Devel--Cover
Devel--Cover copied to clipboard
pjcj
database permissions when program switches user
Hi,
I'm trying to use Devel::Cover to check a program that at some point forks a process which unshares its user namespace. This means, that the forked process doesn't have permissions to write to the coverage database anymore (which is owned by the original user). The code in question is this single script:
https://gitlab.mister-muffin.de/josch/mmdebstrap/blob/master/mmdebstrap
I tried running it like this (this will only work on Debian or derivative distributions where apt is installed):
perl -MDevel::Cover ./mmdebstrap sid > out.tar
And I'm getting tons of these:
Devel::Cover: Oops, it looks like something went wrong writing the coverage.
It's possible that more bad things may happen but we'll try to
carry on anyway as if nothing happened. At a minimum you'll
probably find that you are missing coverage. If you're
interested, the problem was:
Can't open /home/josch/git/mmdebstrap/cover_db/structure/0c12d88d5b8246a5dbbcd20b6ab8a97d.lock: Permission denied
What options do I have to still get coverage data if the code that is run doesn't have permissions to access the original database?
Thanks!
I have similar problems when I don't use the "unshare" mode of my program but execute it directly as superuser via sudo. In that case, the normal user cannot run cover anymore. If I try, I get lots of cannot remove directory, cannot unlink file and cannot restore permissions errors.
I'm sure there is a better way but the only workaround I found so far for this problem was the following crazy approach:
fallocate -l 10M cover_db.img
sudo mkfs.vfat cover_db.img
sudo mount -o loop,umask=000 cover_db.img cover_db
Since vfat is unable to store ownership, all files will have the same ownership information and the umask makes sure that everybody can read and write into it.