-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Running apt #6
Comments
The issue seems to have to do with our use of |
With branch https://github.com/binpash/try/tree/gid-mapping
The above error is caused by the user
|
Will mapping all users resolve this? |
Mapping all user fixed some of the issue, now the issue is the _apt user not being able to make tempfiles. See above message |
Is this because we haven't mounted a |
On Sat Jun 24, 2023 at 10:09 PM EDT, Michael Greenberg wrote:
Is this because we haven't mounted a `tmpfs` in `/tmp`?
`/tmp` is mounted just like a noraml fs, running mktemp as _apt throws eaccess.
Running `mktemp` as normal `eric` user works, but running `sudo -u eric`
or as _apt does not work.
```console
***@***.***:~/try$ mktemp
/tmp/tmp.9KnCxNx7iK
***@***.***:~/try$ sudo ./try strace -f -o mktemp sudo -u eric mktemp
mktemp: failed to create file via template ‘/tmp/tmp.XXXXXXXXXX’: Permission denied
Changes detected in the following files:
/tmp/tmp.8SL44ImJ3P/upperdir/root/.sudo_as_admin_successful (modified/added)
/tmp/tmp.8SL44ImJ3P/upperdir/home/eric/try/mktemp (modified/added)
Commit these changes? [y/N] y
***@***.***:~/try$ cat mktemp | grep EACCES
58 openat(AT_FDCWD, "/tmp/tmp.z0u1GvrT08", O_RDWR|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
***@***.***:~/try$
```
Something that's strange tho, is that `/tmp` is 755, I should not be
able to write to it as user outside of unshare.
`drwxrwxrwt 45 root root 12K Jun 24 22:26 tmp`
```console
openat(AT_FDCWD, "/tmp/tmp.SHplMFbzMS", O_RDWR|O_CREAT|O_EXCL, 0600) = 3
```
`/tmp` is not any mount, just a dir in my ext4 root fs.
|
Right: it's got the sticky bit. Maybe our overlaid `/tmp` is somehow losing it?
…On 2023-06-24 at 07:28:21 PM, Tianyu (Eric) Zhu wrote:
On Sat Jun 24, 2023 at 10:09 PM EDT, Michael Greenberg wrote:
> Is this because we haven't mounted a `tmpfs` in `/tmp`?
`/tmp` is mounted just like a noraml fs, running mktemp as _apt throws eaccess.
Running `mktemp` as normal `eric` user works, but running `sudo -u eric`
or as _apt does not work.
```console
***@***.***:~/try$ mktemp
/tmp/tmp.9KnCxNx7iK
***@***.***:~/try$ sudo ./try strace -f -o mktemp sudo -u eric mktemp
mktemp: failed to create file via template ‘/tmp/tmp.XXXXXXXXXX’: Permission denied
Changes detected in the following files:
/tmp/tmp.8SL44ImJ3P/upperdir/root/.sudo_as_admin_successful (modified/added)
/tmp/tmp.8SL44ImJ3P/upperdir/home/eric/try/mktemp (modified/added)
Commit these changes? [y/N] y
***@***.***:~/try$ cat mktemp | grep EACCES
58 openat(AT_FDCWD, "/tmp/tmp.z0u1GvrT08", O_RDWR|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
***@***.***:~/try$
```
Something that's strange tho, is that `/tmp` is 755, I should not be
able to write to it as user outside of unshare.
`drwxrwxrwt 45 root root 12K Jun 24 22:26 tmp`
```console
openat(AT_FDCWD, "/tmp/tmp.SHplMFbzMS", O_RDWR|O_CREAT|O_EXCL, 0600) = 3
```
`/tmp` is not any mount, just a dir in my ext4 root fs.
--
Reply to this email directly or view it on GitHub:
#6 (comment)
You are receiving this because you commented.
Message ID: ***@***.***>
|
Can confirm our overlaid
|
Manually adding the sticky bit via Perhaps it is something else in the kernel that is allowing non-root user to write to |
Ah: the perms are wrong in general. We're losing not only the sticky bit, but the g/a writeable bits! |
On Sun Jun 25, 2023 at 7:21 PM EDT, Michael Greenberg wrote:
Ah: the perms are wrong in general. We're losing not only the sticky bit, but the g/a writeable bits!
Oh wow I am blind, yeah.
|
Currently
try
with apt install fails both with sudo in and out of the try:The text was updated successfully, but these errors were encountered: