From debbugs-submit-bounces@debbugs.gnu.org Tue Oct 27 15:49:25 2020 Received: (at submit) by debbugs.gnu.org; 27 Oct 2020 19:49:25 +0000 Received: from localhost ([127.0.0.1]:45954 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kXUyD-0005va-EM for submit@debbugs.gnu.org; Tue, 27 Oct 2020 15:49:25 -0400 Received: from lists.gnu.org ([209.51.188.17]:39034) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kXUyC-0005vT-8M for submit@debbugs.gnu.org; Tue, 27 Oct 2020 15:49:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52934) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kXUyB-0006uB-U4 for bug-guix@gnu.org; Tue, 27 Oct 2020 15:49:23 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:57285) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kXUyB-0007ak-LW; Tue, 27 Oct 2020 15:49:23 -0400 Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=55424 helo=dundal.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kXUyB-000469-38; Tue, 27 Oct 2020 15:49:23 -0400 From: Jan Nieuwenhuizen To: bug-guix@gnu.org Subject: running a daemon with userns in relocateble pack breaks Organization: AvatarAcademy.nl X-Url: http://AvatarAcademy.nl Date: Tue, 27 Oct 2020 20:49:19 +0100 Message-ID: <87blgn30w0.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain Hi! As mentioned on IRC, running a daemon from a guix relocatable pack on a foreign distro using the user namespace feature is troublesome: it looks as if the daemon "loses" (its view of) the file-system once the parent process that creates the daemon exits. I'm attatching a package description for a test package "vork". It builds a program "test" that forks the program "daemon". The daemon program reads a character from /dev/urandom, prints it, and sleeps for a second; 10 times. The "test" parent program exits after 5 seconds. When the parent program exits, the daemon crashes. To reproduce, put "vork.scm" in a fresh directory and do something like: --8<---------------cut here---------------start------------->8--- fakeroot tar xf $(GUIX_PACKAGE_PATH=. guix pack --relocatable\ --symlink=/gnu/bin=bin guile shepherd vork --no-offload) guix gc -D $(guix build -f vork.scm) touch /tmp/daemon.log tail -f /tmp/daemon.log & GUILE_LOAD_COMPILED_PATH=$PWD/$(ls -1d gnu/store/*profile)/lib/guile/3.0/ccache\ :$PWD/$(ls -1d gnu/store/*profile)/lib/guile/3.0/site-ccache gnu/bin/test --8<---------------cut here---------------end--------------->8--- this gives something like --8<---------------cut here---------------start------------->8--- .daemon-start daemon: 10 ? .daemon: 9 ? .daemon: 8 T .daemon: 7 ^O .daemon: 6 O exit 20:42:38 janneke@dundal:~/src/guix/master/vork [env] $ 20:42:38 janneke@dundal:~/src/guix/master/vork [env] $ Backtrace: Exception thrown while printing backtrace: In procedure public-lookup: Module named (system repl debug) does not exist --8<---------------cut here---------------end--------------->8--- Greetings, Janneke --=-=-= Content-Type: application/octet-stream Content-Disposition: attachment; filename=vork.scm Content-Transfer-Encoding: base64 KGRlZmluZS1tb2R1bGUgKHZvcmspCiAgIzp1c2UtbW9kdWxlIChndWl4IGxpY2Vuc2VzKQogICM6 dXNlLW1vZHVsZSAoZ3VpeCBidWlsZC1zeXN0ZW0gdHJpdmlhbCkKICAjOnVzZS1tb2R1bGUgKGd1 aXggcGFja2FnZXMpCiAgIzp1c2UtbW9kdWxlIChnbnUgcGFja2FnZXMgYWRtaW4pCiAgIzp1c2Ut bW9kdWxlIChnbnUgcGFja2FnZXMgZ3VpbGUpCiAgIzp1c2UtbW9kdWxlIChnbnUgcGFja2FnZXMg