bug: drop_privileges_succeeds_for_current_user test fails as non-root due to initgroups requiring CAP_SETGID #622
Description
Agent Diagnostic
Discovered during routine mise run test verification on branch test/verify-rust-tests.
Investigation findings:
cargo test --workspaceshows 329 passed, 1 failed, 0 ignored- Failing test:
process::tests::drop_privileges_succeeds_for_current_userincrates/openshell-sandbox/src/process.rs:578 - Root cause:
drop_privileges()callsnix::unistd::initgroups()wheneverrun_as_useris set (line 417).initgroups(3)internally callssetgroups(2), which requiresCAP_SETGID/ root — even when the target user is identical to the current user. - Introduced in commit
5e7a2f2d("fix(sandbox): verify effective UID/GID after privilege drop") - The test comment states "without needing root" but the
initgroupscall on the non-macOS path contradicts this.
Affected platforms: Linux (non-macOS). The initgroups call is inside a #[cfg(not(any(target_os = "macos", ...)))] block.
Description
Actual behavior: drop_privileges_succeeds_for_current_user panics with assertion failed: drop_privileges(&policy).is_ok() when run as a non-root user. The initgroups() call returns EPERM.
Expected behavior: The test should pass when run as an unprivileged user, as its stated intent is to exercise the post-condition verification path (GID/UID checks after setgid/setuid) without requiring root.
Reproduction Steps
- Clone the repo and run as a non-root user
cargo test -p openshell-sandbox --lib process::tests::drop_privileges_succeeds_for_current_user- Observe failure
Environment
- OS: Linux
- OpenShell: main branch (post-commit
5e7a2f2d)
Logs
---- process::tests::drop_privileges_succeeds_for_current_user stdout ----
thread 'process::tests::drop_privileges_succeeds_for_current_user' panicked at crates/openshell-sandbox/src/process.rs:578:9:
assertion failed: drop_privileges(&policy).is_ok()
failures:
process::tests::drop_privileges_succeeds_for_current_user
test result: FAILED. 329 passed; 1 failed; 0 ignored; 0 measured