09/11: tests: guix-daemon: Check that build processes can chown to “kvm”.

[guix-commits]

guix_mirror_bot pushed a commit to branch master
in repository guix.

commit 633ed510fa733861cd4b717c5a4e34bf5be7ef8e
Author: Ludovic Courtès <l...@gnu.org>
AuthorDate: Fri Jun 6 16:00:15 2025 +0200

    tests: guix-daemon: Check that build processes can chown to “kvm”.
    
    * gnu/tests/base.scm (guix-daemon-test-cases)[chown-snippet]: New
    variable.
    ["kvm GID mapped"]: New test.
    
    Change-Id: I0ce7a9250539766628eb2459d60abce7c05a36ee
---
 gnu/tests/base.scm | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm
index f96d781b52..659b754802 100644
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@@ -1116,6 +1116,32 @@ non-ASCII names from /tmp.")
 evaluated in MARIONETTE, a gexp denoting a marionette (system under test).
 Assume that an unprivileged account for 'user' exists on the system under
 test."
+  (define chown-snippet
+    ;; XXX: This snippet exists primarily so that #$output is understood in
+    ;; the right context.
+    '(object->string
+      `(begin
+         (use-modules (guix)
+                      (gnu packages bootstrap))
+         (computed-file "chown-to-supplementary-group"
+                        #~(begin
+                            (use-modules (srfi srfi-1))
+
+                            ',(gettimeofday)      ;nonce
+                            (let* ((groups (getgroups))
+                                   (other (find (lambda (gid)
+                                                  (not (= gid (getgid))))
+                                                (vector->list groups))))
+                              (format #t "attempting to chown \
+to supplementary group ~a...~%" other)
+                              (pk 'supplementary-groups (getgroups)
+                                  'gid (getgid) 'other other)
+                              (force-output)
+                              (mkdir "test")
+                              (chown "test" (getuid) other)
+                              (mkdir #$output)))
+                        #:guile %bootstrap-guile))))
+
   #~(begin
       (test-equal "guix describe"
         0
@@ -1143,6 +1169,17 @@ test."
                                hello))
                          #$marionette))
 
+      (test-equal "kvm GID mapped"
+        0
+        ;; The "kvm" group should be among the supplementary groups of the
+        ;; build user.  Try to chown a file to that group; this fails with
+        ;; EINVAL when running the unprivileged guix-daemon and the "kvm" GID
+        ;; is not mapped in its user namespace.  See
+        ;; <https://bugs.gnu.org/77862>.
+        (marionette-eval
+         '(system* "guix" "build" "--no-grafts" "-e" #$chown-snippet)
+         #$marionette))
+
       (test-equal "guix install hello"
         0
         ;; Check that ~/.guix-profile & co. are properly created.