cGtnLWNvbmZpZykpCgooZGVmaW5lLXB1YmxpYyBzaGVwaGVyZC1ndWlsZS0zLjAtbGF0ZXN0CiAg KHBhY2thZ2UKICAgIChpbmhlcml0IHNoZXBoZXJkKQogICAgKG5hdGl2ZS1pbnB1dHMKICAgICBg KCgicGtnLWNvbmZpZyIgLHBrZy1jb25maWcpCiAgICAgICAoImd1aWxlIiAsZ3VpbGUtMy4wLWxh dGVzdCkpKQogICAgKGlucHV0cwogICAgIGAoKCJndWlsZSIgLGd1aWxlLTMuMC1sYXRlc3QpKSkp KQoKKGRlZmluZS1wdWJsaWMgdm9yawogIChwYWNrYWdlCiAgICAobmFtZSAidm9yayIpCiAgICAo dmVyc2lvbiAiMCIpCiAgICAoc291cmNlICNmKQogICAgKGJ1aWxkLXN5c3RlbSB0cml2aWFsLWJ1 aWxkLXN5c3RlbSkKICAgIChpbnB1dHMgYCgoImd1aWxlIiAsZ3VpbGUtMy4wLWxhdGVzdCkKICAg ICAgICAgICAgICAoInNoZXBoZXJkIiAsc2hlcGhlcmQtZ3VpbGUtMy4wLWxhdGVzdCkpKQogICAg KGFyZ3VtZW50cwogICAgIGAoIzpndWlsZSAsZ3VpbGUtMy4wLWxhdGVzdAogICAgICAgIzptb2R1 bGVzICgoaWNlLTkgcG9wZW4pCiAgICAgICAgICAgICAgICAgIChndWl4IGJ1aWxkIHV0aWxzKSkK ICAgICAgICM6YnVpbGRlcgogICAgICAgKGJlZ2luCiAgICAgICAgICh1c2UtbW9kdWxlcyAoaWNl LTkgcG9wZW4pCiAgICAgICAgICAgICAgICAgICAgICAoZ3VpeCBidWlsZCB1dGlscykpCiAgICAg ICAgIChsZXQqICgob3V0IChhc3NvYy1yZWYgJW91dHB1dHMgIm91dCIpKQogICAgICAgICAgICAg ICAgKGJpbiAoc3RyaW5nLWFwcGVuZCBvdXQgIi9iaW4iKSkKICAgICAgICAgICAgICAgIChndWls ZSAoYXNzb2MtcmVmICVidWlsZC1pbnB1dHMgImd1aWxlIikpCiAgICAgICAgICAgICAgICAoZ3Vp bGUgKHN0cmluZy1hcHBlbmQgZ3VpbGUgIi9iaW4vZ3VpbGUiKSkKICAgICAgICAgICAgICAgIChk YWVtb24gKHN0cmluZy1hcHBlbmQgYmluICIvZGFlbW9uIikpCiAgICAgICAgICAgICAgICAodGVz dCAoc3RyaW5nLWFwcGVuZCBiaW4gIi90ZXN0IikpKQogICAgICAgICAgIChta2Rpci1wIGJpbikK ICAgICAgICAgICAoY2FsbC13aXRoLW91dHB1dC1maWxlIHRlc3QKICAgICAgICAgICAgIChsYW1i ZGEgKHApCiAgICAgICAgICAgICAgIChmb3JtYXQgcCAiIyEgfmEgLS1uby1hdXRvLWNvbXBpbGVc biIgZ3VpbGUgcCkKICAgICAgICAgICAgICAgKGZvcm1hdCBwICIhIwoodXNlLW1vZHVsZXMgKHNo ZXBoZXJkIHNlcnZpY2UpKQooZm9yaytleGVjLWNvbW1hbmQgKGxpc3QgfnMpICM6bG9nLWZpbGUg XCIvdG1wL2RhZW1vbi5sb2dcIikKKGxldCBsb29wICgoY291bnQgNSkpCiAgKHVubGVzcyAoemVy bz8gY291bnQpCiAgICAoZGlzcGxheSBcIi5cIikKICAgIChzbGVlcCAxKQogICAgKGxvb3AgKDEt IGNvdW50KSkpKQooZm9ybWF0ICN0IFwiXFxuZXhpdFxcblwiKQoiIGRhZW1vbikpKQogICAgICAg ICAgIChjaG1vZCB0ZXN0ICNvNzU1KQogICAgICAgICAgIChjYWxsLXdpdGgtb3V0cHV0LWZpbGUg ZGFlbW9uCiAgICAgICAgICAgICAobGFtYmRhIChwKQogICAgICAgICAgICAgICAoZm9ybWF0IHAg IiMhIH5hIC0tbm8tYXV0by1jb21waWxlXG4iIGd1aWxlIHApCiAgICAgICAgICAgICAgIChkaXNw bGF5ICIhIwooZm9ybWF0ICN0IFwiZGFlbW9uLXN0YXJ0XFxuXCIpCihsZXQgbG9vcCAoKGNvdW50 IDEwKSkKICAodW5sZXNzICh6ZXJvPyBjb3VudCkKICAgIChsZXQgKChjaGFyICh3aXRoLWlucHV0 LWZyb20tZmlsZSBcIi9kZXYvdXJhbmRvbVwiIHJlYWQtY2hhcikpKQogICAgICAoZm9ybWF0ICN0 IFwiZGFlbW9uOiB+YSB+YVxcblwiIGNvdW50IGNoYXIpCiAgICAgIChmb3JjZS1vdXRwdXQgKGN1 cnJlbnQtb3V0cHV0LXBvcnQpKQogICAgICAoY2FsbC13aXRoLW91dHB1dC1maWxlIFwiL2Rldi9u dWxsXCIKICAgICAgICAobGFtYmRhIChwKSAoZm9ybWF0IHAgXCJkYWVtb246IH5hIH5hXFxuXCIg Y291bnQgY2hhcikpKQogICAgICAoc2xlZXAgMSkKICAgICAgKGxvb3AgKDEtIGNvdW50KSkpKSkK KGZvcm1hdCAjdCBcIlxuZGFlbW9uLWV4aXRcXG5cIikKIiBwKSkpCiAgICAgICAgICAgKGNobW9k IGRhZW1vbiAjbzc1NSkpCiAgICAgICAgICN0KSkpCiAgICAoaG9tZS1wYWdlICJodHRwczovL2Rl enluZS5vcmciKQogICAgKHN5bm9wc2lzICJ2b3JrIikKICAgIChkZXNjcmlwdGlvbiAidm9yayIp CiAgICAobGljZW5zZSBncGwzKykpKQoKdm9yawoK --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Tue Oct 27 16:09:19 2020 Received: (at 44261) by debbugs.gnu.org; 27 Oct 2020 20:09:19 +0000 Received: from localhost ([127.0.0.1]:46001 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kXVHO-0006RP-Ow for submit@debbugs.gnu.org; Tue, 27 Oct 2020 16:09:19 -0400 Received: from eggs.gnu.org ([209.51.188.92]:57868) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kXVHN-0006RD-14 for 44261@debbugs.gnu.org; Tue, 27 Oct 2020 16:09:13 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:57684) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kXVHF-000222-QR; Tue, 27 Oct 2020 16:09:05 -0400 Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=55458 helo=dundal.