From: Ralph Boehme Date: Tue, 19 Dec 2023 10:12:49 +0000 (+0100) Subject: CI: disable /proc/fds and RESOLVE_NO_SYMLINK in samba-no-opath-build runner X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=4c4f086dfdbc68880e3d76e2a8aa6d818f925444;p=janger%2Fsamba-autobuild-v4-19-test%2F.git CI: disable /proc/fds and RESOLVE_NO_SYMLINK in samba-no-opath-build runner This is a more sensible combination of missing Linux specific features: - O_PATH - openat2() with RESOLVE_NO_SYMLINKS - somehow safely reopen an O_PATH file handle Currently only O_PATH is disabled for these jobs, but that doesn't really match and know OS. The following list shows which features are available and used by Samba on a few OSes: | O_PATH | RESOLVE_NO_SYMLINKS | Safe reopen | CI covered --------|----------------|---------------------|---------------------------- | Supported Used | Supported Used | Supported Used | ============================================================================ Linux | + + | + + | + + | + FreeBSD | + + | + [1] - | + [2] - | - AIX | - - | - - | - - | + So by also disabling RESOLVE_NO_SYMLINKS and Safe Reopen, we cover classic UNIX systems like AIX. [1] via open() flag O_RESOLVE_BENEATH [2] via open() flag O_EMPTY_PATH BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke (cherry picked from commit 62cbe145c7e500c4759ed2005c78bd5056c87f43) --- diff --git a/script/autobuild.py b/script/autobuild.py index e074c39d3c0..85043032d73 100755 --- a/script/autobuild.py +++ b/script/autobuild.py @@ -296,7 +296,7 @@ tasks = { "samba-no-opath-build": { "git-clone-required": True, "sequence": [ - ("configure", "ADDITIONAL_CFLAGS='-DDISABLE_OPATH=1' ./configure.developer --without-ad-dc " + samba_configure_params), + ("configure", "ADDITIONAL_CFLAGS='-DDISABLE_OPATH=1 -DDISABLE_VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS=1 -DDISABLE_PROC_FDS=1' ./configure.developer --without-ad-dc " + samba_configure_params), ("make", "make -j"), ("check-clean-tree", CLEAN_SOURCE_TREE_CMD), ("chmod-R-a-w", "chmod -R a-w ."), diff --git a/selftest/skip.opath-required b/selftest/skip.opath-required index c3a13f5ec6e..67764a0b027 100644 --- a/selftest/skip.opath-required +++ b/selftest/skip.opath-required @@ -14,3 +14,9 @@ # available this works fine. So for now restrict testing posix # extensions to environments where we have O_PATH around ^samba.tests.smb1posix + +# These don't work without /proc/fd support +^samba3.blackbox.test_symlink_traversal.*\(fileserver\) +^samba3.blackbox.shadow_copy_torture.*\(fileserver\) +^samba3.blackbox.virus_scanner.*\(fileserver:local\) +^samba3.blackbox.shadow_copy2.*\(fileserver.*\)