From mboxrd@z Thu Jan  1 00:00:00 1970
From: "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de>
Subject: bug#35662: Really relocatable binaries crash with Permission denied
Date: Fri, 10 May 2019 00:01:36 +0200
Message-ID: <20190509220136.tli7um2heocifrpq@pelzflorian.localdomain>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([209.51.188.92]:57550)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hOr85-0001TE-6W
	for bug-guix@gnu.org; Thu, 09 May 2019 18:03:08 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hOr83-0002yT-91
	for bug-guix@gnu.org; Thu, 09 May 2019 18:03:05 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:51326)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1hOr82-0002y2-QF
	for bug-guix@gnu.org; Thu, 09 May 2019 18:03:03 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hOr82-0002iY-Ly
	for bug-guix@gnu.org; Thu, 09 May 2019 18:03:02 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.35662.B.155743933010379@debbugs.gnu.org>
Received: from eggs.gnu.org ([209.51.188.92]:57335)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pelzflorian@pelzflorian.de>) id 1hOr73-0001K9-Bj
	for bug-guix@gnu.org; Thu, 09 May 2019 18:02:02 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pelzflorian@pelzflorian.de>) id 1hOr72-0001pd-3V
	for bug-guix@gnu.org; Thu, 09 May 2019 18:02:01 -0400
Received: from pelzflorian.de ([5.45.111.108]:34238 helo=mail.pelzflorian.de)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <pelzflorian@pelzflorian.de>)
	id 1hOr71-0001lR-HO
	for bug-guix@gnu.org; Thu, 09 May 2019 18:02:00 -0400
Received: from pelzflorian.localdomain (unknown [5.45.111.108])
	by mail.pelzflorian.de (Postfix) with ESMTPSA id 86B96360038
	for <bug-guix@gnu.org>; Fri, 10 May 2019 00:01:36 +0200 (CEST)
Content-Disposition: inline
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: 35662@debbugs.gnu.org

The manual gives the following example of guix pack -RR:

      guix pack -RR -S /mybin=3Dbin bash
      tar xf pack.tar.gz
      ./mybin/sh

This fails on my university=E2=80=99s server for students which uses Linu=
x
container =E2=80=9CVMs=E2=80=9D with Ubuntu and has no user namespace sup=
port and Guix
is not installed.  This single line is all output:

$ ./mybin/sh
sh: run.c:162: bind_mount: Unexpected error: Permission denied.

Note that

PROOT_NO_SECCOMP=3D1 ~/gnu/store/iyd2ikxadcp89j5919pwja6swnx00493-proot-s=
tatic-5.1.0/bin/proot -w $(pwd | sed 's/${HOME}//') -r ${HOME} -b /proc /=
mybin/sh

works just fine (inspired by
<https://guix-hpc.bordeaux.inria.fr/blog/2017/10/using-guix-without-being=
-root/>).

For testing purposes, I compile the wrapper
gnu/packages/aux-files/run-in-namespace.c:

sed -i 's|@STORE_DIRECTORY@|/gnu/store|g' run-in-namespace.c
sed -i 's|@WRAPPED_PROGRAM@|/mybin/sh|g' run-in-namespace.c
gcc -std=3Dgnu99 -static -O0 -g -Wall run-in-namespace.c
scp run-in-namespace.c a.out =E2=80=A6 # upload it to the university serv=
er
ssh =E2=80=A6
gdb a.out
[=E2=80=A6]
(gdb) break main
Breakpoint 1 at 0x401ea1: file run-in-namespace.c, line 260.
(gdb) run
Starting program: /home/f_pelz12/a.out=20

Breakpoint 1, main (argc=3D1, argv=3D0x7fffffffe818) at run-in-namespace.=
c:260
260	  size =3D readlink ("/proc/self/exe", self, sizeof self - 1);
(gdb) next
261	  assert (size > 0);
(gdb)=20
265	  size_t index =3D strlen (self)
(gdb)=20
268	  char *store =3D strdup (self);
(gdb)=20
269	  store[index] =3D '\0';
(gdb)=20
277	  if (strcmp (store, "/gnu/store") !=3D 0
(gdb)=20
278	      && lstat ("/mybin/sh", &statbuf) !=3D 0)
(gdb)=20
283	      char *new_root =3D mkdtemp (strdup ("/tmp/guix-exec-XXXXXX"));
(gdb)=20
284	      char *new_store =3D concat (new_root, "/gnu/store");
(gdb)=20
285	      char *cwd =3D get_current_dir_name ();
(gdb)=20
292	      pid_t child =3D syscall (SYS_clone, SIGCHLD | CLONE_NEWNS | CLO=
NE_NEWUSER,
(gdb)=20
[Detaching after fork from child process 12748]
294	      switch (child)
(gdb) a.out: run-in-namespace.c:162: bind_mount: Unexpected error: Permis=
sion denied.

337		    disallow_setgroups (child);
(gdb)=20
a.out: run-in-namespace.c:205: disallow_setgroups: Unexpected error: Perm=
ission denied.

Program received signal SIGABRT, Aborted.
0x000000000040796f in raise ()

I do not know how to break into the detached child=E2=80=99s bind_mount c=
all,
so I am unable to give details on this bind_mount error (I do not know
if the bind_mount really is the cause of the crash; it is futile
anyway and the binary should just try proot after all and not crash
before).  A breakpoint from `break bind_mount` is ignored.  Can I get
more information out of this somehow?

For completeness:
$ uname -a
Linux tux6 4.15.18-14-pve #1 SMP PVE 4.15.18-38 (Tue, 30 Apr 2019 10:51:3=
3 +0200) x86_64 x86_64 x86_64 GNU/Linux

Regards,
Florian