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kXVHE-0008GW-Fb; Tue, 27 Oct 2020 16:09:05 -0400 From: Jan Nieuwenhuizen To: 44261@debbugs.gnu.org Subject: Re: bug#44261: running a daemon with userns in relocateble pack breaks Organization: AvatarAcademy.nl References: <87blgn30w0.fsf@gnu.org> X-Url: http://AvatarAcademy.nl Date: Tue, 27 Oct 2020 21:09:02 +0100 In-Reply-To: <87blgn30w0.fsf@gnu.org> (Jan Nieuwenhuizen's message of "Tue, 27 Oct 2020 20:49:19 +0100") Message-ID: <875z6v2zz5.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 44261 Cc: ludo@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Jan Nieuwenhuizen writes: Hi! I tried the hint from Ludovic to use MS_PRIVATE in the attached patch and that works for me; not sure if we want a test and even less sure how to write that... Janneke --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: inline; filename=0001-pack-Support-running-of-daemons-in-user-namespace-ba.patch Content-Transfer-Encoding: quoted-printable >From fd3104608c3fa6a2375b6c7df0862e5479976b39 Mon Sep 17 00:00:00 2001 From: "Jan (janneke) Nieuwenhuizen" Date: Tue, 27 Oct 2020 20:55:11 +0100 Subject: [PATCH] pack: Support running of daemons in user namespace-based relocation. MIME-Version: 1.0 Content-Type: text/plain; charset=3DUTF-8 Content-Transfer-Encoding: 8bit Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=3DUTF-8 Add relocation via ld.so and fakechroot. Fixes . * gnu/packages/aux-files/run-in-namespace.c (bind_mount): Add 'MS_PRIVATE' = to avoid unmounting the bind mount when parent process exits. Co-authored-by: Ludovic Court=C3=A8s --- gnu/packages/aux-files/run-in-namespace.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gnu/packages/aux-files/run-in-namespace.c b/gnu/packages/aux-f= iles/run-in-namespace.c index 52a16a5362..67cea4fcd5 100644 --- a/gnu/packages/aux-files/run-in-namespace.c +++ b/gnu/packages/aux-files/run-in-namespace.c @@ -1,5 +1,6 @@ /* GNU Guix --- Functional package management for GNU Copyright (C) 2018, 2019, 2020 Ludovic Court=C3=A8s + Copyright (C) 2020 Jan (janneke) Nieuwenhuizen =20 This file is part of GNU Guix. =20 @@ -138,7 +139,7 @@ bind_mount (const char *source, const struct dirent *en= try, close (open (target, O_WRONLY | O_CREAT)); =20 return mount (source, target, "none", - MS_BIND | MS_REC | MS_RDONLY, NULL); + MS_BIND | MS_PRIVATE | MS_REC | MS_RDONLY, NULL); } =20 #if HAVE_EXEC_WITH_LOADER --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Fri Oct 30 12:19:16 2020 Received: (at control) by debbugs.gnu.org; 30 Oct 2020 16:19:16 +0000 Received: from localhost ([127.0.0.1]:59456 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kYX7T-0006ig-KL for submit@debbugs.gnu.org; Fri, 30 Oct 2020 12:19:15 -0400 Received: from eggs.gnu.org ([209.51.188.92]:50548) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kYX7S-0006iM-Ip for control@debbugs.gnu.org; Fri, 30 Oct 2020 12:19:14 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:47687) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kYX7N-0008CA-Co for control@debbugs.gnu.org; Fri, 30 Oct 2020 12:19:09 