Title: test_prlimit from test_resource fails when building python3 inside systemd-nspawn environment
Type: Stage: resolved
Components: Versions: Python 3.7, Python 3.6
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: cstratak, miss-islington, petr.viktorin, torsava, vstinner
Priority: normal Keywords: patch

Created on 2017-08-07 16:43 by cstratak, last changed 2018-09-13 23:39 by benjamin.peterson. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 9280 merged benjamin.peterson, 2018-09-13 21:17
PR 9283 merged miss-islington, 2018-09-13 21:53
PR 9284 merged miss-islington, 2018-09-13 21:53
Messages (7)
msg299852 - (view) Author: Charalampos Stratakis (cstratak) * Date: 2017-08-07 16:43
FAIL: test_prlimit (test.test_resource.ResourceTest)
Traceback (most recent call last):
  File "/builddir/build/BUILD/Python-3.6.2/Lib/test/support/", line 556, in wrapper
    return func(*args, **kw)
  File "/builddir/build/BUILD/Python-3.6.2/Lib/test/", line 153, in test_prlimit
    1, resource.RLIMIT_AS)
AssertionError: PermissionError not raised by prlimit

I observed this issue when mock [0] the underlying build system we use in Fedora started using the systemd-nspawn container technology instead of chroot [1][2] in order to create a minimal build environment.

msg299853 - (view) Author: Tomas Orsava (torsava) * Date: 2017-08-07 16:55
So the issue seems to be that Python believes it's run without root privileges, but it's mistaken because it indeed has root.
msg299866 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2017-08-07 20:20
Maybe we should simply skip the test if the user is root? If os.getuid()==0.
msg300979 - (view) Author: Petr Viktorin (petr.viktorin) * (Python committer) Date: 2017-08-29 09:54
The test is already skipped if the user is root. It verifies that process 1 can't be touched by non-root users.

The problem is an assumption that process with PID 1 belongs to root. That assumption isn't true in containers: PID 1 is whatever the container was started with -- in this case, likely a test runner or build system.

On Linux, we could check if `/proc/1` actually belongs to root. I don't know about other systems, though.
Would that change be acceptable?
msg325297 - (view) Author: miss-islington (miss-islington) Date: 2018-09-13 21:53
New changeset 01e0afa994c2e840f85e2de103e72a2c0ddf1b1f by Miss Islington (bot) (Benjamin Peterson) in branch 'master':
bpo-31132: Remove prlimit permission test. (GH-9280)
msg325299 - (view) Author: miss-islington (miss-islington) Date: 2018-09-13 22:13
New changeset 2b162941c0793e0dd5533ee3090901cba9d8cf7d by Miss Islington (bot) in branch '3.7':
bpo-31132: Remove prlimit permission test. (GH-9280)
msg325301 - (view) Author: miss-islington (miss-islington) Date: 2018-09-13 22:22
New changeset f79d74d5a3ceb06b63996e8ecf23e419e16e4be2 by Miss Islington (bot) in branch '3.6':
bpo-31132: Remove prlimit permission test. (GH-9280)
Date User Action Args
2018-09-13 23:39:23benjamin.petersonsetstatus: open -> closed
resolution: fixed
stage: patch review -> resolved
2018-09-13 22:22:19miss-islingtonsetmessages: + msg325301
2018-09-13 22:13:59miss-islingtonsetmessages: + msg325299
2018-09-13 21:53:28miss-islingtonsetpull_requests: + pull_request8714
2018-09-13 21:53:21miss-islingtonsetpull_requests: + pull_request8713
2018-09-13 21:53:13miss-islingtonsetnosy: + miss-islington
messages: + msg325297
2018-09-13 21:17:08benjamin.petersonsetkeywords: + patch
stage: patch review
pull_requests: + pull_request8712
2018-09-13 21:17:02petr.viktorinlinkissue34668 superseder
2017-08-29 09:54:20petr.viktorinsetnosy: + petr.viktorin
messages: + msg300979
2017-08-07 20:20:00vstinnersetnosy: + vstinner
messages: + msg299866
2017-08-07 16:55:50torsavasetnosy: + torsava
messages: + msg299853
2017-08-07 16:43:22cstratakcreate