From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: Python 3 test failures Date: Thu, 03 Apr 2014 21:51:25 +0200 Message-ID: <87ppkynqde.fsf@gnu.org> References: <877g7futo0.fsf@gnu.org> <87y4zokho0.fsf@yeeloong.lan> <87fvlwn97l.fsf@gnu.org> <87lhvnikjp.fsf@yeeloong.lan> <87ppkype5e.fsf_-_@gnu.org> <874n2aibik.fsf@yeeloong.lan> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:44299) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WVnfg-0005YF-2z for guix-devel@gnu.org; Thu, 03 Apr 2014 15:51:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WVnfb-0002L5-JL for guix-devel@gnu.org; Thu, 03 Apr 2014 15:51:32 -0400 Received: from hera.aquilenet.fr ([2a01:474::1]:58341) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WVnfb-0002Kr-D5 for guix-devel@gnu.org; Thu, 03 Apr 2014 15:51:27 -0400 In-Reply-To: <874n2aibik.fsf@yeeloong.lan> (Mark H. Weaver's message of "Thu, 03 Apr 2014 13:11:15 -0400") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Mark H Weaver Cc: guix-devel@gnu.org Mark H Weaver skribis: > ludo@gnu.org (Ludovic Court=C3=A8s) writes: > >> Mark H Weaver skribis: >> >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >>> ERROR: test_fork (test.test_pty.PtyTest) >>> ---------------------------------------------------------------------- >>> Traceback (most recent call last): >>> File "/tmp/nix-build-python-3.3.3.drv-13/Python-3.3.3/Lib/test/test_p= ty.py", line 116, in test_fork >>> pid, master_fd =3D pty.fork() >>> File "/tmp/nix-build-python-3.3.3.drv-13/Python-3.3.3/Lib/pty.py", li= ne 107, in fork >>> master_fd, slave_fd =3D openpty() >>> File "/tmp/nix-build-python-3.3.3.drv-13/Python-3.3.3/Lib/pty.py", li= ne 29, in openpty >>> master_fd, slave_name =3D _open_terminal() >>> File "/tmp/nix-build-python-3.3.3.drv-13/Python-3.3.3/Lib/pty.py", li= ne 70, in _open_terminal >>> raise os.error('out of pty devices') >>> OSError: out of pty devices >> >> This particular test is fixed by the daemon patch I posted, which makes >> sure /dev/pts/ptmx is 0666 (I=E2=80=99ll update nix-upstream.) > > What are the security implications of this? Why do you suppose that > Debian (or Linux, the kernel?) uses perms 0000 for /dev/pts/ptmx,=20 The devpts file system of Linux creates this file with perms 000 by default: https://www.kernel.org/doc/Documentation/filesystems/devpts.txt > and how it is that these tests normally work outside of guix-daemon, > when the perms are 0000? Often, outside the chroot, /dev/ptmx is directly a character device, with perms 0666. Conversely, inside the chroot it=E2=80=99s a symlink to /dev/pts/ptmx (as suggested in devpts.txt), but until this patch was applied, it had perms 000. Ludo=E2=80=99.