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=54116 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kYX7M-00060Y-OQ for control@debbugs.gnu.org; Fri, 30 Oct 2020 12:19:09 -0400 Date: Fri, 30 Oct 2020 17:19:07 +0100 Message-Id: <87a6w3y9dw.fsf@gnu.org> To: control@debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: control message for bug #44261 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) severity 44261 important quit From debbugs-submit-bounces@debbugs.gnu.org Fri Oct 30 17:33:54 2020 Received: (at 44261) by debbugs.gnu.org; 30 Oct 2020 21:33:54 +0000 Received: from localhost ([127.0.0.1]:60003 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kYc1x-0002Bh-Sl for submit@debbugs.gnu.org; Fri, 30 Oct 2020 17:33:54 -0400 Received: from eggs.gnu.org ([209.51.188.92]:37496) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kYc1v-0002BU-Ns for 44261@debbugs.gnu.org; Fri, 30 Oct 2020 17:33:52 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:54943) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kYc1p-0007xF-3i; Fri, 30 Oct 2020 17:33:45 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=55656 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kYc1o-0000gr-J1; Fri, 30 Oct 2020 17:33:44 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Jan Nieuwenhuizen Subject: Re: bug#44261: running a daemon with userns in relocateble pack breaks References: <87blgn30w0.fsf@gnu.org> <875z6v2zz5.fsf@gnu.org> Date: Fri, 30 Oct 2020 22:33:42 +0100 In-Reply-To: <875z6v2zz5.fsf@gnu.org> (Jan Nieuwenhuizen's message of "Tue, 27 Oct 2020 21:09:02 +0100") Message-ID: <871rhfxutl.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 44261 Cc: 44261@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello! As discussed on IRC, my initial advice about MS_PRIVATE was misguided. The real issue is the =E2=80=9Crm_rf (new_root);=E2=80=9D call, which remov= es the root directory and thus leaves child processes (the daemon) with nothing. The attached patch adds a test loosely based on yours and a fix for that. The fix (for the =E2=80=9Cuserns=E2=80=9D engine) is to make NEW_ROO= T a tmpfs, such that upon completion, all we need to do is to unmount it and remove it; it lives on as the root file system of child processes. In the =E2=80=9Cfakechroot=E2=80=9D case, we have to leave NEW_ROOT behind,= which is not great but acceptable (it=E2=80=99s user-owned, #o700, and it=E2=80=99s unde= r /tmp). The test only checks the =E2=80=9Cuserns=E2=80=9D engine. If you confirm that it works for you and looks reasonable, we can apply it. Thanks, Ludo=E2=80=99. --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/gnu/packages/aux-files/run-in-namespace.c b/gnu/packages/aux-files/run-in-namespace.c index 52a16a5362..1d64ef9f44 100644 --- a/gnu/packages/aux-files/run-in-namespace.c +++ b/gnu/packages/aux-files/run-in-namespace.c @@ -41,6 +41,7 @@ #include #include #include +#include /* Whether we're building the ld.so/libfakechroot wrapper. */ #define HAVE_EXEC_WITH_LOADER \ @@ -258,11 +259,20 @@ exec_in_user_namespace (const char *store, int argc, char *argv[]) { /* Spawn @WRAPPED_PROGRAM@ in a separate namespace where STORE is bind-mounted in the right place. */ - int err; + int err, is_tmpfs; char *new_root = mkdtemp (strdup ("/tmp/guix-exec-XXXXXX")); char *new_store = concat (new_root, original_store); char *cwd = get_current_dir_name (); + /* Become