From 633ed510fa733861cd4b717c5a4e34bf5be7ef8e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Fri, 6 Jun 2025 16:00:15 +0200
Subject: [PATCH] =?UTF-8?q?tests:=20guix-daemon:=20Check=20that=20build=20?=
 =?UTF-8?q?processes=20can=20chown=20to=20=E2=80=9Ckvm=E2=80=9D.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* gnu/tests/base.scm (guix-daemon-test-cases)[chown-snippet]: New
variable.
["kvm GID mapped"]: New test.

Change-Id: I0ce7a9250539766628eb2459d60abce7c05a36ee
---
 gnu/tests/base.scm | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm
index f96d781b523..659b754802f 100644
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@@ -1116,6 +1116,32 @@ non-ASCII names from /tmp.")
 evaluated in MARIONETTE, a gexp denoting a marionette (system under test).
 Assume that an unprivileged account for 'user' exists on the system under
 test."
+  (define chown-snippet
+    ;; XXX: This snippet exists primarily so that #$output is understood in
+    ;; the right context.
+    '(object->string
+      `(begin
+         (use-modules (guix)
+                      (gnu packages bootstrap))
+         (computed-file "chown-to-supplementary-group"
+                        #~(begin
+                            (use-modules (srfi srfi-1))
+
+                            ',(gettimeofday)      ;nonce
+                            (let* ((groups (getgroups))
+                                   (other (find (lambda (gid)
+                                                  (not (= gid (getgid))))
+                                                (vector->list groups))))
+                              (format #t "attempting to chown \
+to supplementary group ~a...~%" other)
+                              (pk 'supplementary-groups (getgroups)
+                                  'gid (getgid) 'other other)
+                              (force-output)
+                              (mkdir "test")
+                              (chown "test" (getuid) other)
+                              (mkdir #$output)))
+                        #:guile %bootstrap-guile))))
+
   #~(begin
       (test-equal "guix describe"
         0
@@ -1143,6 +1169,17 @@ test."
                                hello))
                          #$marionette))
 
+      (test-equal "kvm GID mapped"
+        0
+        ;; The "kvm" group should be among the supplementary groups of the
+        ;; build user.  Try to chown a file to that group; this fails with
+        ;; EINVAL when running the unprivileged guix-daemon and the "kvm" GID
+        ;; is not mapped in its user namespace.  See
+        ;; <https://bugs.gnu.org/77862>.
+        (marionette-eval
+         '(system* "guix" "build" "--no-grafts" "-e" #$chown-snippet)
+         #$marionette))
+
       (test-equal "guix install hello"
         0
         ;; Check that ~/.guix-profile & co. are properly created.