From: "Noé Lopez via Guix-patches via" <guix-patches@gnu.org>
To: 73842@debbugs.gnu.org
Cc: "Josselin Poiret" <dev@jpoiret.xyz>,
"Maxim Cournoyer" <maxim.cournoyer@gmail.com>,
"Simon Tournier" <zimon.toutoune@gmail.com>,
"Mathieu Othacehe" <othacehe@gnu.org>,
"Noé Lopez" <noelopez@free.fr>,
"Tobias Geerinckx-Rice" <me@tobias.gr>,
pelzflorian <pelzflorian@pelzflorian.de>,
"Sebastian Dümcke" <code@sam-d.com>,
"Christopher Baines" <guix@cbaines.net>
Subject: [bug#73842] [Noé Lopez] Re: [bug#73842] [PATCH v5 2/3] pack: Add support for AppImage pack format.
Date: Sun, 17 Nov 2024 17:25:53 +0100 [thread overview]
Message-ID: <87mshxq12m.fsf@xn--no-cja.eu> (raw)
In-Reply-To: <da8f8eca32729bf35117107993b83359267e5638.1729115489.git.noelopez@free.fr>
Forwarding here since I replied instead of replied to all :/
-------------------- Start of forwarded message --------------------
From: Noé Lopez <noe@xn--no-cja.eu>
To: Ludovic Courtès <ludo@gnu.org>
Subject: Re: [bug#73842] [PATCH v5 2/3] pack: Add support for AppImage pack
format.
Date: Sun, 17 Nov 2024 17:20:48 +0100
Hi Ludovic,
Ludovic Courtès <ludo@gnu.org> writes:
> Hello Noé,
>
> The patch series LGTM, and tests pass: we’re all set!
>
Great! Thanks a lot for the time you spent reviewing.
> But… one thing I noticed when trying it out is that the resulting
> AppImage would fail to run on relatively bare-bones non-Guix systems:
>
> --8<---------------cut here---------------start------------->8---
> $ ./2i2l6irl2n8q24aimfmidvlglllc4s8z-hello-appimage-pack.AppImage
> fuse: failed to exec fusermount3: No such file or directory
>
> Cannot mount AppImage, please check your FUSE setup.
> You might still be able to extract the contents of this AppImage
> if you run it with the --appimage-extract option.
> See https://github.com/AppImage/AppImageKit/wiki/FUSE
> for more information
> open dir error: No such file or directory
> --8<---------------cut here---------------end--------------->8---
>
> I wonder if there’s something that can be done on our side about it or
> if it’s a limitation of the approach (I expect the latter: ‘fusermount’
> has to be available and setuid root), in which case we could just add a
> warning in the manual.
>
> WDYT?
This is an expected error from the AppImage runtime, as said in the
output the runtime depends on FUSE 3 to mount the AppImage.
The AppImage can still be ran using --appimage-extract-and-run, which I
believe we noted in the documentation:
>The runtime used by AppImages makes use of libfuse to mount the image
>quickly. If libfuse is not available, the AppImage can still be started
>using the @option{--appimage-extract-and-run} flag.
As for things that can be done from our side, we could change runtime to
one that uses other technologies just like supported by “-RR”.
>
> Interestingly, it works on my Guix System laptop, except if I strace it:
>
> --8<---------------cut here---------------start------------->8---
> $ /gnu/store/2i2l6irl2n8q24aimfmidvlglllc4s8z-hello-appimage-pack.AppImage
> Hello, world!
> $ strace -f -o /tmp/log.strace -s 500 /gnu/store/2i2l6irl2n8q24aimfmidvlglllc4s8z-hello-appimage-pack.AppImage
> fusermount3: mount failed: Operation not permitted
>
> Cannot mount AppImage, please check your FUSE setup.
> You might still be able to extract the contents of this AppImage
> if you run it with the --appimage-extract option.
> See https://github.com/AppImage/AppImageKit/wiki/FUSE
> for more information
> open dir error: No such file or directory
> $ grep 'mount(' /tmp/log.strace
> 17569 mount("2i2l6irl2n8q24aimfmidvlglllc4s8z-hello-appimage-pack.AppImage", "/tmp/.mount_2i2l6iLZ8WYZ", "fuse.2i2l6irl2n8q24aimfmidvlglllc4s8z-hello-appimage-pack.AppImage", MS_RDONLY|MS_NOSUID|MS_NODEV, "fd=5,rootmode=40000,user_id=1000,group_id=998") = -1 EPERM (Operation not permitted)
> 17570 mount("2i2l6irl2n8q24aimfmidvlglllc4s8z-hello-appimage-pack.AppImage", ".", "fuse.2i2l6irl2n8q24aimfmidvlglllc4s8z-hello-appimage-pack.AppImage", MS_RDONLY|MS_NOSUID|MS_NODEV, "fd=6,rootmode=40000,user_id=1000,group_id=998") = -1 EPERM (Operation not permitted)
> 17571 mount("/dev/fuse", ".", "fuse", MS_RDONLY|MS_NOSUID|MS_NODEV, "fd=6,rootmode=40000,user_id=1000,group_id=998") = -1 EPERM (Operation not permitted)
> --8<---------------cut here---------------end--------------->8---
>
> Ludo’.