the new parent of grand-children when their parent dies. */ + prctl (PR_SET_CHILD_SUBREAPER, 1); + + /* Optionally, make NEW_ROOT a tmpfs. That way, if we have to leave it + behind because there are sub-processes still running when this wrapper + exits, it's OK. */ + err = mount ("none", new_root, "tmpfs", 0, NULL); + is_tmpfs = (err == 0); + /* Create a child with separate namespaces and set up bind-mounts from there. That way, bind-mounts automatically disappear when the child exits, which simplifies cleanup for the parent. Note: clone is more @@ -300,6 +310,7 @@ exec_in_user_namespace (const char *store, int argc, char *argv[]) /* Failure: user namespaces not supported. */ fprintf (stderr, "%s: error: 'clone' failed: %m\n", argv[0]); rm_rf (new_root); + free (new_root); break; default: @@ -312,10 +323,27 @@ exec_in_user_namespace (const char *store, int argc, char *argv[]) write_id_map (child, "uid_map", getuid ()); write_id_map (child, "gid_map", getgid ()); - int status; + int status, status_other; waitpid (child, &status, 0); - chdir ("/"); /* avoid EBUSY */ - rm_rf (new_root); + + if (is_tmpfs) + { + /* NEW_ROOT lives on in child processes and we no longer need it + to exist as an empty directory in the global namespace. */ + umount (new_root); + rmdir (new_root); + } + /* Check whether there are child processes left. If there are none, + we can remove NEW_ROOT just fine. Conversely, if there are + processes left (for example because this wrapper's child forked), + we have to leave NEW_ROOT behind so that those processes can still + access their root file system (XXX). */ + else if (waitpid (-1 , &status_other, WNOHANG) == -1) + { + chdir ("/"); /* avoid EBUSY */ + rm_rf (new_root); + } + free (new_root); if (WIFEXITED (status)) @@ -490,6 +518,9 @@ exec_with_loader (const char *store, int argc, char *argv[]) setenv ("FAKECHROOT_BASE", new_root, 1); + /* Become the new parent of grand-children when their parent dies. */ + prctl (PR_SET_CHILD_SUBREAPER, 1); + pid_t child = fork (); switch (child) { @@ -507,11 +538,18 @@ exec_with_loader (const char *store, int argc, char *argv[]) default: { - int status; + int status, status_other; waitpid (child, &status, 0); - chdir ("/"); /* avoid EBUSY */ - rm_rf (new_root); - free (new_root); + + /* If there are child processes still running, leave NEW_ROOT around + so they can still access it. XXX: In that case NEW_ROOT is left + behind. */ + if (waitpid (-1 , &status_other, WNOHANG) == -1) + { + chdir ("/"); /* avoid EBUSY */ + rm_rf (new_root); + free (new_root); + } close (2); /* flushing stderr should be silent */ diff --git a/tests/guix-pack-relocatable.sh b/tests/guix-pack-relocatable.sh index a960ecd209..88cbe63b59 100644 --- a/tests/guix-pack-relocatable.sh +++ b/tests/guix-pack-relocatable.sh @@ -58,6 +58,19 @@ run_without_store () fi } +# Wait for the given file to show up. Error out if it doesn't show up in a +# timely fashion. +wait_for_file () +{ + i=0 + while ! test -f "$1" && test $i -lt 20 + do + sleep 0.3 + i=`expr $i + 1` + done + test -f "$1" +} + test_directory="`mktemp -d`" export test_directory trap 'chmod -Rf +w "$test_directory"; rm -rf "$test_directory"' EXIT @@ -129,6 +142,65 @@ case "`uname -m`" in ;; esac +if unshare -r true +then + # Check what happens if the wrapped binary forks and leaves child + # processes behind, like a daemon. The root file system should