Skip to content

Update busybox:glibc in integration tests to latest builds #4842

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Update busybox:glibc in integration tests to latest builds #4842

wants to merge 2 commits into from

Conversation

tianon
Copy link
Member

@tianon tianon commented Aug 7, 2025

The repo structure changed a little, but it was trivial enough to adapt to (given I knew exactly where to point the hammer 😂 ❤️). 👍

@kolyshkin want to give this a try? I know you said 1.35.1, but I went all the way to 1.37.0 because it's worth trying latest instead first, right? (Worst case I update and walk it back again 😅)

kolyshkin
kolyshkin reviewed Aug 7, 2025
View reviewed changes
tests/integration/bootstrap-get-images.sh Outdated
@@ -10,7 +10,7 @@ set -Eeuo pipefail

images=(
# pinned to an older BusyBox (prior to 1.36 becoming "latest") because 1.36.0 has some unresolved bugs, especially around sha256sum
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: this comment is now outdated.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops, good catch! Updated with a link to the commit history of the library/busybox file so it's hopefully more clear where the commit hash comes from. 👍

@kolyshkin
Copy link
Contributor

@ricardobranco777 can you test if this fixes #4836 for you?

@ricardobranco777
Copy link

@ricardobranco777 can you test if this fixes #4836 for you?

Sure, thanks!

@ricardobranco777 ricardobranco777 mentioned this pull request Aug 7, 2025
Draft
@ricardobranco777
Copy link

@ricardobranco777 can you test if this fixes #4836 for you?

It works for other architectures but continues failing on ppc64le: https://openqa.opensuse.org/tests/5228054

The coredump is available at https://openqa.opensuse.org/tests/5228054/file/runc-unshare.44911.core.gz

I notice other coredumps for mkdir in https://openqa.opensuse.org/tests/5228054#downloads

@ricardobranco777
Copy link

ricardobranco777 commented Aug 8, 2025
edited
Loading

I notice other coredumps for mkdir in https://openqa.opensuse.org/tests/5228054#downloads

https://openqa.opensuse.org/tests/5228054/file/runc-coredumpctl.txt

Weird that mkdir was killed with SIGSYS but this is not exclusive to ppc64le.

TIME                          PID  UID  GID SIG     COREFILE EXE            SIZE
Thu 2025-08-07 14:28:11 EDT 16817 1000 1000 SIGSYS  present  /bin/mkdir   203.8K
Thu 2025-08-07 14:28:12 EDT 16903 1000 1000 SIGSYS  present  /bin/mkdir   203.7K
Thu 2025-08-07 14:31:36 EDT 44911    0    0 SIGSEGV present  /bin/unshare 204.2K
Thu 2025-08-07 14:32:02 EDT 49319    0    0 SIGSYS  present  /bin/mkdir   203.8K
Thu 2025-08-07 14:32:03 EDT 49405    0    0 SIGSYS  present  /bin/mkdir   203.8K

The mkdir part is not exclusive to ppc64le but also seen on x86_64:
https://openqa.suse.de/tests/18719598/logfile?filename=runc-coredumpctl.txt

@kolyshkin

This comment was marked as outdated.

Sign in to view
@kolyshkin
Copy link
Contributor

I notice other coredumps for mkdir in https://openqa.opensuse.org/tests/5228054#downloads
The mkdir part is not exclusive to ppc64le but also seen on x86_64: https://openqa.suse.de/tests/18719598/logfile?filename=runc-coredumpctl.txt

Again, this is part of test. We check that seccomp we specify in spec is properly applied, and use mkdir. Here's the test:

runc/tests/integration/seccomp.bats

Lines 155 to 166 in 89c46a9

@test "runc run [seccomp] (SCMP_ACT_KILL)" {
update_config ' .process.args = ["/bin/sh", "-c", "mkdir /dev/shm/foo"]
| .process.noNewPrivileges = false
| .linux.seccomp = {
"defaultAction":"SCMP_ACT_ALLOW",
"architectures":["SCMP_ARCH_X86","SCMP_ARCH_X32","SCMP_ARCH_X86_64","SCMP_ARCH_AARCH64","SCMP_ARCH_ARM"],
"syscalls":[{"names":["mkdir","mkdirat"], "action":"SCMP_ACT_KILL"}]
}'
runc run test_busybox
[ "$status" -ne 0 ]
}

@kolyshkin
Copy link
Contributor

I notice other coredumps for mkdir in https://openqa.opensuse.org/tests/5228054#downloads
The mkdir part is not exclusive to ppc64le but also seen on x86_64: https://openqa.suse.de/tests/18719598/logfile?filename=runc-coredumpctl.txt

