Your message dated Sat, 10 Aug 2024 15:26:45 +0000
with message-id <[email protected]>
and subject line Bug#856877: fixed in schroot 1.6.13-4
has caused the Debian Bug report #856877,
regarding schroot: Please consider mounting a new instance of /dev/pts
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
856877: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856877
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: schroot
Version: 1.6.10-3
Severity: normal
Tags: upstream
As documented in
<http://lxr.free-electrons.com/source/Documentation/filesystems/devpts.txt?v=3.16>
and in <https://www.kernel.org/doc/Documentation/filesystems/devpts.txt>
(for historical context you might want to read the v3.16 version, chosen to
represent Debian jessie, before the latest version), the preferred way to
set up /dev/pts inside containers in recent kernels is to mount a new
instance of the devpts filesystem on /dev/pts, either use ptmxmode=666 or
chmod /dev/pts/ptmx to 0666 afterwards, and arrange for /dev/ptmx to be
equivalent to /dev/pts/ptmx via a symbolic link or bind-mount.
In particular, this would make the chroots created by debootstrap
versions 1.0.76 to 1.0.88 (inclusive) work as expected. In those chroots,
/dev/ptmx is a symbolic link to pts/ptmx. That is considered to be a RC
bug in debootstrap (#817236, RC because it broke existing functionality),
and I have proposed a patch; but with my proposed patch, debootstrap
will still create chroots with /dev/ptmx -> pts/ptmx if it is run
in a container manager that restricts device node creation, such as
systemd-nspawn, because that seemed better than failing outright.
Invoking script(1) is a common way to test this.
A nice side-effect of this change, which I discovered while testing a
cut-down version of the same code in a new debootstrap autopkgtest, is
that it makes script(1) work inside "schroot --sbuild" inside a LXC
container on a Debian jessie kernel. Previously, that would have failed.
I'm filing this as a new bug rather than detaching one of the merged bugs
from #817236 because the only one that originally concerned schroot
was #817236 itself, and it would seem needlessly confusing to repurpose
that bug number.
I attach a schroot patch that does as I request. I'm also going to attach
a patch to #817236 that will extend debootstrap's autopkgtest to run a
heavily cut-down version of the same logic, to confirm that it does in
fact work.
Unfortunately, this does cause a regression for interactive use:
processes inside an interactive schroot cannot tell that their
stdin/stdout/stderr is in fact connected to a terminal, because that
terminal is not visible to them. As a result, programs like sudo and
screen will refuse to run, unless wrapped in something like
"script /dev/null". So it might be necessary for schroot to provide
its own pty (one that *is* valid inside the chroot) and forward
input/output to/from the terminal outside the chroot, or something?
(I think that's what container managers like lxc and systemd-nspawn do.)
As a result I'm not tagging this as 'patch'.
Regards,
S
From: Simon McVittie <[email protected]>
Date: Mon, 20 Feb 2017 10:43:24 +0000
Subject: Mount a new instance of /dev/pts in the chroot
This is considered to be best-practice for container managers in
Linux >= v2.6.29 with CONFIG_DEVPTS_MULTIPLE_INSTANCES=y. That config
option was made unconditional in v4.7.
This has some assumptions, which cannot be avoided if we are going to
mount /dev/pts using schroot's fstab:
* If the kernel is older than v4.7, it is assumed to be v2.6.29 or
later with CONFIG_DEVPTS_MULTIPLE_INSTANCES=y. Users of older kernels,
or intermediate versions with CONFIG_DEVPTS_MULTIPLE_INSTANCES=n,
can revert this change via /etc.
* gid 5 must be the right owner for ptys. This is correct for Debian
(it's the hard-coded tty group specified in base-passwd) and probably
many other distributions (it's systemd's configure-time default) but
not necessarily correct everywhere. However, if the host system and the
chroot disagree on the right gid, schroot's previous behaviour would
have been wrong anyway, because it bind-mounted the host's /dev/pts.
* /dev/ptmx inside the chroot must be either a real device node (as
created by debootstrap < 1.0.76) or a symlink to pts/ptmx
(as created by debootstrap >= 1.0.76).
I have proposed a debootstrap patch to make it create the real device
node again if possible. However, there is a desire for debootstrap
to be runnable under container managers that restrict creation of
device nodes, such as systemd-nspawn; under these container managers,
creating /dev/ptmx as a symlink to pts/ptmx is the best that can be
done.