I’m pretty sure a process attached with ptrace can’t exec SUID programs,
for security reasons (ptrace allows you to change the code of the
attached program so its a privilege escalation).
I think you can run it with “sudo -E strace -f -o /tmp/log.strace -s 500
/gnu/store/2i2l6irl2n8q24aimfmidvlglllc4s8z-hello-appimage-pack.AppImage”.
Have a nice day,
Noé
-------------------- End of forwarded message --------------------
next prev parent reply other threads:[~2024-11-17 16:28 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <87ttc5q1b3.fsf@xn--no-cja.eu>
2024-10-16 21:51 ` [bug#73842] [PATCH] pack: Add support for AppImage pack format Noé Lopez
2024-10-18 12:20 ` Ludovic Courtès
2024-10-18 12:22 ` Ludovic Courtès
2024-10-18 20:34 ` Ludovic Courtès
2024-10-26 17:28 ` [bug#73842] [PATCH v2 0/3] " Noé Lopez
2024-10-26 17:28 ` [bug#73842] [PATCH v2 1/3] gnu: appimage: New packages for the appimage runtime Noé Lopez
2024-11-01 13:24 ` Maxim Cournoyer
2024-10-26 17:28 ` [bug#73842] [PATCH v2 2/3] pack: Add support for AppImage pack format Noé Lopez
2024-11-01 13:19 ` Maxim Cournoyer
2024-11-01 15:22 ` Noé Lopez via Guix-patches via
2024-10-26 17:28 ` [bug#73842] [PATCH v2 3/3] news: Add entry for guix pack’s AppImage format Noé Lopez
2024-10-27 13:38 ` pelzflorian (Florian Pelz)
2024-11-01 13:27 ` Maxim Cournoyer
2024-11-03 22:37 ` [bug#73842] [PATCH v4 0/3] pack: Add support for AppImage pack format Noé Lopez via Guix-patches via
2024-11-03 22:37 ` [bug#73842] [PATCH v4 1/3] gnu: appimage: New packages for the appimage runtime Noé Lopez via Guix-patches via
2024-11-05 14:22 ` Ludovic Courtès
2024-11-03 22:37 ` [bug#73842] [PATCH v4 2/3] pack: Add support for AppImage pack format Noé Lopez via Guix-patches via
2024-11-05 14:27 ` Ludovic Courtès
2024-11-03 22:37 ` [bug#73842] [PATCH v4 3/3] news: Add entry for guix pack’s AppImage format Noé Lopez via Guix-patches via
2024-11-05 14:28 ` Ludovic Courtès
2024-11-07 16:50 ` [bug#73842] [PATCH v5 1/3] gnu: appimage: New packages for the appimage runtime Noé Lopez via Guix-patches via
2024-11-07 16:50 ` [bug#73842] [PATCH v5 2/3] pack: Add support for AppImage pack format Noé Lopez via Guix-patches via
2024-11-15 17:02 ` Ludovic Courtès
2024-11-07 16:50 ` [bug#73842] [PATCH v5 3/3] news: Add entry for guix pack’s AppImage format Noé Lopez via Guix-patches via
2024-11-17 16:25 ` Noé Lopez via Guix-patches via [this message]
2024-11-20 12:05 ` [bug#73842] [PATCH v5 2/3] pack: Add support for AppImage pack format Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87mshxq12m.fsf@xn--no-cja.eu \
--to=guix-patches@gnu.org \
--cc=73842@debbugs.gnu.org \
--cc=code@sam-d.com \
--cc=dev@jpoiret.xyz \
--cc=guix@cbaines.net \
--cc=maxim.cournoyer@gmail.com \
--cc=me@tobias.gr \
--cc=noe@xn--no-cja.eu \
--cc=noelopez@free.fr \
--cc=othacehe@gnu.org \
--cc=pelzflorian@pelzflorian.de \
--cc=zimon.toutoune@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).