tests: guix-daemon: Check that build processes can chown to “kvm”.

* gnu/tests/base.scm (guix-daemon-test-cases)[chown-snippet]: New variable. ["kvm GID mapped"]: New test. Change-Id: I0ce7a9250539766628eb2459d60abce7c05a36ee
2026-01-25 03:55:08 -06:00 · 2025-06-06 16:00:15 +02:00 · 2025-06-06 16:00:15 +02:00 · 633ed510fa
commit 633ed510fa
parent ab01e5adb2
1 changed files with 37 additions and 0 deletions
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@ -1116,6 +1116,32 @@ non-ASCII names from /tmp.")
 evaluated in MARIONETTE, a gexp denoting a marionette (system under test).
 Assume that an unprivileged account for 'user' exists on the system under
 test."
+  (define chown-snippet
+    ;; XXX: This snippet exists primarily so that #$output is understood in
+    ;; the right context.
+    '(object->string
+      `(begin
+         (use-modules (guix)
+                      (gnu packages bootstrap))
+         (computed-file "chown-to-supplementary-group"
+                        #~(begin
+                            (use-modules (srfi srfi-1))
+
+                            ',(gettimeofday)      ;nonce
+                            (let* ((groups (getgroups))
+                                   (other (find (lambda (gid)
+                                                  (not (= gid (getgid))))
+                                                (vector->list groups))))
+                              (format #t "attempting to chown \
+to supplementary group ~a...~%" other)
+                              (pk 'supplementary-groups (getgroups)
+                                  'gid (getgid) 'other other)
+                              (force-output)
+                              (mkdir "test")
+                              (chown "test" (getuid) other)
+                              (mkdir #$output)))
+                        #:guile %bootstrap-guile))))
+
  #~(begin
      (test-equal "guix describe"
        0
@ -1143,6 +1169,17 @@ test."
                               hello))
                         #$marionette))

+      (test-equal "kvm GID mapped"
+        0
+        ;; The "kvm" group should be among the supplementary groups of the
+        ;; build user.  Try to chown a file to that group; this fails with
+        ;; EINVAL when running the unprivileged guix-daemon and the "kvm" GID
+        ;; is not mapped in its user namespace.  See
+        ;; <https://bugs.gnu.org/77862>.
+        (marionette-eval
+         '(system* "guix" "build" "--no-grafts" "-e" #$chown-snippet)
+         #$marionette))
+
      (test-equal "guix install hello"
        0
        ;; Check that ~/.guix-profile & co. are properly created.