From 341d3f0cba0511411caffd2ac5a6c8dfb7a022ef Mon Sep 17 00:00:00 2001
From: Chris Koch <chrisko@google.com>
Date: Sat, 31 Mar 2018 17:50:50 -0600
Subject: [PATCH] unix: solicit EPERM via wrong PID in creds test.

In a Linux user namespace that doesn't have UID 0 mapped, WriteMsgUnix
will return an EINVAL as the uid-valid-in-uns check comes first in the
kernel.

Even if in a user and PID namespace, using the wrong PID in Ucred will
always give EPERM.
---
 unix/creds_test.go | 33 +++++++++++++++------------------
 1 file changed, 15 insertions(+), 18 deletions(-)

diff --git a/unix/creds_test.go b/unix/creds_test.go
index 6b292b19..cff90010 100644
--- a/unix/creds_test.go
+++ b/unix/creds_test.go
@@ -72,27 +72,24 @@ func TestSCMCredentials(t *testing.T) {
 		defer cli.Close()
 
 		var ucred unix.Ucred
-		if os.Getuid() != 0 {
-			ucred.Pid = int32(os.Getpid())
-			ucred.Uid = 0
-			ucred.Gid = 0
-			oob := unix.UnixCredentials(&ucred)
-			_, _, err := cli.(*net.UnixConn).WriteMsgUnix(nil, oob, nil)
-			if op, ok := err.(*net.OpError); ok {
-				err = op.Err
-			}
-			if sys, ok := err.(*os.SyscallError); ok {
-				err = sys.Err
-			}
-			if err != syscall.EPERM {
-				t.Fatalf("WriteMsgUnix failed with %v, want EPERM", err)
-			}
-		}
-
-		ucred.Pid = int32(os.Getpid())
+		ucred.Pid = int32(os.Getpid() - 1)
 		ucred.Uid = uint32(os.Getuid())
 		ucred.Gid = uint32(os.Getgid())
 		oob := unix.UnixCredentials(&ucred)
+		_, _, err = cli.(*net.UnixConn).WriteMsgUnix(nil, oob, nil)
+		if op, ok := err.(*net.OpError); ok {
+			err = op.Err
+		}
+		if sys, ok := err.(*os.SyscallError); ok {
+			err = sys.Err
+		}
+		if err != syscall.EPERM {
+			t.Fatalf("WriteMsgUnix failed with %v, want EPERM", err)
+		}
+
+		// Fix the PID.
+		ucred.Pid = int32(os.Getpid())
+		oob = unix.UnixCredentials(&ucred)
 
 		// On SOCK_STREAM, this is internally going to send a dummy byte
 		n, oobn, err := cli.(*net.UnixConn).WriteMsgUnix(nil, oob, nil)