Again, this is part of test. We check that seccomp we specify in spec is properly applied, and use mkdir. Here's the test:

runc/tests/integration/seccomp.bats

Lines 155 to 166 in 89c46a9

@test "runc run [seccomp] (SCMP_ACT_KILL)" {
update_config ' .process.args = ["/bin/sh", "-c", "mkdir /dev/shm/foo"]
| .process.noNewPrivileges = false
| .linux.seccomp = {
"defaultAction":"SCMP_ACT_ALLOW",
"architectures":["SCMP_ARCH_X86","SCMP_ARCH_X32","SCMP_ARCH_X86_64","SCMP_ARCH_AARCH64","SCMP_ARCH_ARM"],
"syscalls":[{"names":["mkdir","mkdirat"], "action":"SCMP_ACT_KILL"}]
}'
runc run test_busybox
[ "$status" -ne 0 ]
}

In this case, seccomp acts as if the program got SIGSYS.

@ricardobranco777
Copy link

In this case, seccomp acts as if the program got SIGSYS.

Of course. Now it makes sense! Thanks.

@kolyshkin
Copy link
Contributor

@ricardobranco777 I see no other way as to build busybox's unshare with debug info on and run it in your environment, instead of a bundled unshare binary from the bb image.

@ricardobranco777
Copy link

@ricardobranco777 I see no other way as to build busybox's unshare with debug info on and run it in your environment, instead of a bundled unshare binary from the bb image.

Thanks for the suggestion. I'll try this on Monday.

tianon
tianon commented Aug 8, 2025
View reviewed changes
tests/integration/get-images.sh Outdated
# https://github.com/docker-library/busybox/tree/9ca13bc214717966383cf97e08606b444b7300e4/stable/glibc
url="https://github.com/docker-library/busybox/raw/9ca13bc214717966383cf97e08606b444b7300e4/stable/glibc/busybox.tar.xz"
# https://github.com/docker-library/busybox/tree/3bbb15b7efd6d99a73690516b4499b6642f97ef5/latest/glibc/ppc64le
url="https://github.com/docker-library/busybox/raw/3bbb15b7efd6d99a73690516b4499b6642f97ef5/latest/glibc/ppc64le/rootfs.tar.gz"
Copy link
Member Author

@tianon tianon Aug 8, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've hacked up a build of this with busybox_unstripped so that it hopefully contains debug symbols (and thus will hopefully generate a more useful/helpful core dump):

Suggested change
url="https://github.com/docker-library/busybox/raw/3bbb15b7efd6d99a73690516b4499b6642f97ef5/latest/glibc/ppc64le/rootfs.tar.gz"
url="https://github.com/docker-library/busybox/raw/83c2287084a6f001a67d97fdfa23497c75520f2a/latest/glibc/ppc64le/rootfs.tar.gz"

docker-library/busybox@83c2287

Copy link
Member Author

@tianon tianon Aug 8, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can also commit this with a DNM: commit to this PR if you need me to in order to feed it into your OpenQA system; just let me know 👍

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can also commit this with a DNM: commit to this PR if you need me to in order to feed it into your OpenQA system; just let me know 👍

Cool, let's try this.

@ricardobranco777 ricardobranco777 mentioned this pull request Aug 8, 2025
Merged
@tianon
Copy link
Member Author

tianon commented Aug 9, 2025

Ok, PR updated (temporarily) with a new commit that switches ppc64le specifically to my hacked busybox_unstripped build which should hopefully still have debugging symbols, if I've done everything correctly.

@kolyshkin kolyshkin marked this pull request as draft August 9, 2025 05:54
@ricardobranco777
Copy link

ricardobranco777 commented Aug 9, 2025
edited
Loading

Ok, PR updated (temporarily) with a new commit that switches ppc64le specifically to my hacked busybox_unstripped build which should hopefully still have debugging symbols, if I've done everything correctly.

Here is the generated core: https://openqa.opensuse.org/tests/5231369/file/runc-core.unshare.45076.core.xz

Unfortunately, the glibc libraries are stripped on the rootfs.

Thanks!

@kolyshkin
Copy link
Contributor

Here is the generated core: https://openqa.opensuse.org/tests/5231369/file/runc-core.unshare.45076.core.xz

With this, I got:

(gdb) bt
#0  0x8a286245445664b0 in ?? ()
#1  0x000000012a4a51f0 in safe_waitpid ()

I'm puzzled as to why unshare calls waitpid.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kolyshkin kolyshkin kolyshkin left review comments

+1 more reviewer

@ricardobranco777 ricardobranco777 ricardobranco777 left review comments

Reviewers whose approvals may not affect merge requirements

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tianon @kolyshkin @ricardobranco777