all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* bug#35662: Really relocatable binaries crash with Permission denied
@ 2019-05-09 22:01 pelzflorian (Florian Pelz)
  2019-05-10  5:54 ` pelzflorian (Florian Pelz)
  2019-05-10 21:50 ` Ludovic Courtès
  0 siblings, 2 replies; 17+ messages in thread
From: pelzflorian (Florian Pelz) @ 2019-05-09 22:01 UTC (permalink / raw)
  To: 35662

The manual gives the following example of guix pack -RR:

      guix pack -RR -S /mybin=bin bash
      tar xf pack.tar.gz
      ./mybin/sh

This fails on my university’s server for students which uses Linux
container “VMs” with Ubuntu and has no user namespace support and Guix
is not installed.  This single line is all output:

$ ./mybin/sh
sh: run.c:162: bind_mount: Unexpected error: Permission denied.

Note that

PROOT_NO_SECCOMP=1 ~/gnu/store/iyd2ikxadcp89j5919pwja6swnx00493-proot-static-5.1.0/bin/proot -w $(pwd | sed 's/${HOME}//') -r ${HOME} -b /proc /mybin/sh

works just fine (inspired by
<https://guix-hpc.bordeaux.inria.fr/blog/2017/10/using-guix-without-being-root/>).

For testing purposes, I compile the wrapper
gnu/packages/aux-files/run-in-namespace.c:

sed -i 's|@STORE_DIRECTORY@|/gnu/store|g' run-in-namespace.c
sed -i 's|@WRAPPED_PROGRAM@|/mybin/sh|g' run-in-namespace.c
gcc -std=gnu99 -static -O0 -g -Wall run-in-namespace.c
scp run-in-namespace.c a.out … # upload it to the university server
ssh …
gdb a.out
[…]
(gdb) break main
Breakpoint 1 at 0x401ea1: file run-in-namespace.c, line 260.
(gdb) run
Starting program: /home/f_pelz12/a.out 

Breakpoint 1, main (argc=1, argv=0x7fffffffe818) at run-in-namespace.c:260
260	  size = readlink ("/proc/self/exe", self, sizeof self - 1);
(gdb) next
261	  assert (size > 0);
(gdb) 
265	  size_t index = strlen (self)
(gdb) 
268	  char *store = strdup (self);
(gdb) 
269	  store[index] = '\0';
(gdb) 
277	  if (strcmp (store, "/gnu/store") != 0
(gdb) 
278	      && lstat ("/mybin/sh", &statbuf) != 0)
(gdb) 
283	      char *new_root = mkdtemp (strdup ("/tmp/guix-exec-XXXXXX"));
(gdb) 
284	      char *new_store = concat (new_root, "/gnu/store");
(gdb) 
285	      char *cwd = get_current_dir_name ();
(gdb) 
292	      pid_t child = syscall (SYS_clone, SIGCHLD | CLONE_NEWNS | CLONE_NEWUSER,
(gdb) 
[Detaching after fork from child process 12748]
294	      switch (child)
(gdb) a.out: run-in-namespace.c:162: bind_mount: Unexpected error: Permission denied.

337		    disallow_setgroups (child);
(gdb) 
a.out: run-in-namespace.c:205: disallow_setgroups: Unexpected error: Permission denied.

Program received signal SIGABRT, Aborted.
0x000000000040796f in raise ()

I do not know how to break into the detached child’s bind_mount call,
so I am unable to give details on this bind_mount error (I do not know
if the bind_mount really is the cause of the crash; it is futile
anyway and the binary should just try proot after all and not crash
before).  A breakpoint from `break bind_mount` is ignored.  Can I get
more information out of this somehow?

For completeness:
$ uname -a
Linux tux6 4.15.18-14-pve #1 SMP PVE 4.15.18-38 (Tue, 30 Apr 2019 10:51:33 +0200) x86_64 x86_64 x86_64 GNU/Linux

Regards,
Florian

^ permalink raw reply	[flat|nested] 17+ messages in thread

end of thread, other threads:[~2019-05-16 11:23 UTC | newest]

Thread overview: 17+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-05-09 22:01 bug#35662: Really relocatable binaries crash with Permission denied pelzflorian (Florian Pelz)
2019-05-10  5:54 ` pelzflorian (Florian Pelz)
2019-05-10 21:50 ` Ludovic Courtès
2019-05-11  5:05   ` pelzflorian (Florian Pelz)
2019-05-13  7:49     ` Ludovic Courtès
2019-05-13 10:34       ` pelzflorian (Florian Pelz)
2019-05-13 13:54         ` Ludovic Courtès
2019-05-13 15:17           ` pelzflorian (Florian Pelz)
2019-05-13 20:39             ` Ludovic Courtès
2019-05-13 20:45               ` pelzflorian (Florian Pelz)
2019-05-14  8:05                 ` pelzflorian (Florian Pelz)
2019-05-14 20:43                   ` Ludovic Courtès
2019-05-14 21:04                     ` pelzflorian (Florian Pelz)
2019-05-15 16:15                       ` Ludovic Courtès
2019-05-15 15:20                     ` Giovanni Biscuolo
2019-05-16 11:02                       ` pelzflorian (Florian Pelz)
2019-05-16 11:10                         ` Ludovic Courtès

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.