Bind-mounting /dev/pts/ptmx over /dev/ptmx, so that we get the
new instance's /dev/ptmx equivalent instead of the host's, can only
be done from code, so I have done it in the 10mount hook instead of
in the fstab.
---
etc/profile-templates/buildd/linux/fstab | 2 +-
etc/profile-templates/default/linux/fstab | 2 +-
etc/profile-templates/desktop/linux/fstab | 2 +-
etc/profile-templates/sbuild/linux/fstab | 2 +-
etc/setup.d/10mount | 12 ++++++++++++
5 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/etc/profile-templates/buildd/linux/fstab b/etc/profile-templates/buildd/linux/fstab
index 26efe88..f2f6136 100644
--- a/etc/profile-templates/buildd/linux/fstab
+++ b/etc/profile-templates/buildd/linux/fstab
@@ -1,4 +1,4 @@
-/dev/pts /dev/pts none rw,bind 0 0
+/dev/pts /dev/pts devpts rw,newinstance,ptmxmode=666,mode=620,gid=5 0 0
tmpfs /dev/shm tmpfs defaults 0 0
# Mount a large scratch space for the build, so we don't use up
# space on an LVM snapshot of the chroot itself.
diff --git a/etc/profile-templates/default/linux/fstab b/etc/profile-templates/default/linux/fstab
index 777f0ed..181ed80 100644
--- a/etc/profile-templates/default/linux/fstab
+++ b/etc/profile-templates/default/linux/fstab
@@ -1,5 +1,5 @@
/dev /dev none rw,bind 0 0
-/dev/pts /dev/pts none rw,bind 0 0
+/dev/pts /dev/pts devpts rw,newinstance,ptmxmode=666,mode=620,gid=5 0 0
/home /home none rw,bind 0 0
/tmp /tmp none rw,bind 0 0
diff --git a/etc/profile-templates/desktop/linux/fstab b/etc/profile-templates/desktop/linux/fstab
index 7f61d8d..b0dae37 100644
--- a/etc/profile-templates/desktop/linux/fstab
+++ b/etc/profile-templates/desktop/linux/fstab
@@ -1,5 +1,5 @@
/dev /dev none rw,bind 0 0
-/dev/pts /dev/pts none rw,bind 0 0
+/dev/pts /dev/pts devpts rw,newinstance,ptmxmode=666,mode=620,gid=5 0 0
/home /home none rw,bind 0 0
/tmp /tmp none rw,bind 0 0
diff --git a/etc/profile-templates/sbuild/linux/fstab b/etc/profile-templates/sbuild/linux/fstab
index 26efe88..f2f6136 100644
--- a/etc/profile-templates/sbuild/linux/fstab
+++ b/etc/profile-templates/sbuild/linux/fstab
@@ -1,4 +1,4 @@
-/dev/pts /dev/pts none rw,bind 0 0
+/dev/pts /dev/pts devpts rw,newinstance,ptmxmode=666,mode=620,gid=5 0 0
tmpfs /dev/shm tmpfs defaults 0 0
# Mount a large scratch space for the build, so we don't use up
# space on an LVM snapshot of the chroot itself.
diff --git a/etc/setup.d/10mount b/etc/setup.d/10mount
index 296a162..8382151 100755
--- a/etc/setup.d/10mount
+++ b/etc/setup.d/10mount
@@ -269,3 +269,15 @@ if [ $STAGE = "setup-start" ] || [ $STAGE = "setup-recover" ]; then
fi
fi
+
+if [ $STAGE = "setup-start" ] || [ $STAGE = "setup-recover" ]; then
+ # Depending on how /dev was set up, /dev/ptmx might either be
+ # character device (5,2), or a symbolic link to pts/ptmx.
+ # Either way we want it to be equivalent to /dev/pts/ptmx, assuming
+ # both exist.