remain + # available to those child processes. See . + cat > "$test_directory/manifest.scm" <) id 1kYcWO-0002yU-0e for submit@debbugs.gnu.org; Fri, 30 Oct 2020 18:05:20 -0400 Received: from eggs.gnu.org ([209.51.188.92]:42218) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kYcWM-0002yF-OU for 44261@debbugs.gnu.org; Fri, 30 Oct 2020 18:05:19 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:55268) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kYcWF-0003Ti-Vt; Fri, 30 Oct 2020 18:05:12 -0400 Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=59316 helo=dundal.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kYcWF-0002uh-D7; Fri, 30 Oct 2020 18:05:11 -0400 From: Jan Nieuwenhuizen To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#44261: running a daemon with userns in relocateble pack breaks Organization: AvatarAcademy.nl References: <87blgn30w0.fsf@gnu.org> <875z6v2zz5.fsf@gnu.org> <871rhfxutl.fsf@gnu.org> X-Url: http://AvatarAcademy.nl Date: Fri, 30 Oct 2020 23:05:08 +0100 In-Reply-To: <871rhfxutl.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Fri, 30 Oct 2020 22:33:42 +0100") Message-ID: <877dr7s73f.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 44261 Cc: 44261@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Ludovic Court=C3=A8s writes: Hi! > As discussed on IRC, my initial advice about MS_PRIVATE was misguided. > The real issue is the =E2=80=9Crm_rf (new_root);=E2=80=9D call, which rem= oves the root > directory and thus leaves child processes (the daemon) with nothing. Yes, I'm not entirely sure what I thought to see yesterday; anyway the rm_rf (new_root) is indeed the thing that makes the daemon crash. > The attached patch adds a test loosely based on yours and a fix for > that. The fix (for the =E2=80=9Cuserns=E2=80=9D engine) is to make NEW_R= OOT a tmpfs, > such that upon completion, all we need to do is to unmount it and remove > it; it lives on as the root file system of child processes. > > In the =E2=80=9Cfakechroot=E2=80=9D case, we have to leave NEW_ROOT behin= d, which is not > great but acceptable (it=E2=80=99s user-owned, #o700, and it=E2=80=99s un= der /tmp). The > test only checks the =E2=80=9Cuserns=E2=80=9D engine. Yes, I think this is acceptable. > If you confirm that it works for you and looks reasonable, we can apply > it. Yes, this works. The test and also my reproducer now work fine. Thanks a lot! Janneke --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com From debbugs-submit-bounces@debbugs.gnu.org Sat Oct 31 18:19:57 2020 Received: (at 44261-done) by debbugs.gnu.org; 31 Oct 2020 22:19:57 +0000 Received: from localhost ([127.0.0.1]:34840 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kYzE5-0006T8-0Q for submit@debbugs.gnu.org; Sat, 31 Oct 2020 18:19:57 -0400 Received: from eggs.gnu.org ([209.51.188.92]:48868) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kYzE4-0006Sv-2J for 44261-done@debbugs.gnu.org; Sat, 31 Oct 2020 18:19:56 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:44833) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kYzDy-0004UN-RO; Sat, 31 Oct 2020 18:19:50 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=46358 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kYzDy-0006JL-8M; Sat, 31 Oct 2020 18:19:50 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Jan Nieuwenhuizen Subject: Re: bug#44261: running a daemon with userns in relocateble pack breaks References: <87blgn30w0.fsf@gnu.org> <875z6v2zz5.fsf@gnu.org> <871rhfxutl.fsf@gnu.org> <877dr7s73f.fsf@gnu.org> Date: Sat, 31 Oct 2020 23:19:49 +0100 In-Reply-To: <877dr7s73f.fsf@gnu.org> (Jan Nieuwenhuizen's message of "Fri, 30 Oct 2020 23:05:08 +0100") Message-ID: <87blgirqbe.