Confirmed. This also causes problems if you try to use aufs to create a sandbox directory for LTSP guest users, like this:
http://kristianlyng.wordpress.com/2010/03/19/a-sandboxed-home-directory/ This fails because xauth can't remove and replace the .Xauthority file when you log in graphically. sshd tells xauth to remove the existing cookie and create a new one. xauth creates .Xauthority-n, tries to remove .Xauthority (which fails), and then tries to hardlink .Xauthority to .Xauthority-n (which fails because .Xauthority still exists): [pid 1150] send(10, "<39>Dec 7 16:34:12 sshd[1150]: debug1: Forked child 10969.", 59, MSG_NOSIGNAL <unfinished ...> [pid 10969] execve("/usr/sbin/sshd", ["/usr/sbin/sshd", "-R"], [/* 5 vars */]) = 0 [pid 10969] clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb771cb48) = 11031 Process 11031 attached [pid 10969] send(4, "<38>Dec 7 16:34:20 sshd[10969]: User child is on pid 11031", 59, MSG_NOSIGNAL) = 59 [pid 11031] clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb771cb48) = 11032 Process 11032 attached [pid 11032] clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb771cb48) = 11033 Process 11033 attached [pid 11033] execve("/bin/sh", ["sh", "-c", "/usr/bin/xauth -q -"], [/* 13 vars */] <unfinished ...> [pid 11032] write(4, "remove unix:38.0\nadd unix:38.0 MIT-MAGIC-COOKIE-1 9296d13c776bd89c10fe65673f3088e5\n", 83 <unfinished ...> [pid 11033] clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7880938) = 11034 Process 11034 attached [pid 11034] execve("/usr/bin/xauth", ["/usr/bin/xauth", "-q", "-"], [/* 14 vars */]) = 0 [pid 11034] open("/home/guest_091221/.Xauthority", O_RDONLY) = 3 [pid 11034] close(3) = 0 [pid 11034] read(0, "remove unix:38.0\nadd unix:38.0 MIT-MAGIC-COOKIE-1 9296d13c776bd89c10fe65673f3088e5\n", 4096) = 83 [pid 11034] unlink("/home/guest_091221/.Xauthority") = -1 EPERM (Operation not permitted) [pid 11034] link("/home/guest_091221/.Xauthority-n", "/home/guest_091221/.Xauthority") = -1 EEXIST (File exists) [pid 11034] write(2, "/usr/bin/xauth: unable to link authority file /home/guest_091221/.Xauthority, use /home/guest_091221/.Xauthority-n\n", 116) = 116 Here's how to reproduce it without sshd and xauth: mana...@zambiaserver2:~$ mkdir base mana...@zambiaserver2:~$ touch base/.Xauthority mana...@zambiaserver2:~$ mkdir tmp mana...@zambiaserver2:~$ sudo mount -t tmpfs none tmp mana...@zambiaserver2:~$ mkdir aufs mana...@zambiaserver2:~$ sudo mount -t aufs -o dirs=tmp=rw:base=ro none aufs mana...@zambiaserver2:~$ ls -la aufs total 4 drwxrwxrwt 4 root root 100 2010-12-07 16:08 . drwxr-xr-x 39 manager manager 4096 2010-12-07 16:04 .. -rw-r--r-- 1 manager manager 0 2010-12-07 16:03 .Xauthority mana...@zambiaserver2:~$ rm aufs/.Xauthority rm: cannot remove `aufs/.Xauthority': Operation not permitted mana...@zambiaserver2:~$ sudo tail -1 /var/log/kern.log Dec 7 16:09:04 zambiaserver2 kernel: [ 3445.254650] non-accessible hardlink creation was attempted by: rm (fsuid 1000) mana...@zambiaserver2:~$ sudo sysctl kernel.yama.protected_nonaccess_hardlinks=0 kernel.yama.protected_nonaccess_hardlinks = 0 mana...@zambiaserver2:~$ rm aufs/.Xauthority mana...@zambiaserver2:~$ ls -la aufs/.Xauthority ls: cannot access aufs/.Xauthority: No such file or directory -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/663069 Title: "non-accessable symlink" errors when using aufs-shaddowed read-only root filesystem -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