+ if [ -e "$CHROOT_PATH/dev/pts/ptmx" ] && \
+ [ -e "$CHROOT_PATH/dev/ptmx" ] && \
+ ! [ "$CHROOT_PATH/dev/pts/ptmx" -ef "$CHROOT_PATH/dev/ptmx" ]; then
+ mount --bind "$CHROOT_PATH/dev/pts/ptmx" "$CHROOT_PATH/dev/ptmx"
+ fi
+fi
--- End Message ---
--- Begin Message ---
Source: schroot
Source-Version: 1.6.13-4
Done: Christoph Biedl <[email protected]>
We believe that the bug you reported is fixed in the latest version of
schroot, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Biedl <[email protected]> (supplier of updated schroot
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 10 Aug 2024 15:23:12 +0200
Source: schroot
Architecture: source
Version: 1.6.13-4
Distribution: unstable
Urgency: medium
Maintainer: Christoph Biedl <[email protected]>
Changed-By: Christoph Biedl <[email protected]>
Closes: 856877 983423 1020963 1021446 1021780 1075493
Changes:
schroot (1.6.13-4) unstable; urgency=medium
.
* Drop duplicates in buildd configuration
* Add French debconf translation. Closes: #1020963
* Add Dutch debconf translation. Closes: #1021446
* Fix example configuration. Closes: #1021780
* Document a login shell might be switched to a regular shell
* Cherry-pick fix for build failure with GCC-14. Closes: #1075493
* Cherry-pick "Mount a new instance of /dev/pts in the chroot".
Closes: #856877, #983423
Checksums-Sha1:
b9dd643ba5517b5b280f6da465f725d97f6eba57 2195 schroot_1.6.13-4.dsc
cb7ac7c29c233f4d6db2a7a5dbd81f27029a7c4d 117676 schroot_1.6.13-4.debian.tar.xz
37ad50fddd45cdf4087fc53f809ddeefdebd1a99 8320 schroot_1.6.13-4_armel.buildinfo
Checksums-Sha256:
54baf76cdc37885d3d20908fa9fcc52dd02911732ae72bfac423e946c586f351 2195
schroot_1.6.13-4.dsc
b743b097513207377d44c328bac00fdfa17d0702ad97eac3e8153cc3519bb2b8 117676
schroot_1.6.13-4.debian.tar.xz
4b096ba4447c6025716d4caa4e53cdbcf5921ead990fe298fa0229637f2143d6 8320
schroot_1.6.13-4_armel.buildinfo
Files:
ffa05f99c0c9b9b6a60e254565c2d648 2195 admin optional schroot_1.6.13-4.dsc
21278192c70514b37f1b339f26383736 117676 admin optional
schroot_1.6.13-4.debian.tar.xz
8a43ffea3181d120149b6afb1c9cf95c 8320 admin optional
schroot_1.6.13-4_armel.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEWXMI+726A12MfJXdxCxY61kUkv0FAma3fi0ACgkQxCxY61kU
kv3OBxAAykNPfCawM9A3/kzQbe0y82UCJtTorqi0uNnRNQaW/ab2wqBE8QBMzz0C
Z6iQwyXAiRtOMid1UF8cvJOih6eQl6+MTzgi6XDpOFJY0f1r5l22DWXITYH96d3U
BAKEyP+I6sApROAB/ahyZdWG9j0murQ0PtN//3C4Mma+ANuXn6fFufvk3TbQr4Xq
AHFv/3LLALJwmfBM4UQJnABqZR6GuDmTmZt5Pva/G/Q0JuZsMeXBh6CPuksYnh8w
Tw3hsxnVTy3i0pyyG93xthNZDZUmaxXRGN0s6IFnp04TO89eQLENSCGznET8TCND
tz2k56+3eEzyOOBlfijft2IzS/rpsawH0cVFrunP1JaEqDxusryMwFekTNkBwESY
02qpHW6PzXtIdoPFs6mz3KaU670Tpg+UrI3KadpugyAIHoRN1N0tZrhnw8xESk6A
sw01yb78LXGHMHu0qBw+1MQNdcOc1hE9WxSZFJXLWphGupeHiPtQZrEp/aNi2fiq
WpWoAc1pAS4sfUY3XqQfYUoJdKmYygrbJbuMEFbaASSJQWRGKOd+yIpOsTMqXfz7
QQRCWNT3g2pxLB0H8GJKyPa93p1LafpgtONL47Hs1HrqBUuAZEiI9Ozwvce+wpK3
UFnYq2a7KPqTRlXHw/W8yBkXptQkkNERIY5JyAPWs8dwh/bX/f8=
=0HP/
-----END PGP SIGNATURE-----
pgpQUxJy3Tv4g.pgp
Description: PGP signature
--- End Message ---