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 44261-done Cc: 44261-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Jan Nieuwenhuizen skribis: > Ludovic Court=C3=A8s writes: [...] >> The attached patch adds a test loosely based on yours and a fix for >> that. The fix (for the =E2=80=9Cuserns=E2=80=9D engine) is to make NEW_= ROOT a tmpfs, >> such that upon completion, all we need to do is to unmount it and remove >> it; it lives on as the root file system of child processes. >> >> In the =E2=80=9Cfakechroot=E2=80=9D case, we have to leave NEW_ROOT behi= nd, which is not >> great but acceptable (it=E2=80=99s user-owned, #o700, and it=E2=80=99s u= nder /tmp). The >> test only checks the =E2=80=9Cuserns=E2=80=9D engine. > > Yes, I think this is acceptable. > >> If you confirm that it works for you and looks reasonable, we can apply >> it. > > Yes, this works. The test and also my reproducer now work fine. Thanks for checking, I pushed the fix as bfe82fe2f6e9f34c0774fe2114cdc7e937ba8bd2. Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 01 01:07:59 2020 Received: (at 44261-done) by debbugs.gnu.org; 1 Nov 2020 06:07:59 +0000 Received: from localhost ([127.0.0.1]:35481 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kZ6X1-00064w-1k for submit@debbugs.gnu.org; Sun, 01 Nov 2020 01:07:59 -0500 Received: from eggs.gnu.org ([209.51.188.92]:56474) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kZ6Wy-00064i-5Q for 44261-done@debbugs.gnu.org; Sun, 01 Nov 2020 01:07:57 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:50323) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kZ6Wr-0005jM-Em; Sun, 01 Nov 2020 01:07:49 -0500 Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=59368 helo=dundal.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kZ6Wr-0005z0-12; Sun, 01 Nov 2020 01:07:49 -0500 From: Jan Nieuwenhuizen To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#44261: running a daemon with userns in relocateble pack breaks Organization: AvatarAcademy.nl References: <87blgn30w0.fsf@gnu.org> <875z6v2zz5.fsf@gnu.org> <871rhfxutl.fsf@gnu.org> <877dr7s73f.fsf@gnu.org> <87blgirqbe.fsf@gnu.org> X-Url: http://AvatarAcademy.nl Date: Sun, 01 Nov 2020 07:07:47 +0100 In-Reply-To: <87blgirqbe.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Sat, 31 Oct 2020 23:19:49 +0100") Message-ID: <87pn4x8v9o.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 44261-done Cc: 44261-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Ludovic Court=C3=A8s writes: Hello, > Jan Nieuwenhuizen skribis: > >> Ludovic Court=C3=A8s writes: > > [...] > >>> If you confirm that it works for you and looks reasonable, we can apply >>> it. >> >> Yes, this works. The test and also my reproducer now work fine. > > Thanks for checking, I pushed the fix as > bfe82fe2f6e9f34c0774fe2114cdc7e937ba8bd2. \o/ Thank you Janneke. --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com From unknown Sat Jun 21 03:28:21 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sun, 29 Nov 2020 12:24:06 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator