warnings and also makes most (*) of the reference tests work with newer dbus-daemon (F39 and Rawhide), that started using path-based sockets instead of abstract ones.

(*) 

$ meson test -C build --suite 'dbus-daemon(1)' --print-errorlogs                                                                                                                            
ninja: Entering directory `/home/fsumsal/repos/dbus-broker/build'                                                                                                                           
[7/7] Linking target test/dbus/test-fdstream                                                                                                                                                
1/5 dbus-broker:dbus-daemon(1) / FD Stream Constraints        SKIP            0.01s   exit status 77
2/5 dbus-broker:dbus-daemon(1) / Broker API                   OK              0.01s                                                                                                         
3/5 dbus-broker:dbus-daemon(1) / Client Lifetime              OK              0.02s           
4/5 dbus-broker:dbus-daemon(1) / Signals and Matches          OK              0.03s                                                                                                         
dbus-broker:dbus-daemon(1) / Driver API time out (After 30 seconds)                                                                                                                         
5/5 dbus-broker:dbus-daemon(1) / Driver API                   TIMEOUT        30.01s   killed by signal 6 SIGABRT

The last test fails in this test case: https://github.com/bus1/dbus-broker/blob/db8f3cacd5b72d8e32d627cbe06d09546d1ecf65/test/dbus/test-driver.c#L1742-L1754

because there's no UnixGroupIDs sent back. I can reproduce this on latest Fedora Rawhide if I switch from dbus-broker to dbus-daemon and issue the D-Bus call directly:

# rpm -q dbus-daemon
dbus-daemon-1.14.10-3.fc40.x86_64
# busctl call org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus GetConnectionCredentials s org.freedesktop.DBus
a{sv} 2 "ProcessID" u 582 "UnixUserID" u 81

Doing the same with dbus-broker seems to return "expected" results:

# rpm -q dbus-broker
dbus-broker-35-4.fc40.x86_64
# busctl call org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus GetConnectionCredentials s org.freedesktop.DBus
a{sv} 5 "UnixUserID" u 0 "ProcessID" u 578 "UnixGroupIDs" au 1 0 "LinuxSecurityLabel" ay 48 115 121 115 116 101 109 95 117 58 115 121 115 116 101 109 95 114 58 115 121 115 116 101 109 95 100 98 117 115 100 95 116 58 115 48 45 115 48 58 99 48 46 99 49 48 50 51 0 "ProcessFD" h 4

I'm not sure if this is a bug or not (or at least I couldn't find anything obvious in dbus-daemon's release notes, apart from maybe this bugfix that's in v1.15.8).

teg commented 3 months ago

Thanks for this @mrc0mmand !

Do you have any idea if the remaining failure is a regression (I assume so, but have not tested this manually in a very long time)?

@smcv do you happen to know if this is expected?

smcv commented 3 months ago

dbus-daemon 1.14.10 should be able to implement UnixGroupIDs if the stars align appropriately: it needs to have been compiled with a new enough glibc and run on a new enough kernel, and the getsockopt needs to not be prevented (for example by SELinux or whatever). It includes the same bug fix for a valid-but-empty supplementary group list as 1.15.8.

The fact that you're also not seeing a LinuxSecurityLabel in your GetConnectionCredentials call suggests that either this is not an apples-to-apples comparison, or something else is going wrong, because LinuxSecurityLabel should have been available on systems with SELinux for a long time.

mrc0mmand commented 3 months ago

Thanks for this @mrc0mmand !

Do you have any idea if the remaining failure is a regression (I assume so, but have not tested this manually in a very long time)?

I did some more testing and can reproduce it even with dbus-daemon-1.15.8-1.fc41.x86_64 (after building it locally, with SELinux in permissive mode):

# busctl call org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus GetConnectionCredentials s org.freedesktop.DBus
a{sv} 3 "ProcessID" u 601 "UnixUserID" u 81 "ProcessFD" h 4

But the same stuff happens on Arch Linux, again after switching from dbus-broker to dbus-daemon (here the lack of LinuxSecurityLabel is expected, since Arch doesn't do SELinux by default):

# pacman -Q dbus-daemon-units
dbus-daemon-units 1.14.10-2
# busctl call org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus GetConnectionCredentials s org.freedesktop.DBus
a{sv} 2 "ProcessID" u 370 "UnixUserID" u 81

With dbus-broker I get:

# pacman -Q dbus-broker-units
dbus-broker-units 35-2
# busctl call org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus GetConnectionCredentials s org.freedesktop.DBus
a{sv} 4 "UnixUserID" u 0 "ProcessID" u 375 "UnixGroupIDs" au 1 0 "ProcessFD" h 4