Agent Diagnostic
Discovered during routine mise run test verification on branch test/verify-rust-tests.
Investigation findings:
cargo test --workspace shows 329 passed, 1 failed, 0 ignored- Failing test:
process::tests::drop_privileges_succeeds_for_current_user in crates/openshell-sandbox/src/process.rs:578
- Root cause:
drop_privileges() calls nix::unistd::initgroups() whenever run_as_user is set (line 417). initgroups(3) internally calls setgroups(2), which requires CAP_SETGID / root — even when the target user is identical to the current user.
- Introduced in commit
5e7a2f2d ("fix(sandbox): verify effective UID/GID after privilege drop")
- The test comment states "without needing root" but the
initgroups call on the non-macOS path contradicts this.
Affected platforms: Linux (non-macOS). The initgroups call is inside a #[cfg(not(any(target_os = "macos", ...)))] block.
Description
Actual behavior: drop_privileges_succeeds_for_current_user panics with assertion failed: drop_privileges(&policy).is_ok() when run as a non-root user. The initgroups() call returns EPERM.
Expected behavior: The test should pass when run as an unprivileged user, as its stated intent is to exercise the post-condition verification path (GID/UID checks after setgid/setuid) without requiring root.
Reproduction Steps
- Clone the repo and run as a non-root user
cargo test -p openshell-sandbox --lib process::tests::drop_privileges_succeeds_for_current_user- Observe failure
Environment
- OS: Linux
- OpenShell: main branch (post-commit
5e7a2f2d)
Logs
---- process::tests::drop_privileges_succeeds_for_current_user stdout ----
thread 'process::tests::drop_privileges_succeeds_for_current_user' panicked at crates/openshell-sandbox/src/process.rs:578:9:
assertion failed: drop_privileges(&policy).is_ok()
failures:
process::tests::drop_privileges_succeeds_for_current_user
test result: FAILED. 329 passed; 1 failed; 0 ignored; 0 measured
Agent Diagnostic
Discovered during routine
mise run testverification on branchtest/verify-rust-tests.Investigation findings:
cargo test --workspaceshows 329 passed, 1 failed, 0 ignoredprocess::tests::drop_privileges_succeeds_for_current_userincrates/openshell-sandbox/src/process.rs:578drop_privileges()callsnix::unistd::initgroups()wheneverrun_as_useris set (line 417).initgroups(3)internally callssetgroups(2), which requiresCAP_SETGID/ root — even when the target user is identical to the current user.5e7a2f2d("fix(sandbox): verify effective UID/GID after privilege drop")initgroupscall on the non-macOS path contradicts this.Affected platforms: Linux (non-macOS). The
initgroupscall is inside a#[cfg(not(any(target_os = "macos", ...)))]block.Description
Actual behavior:
drop_privileges_succeeds_for_current_userpanics withassertion failed: drop_privileges(&policy).is_ok()when run as a non-root user. Theinitgroups()call returnsEPERM.Expected behavior: The test should pass when run as an unprivileged user, as its stated intent is to exercise the post-condition verification path (GID/UID checks after
setgid/setuid) without requiring root.Reproduction Steps
cargo test -p openshell-sandbox --lib process::tests::drop_privileges_succeeds_for_current_userEnvironment
5e7a2f2d)Logs