Bug#802612: fakeroot fails in user namespaces (EINVAL / Invalid argument)

Wed, 21 Oct 2015 09:18:22 -0700 

Package: fakeroot
Version: 1.20.2-1
Severity: normal
Tags: upstream

Dear Maintainer,

fakeroot does not work as expected inside user namespaces:

  $ touch test-file
  $ ls -ln test-file
  -rw-r--r-- 1 1000 100 0 okt.  21 10:12 test-file
  $ fakeroot -- chown 0:0 test-file                             ### WORKS
  $ unshare -U -m fakeroot -- chown 0:0 test-file               ### FAILS
  chown: changing ownership of ‘test-file’: Invalid argument

I would have expected the last command to succeeded, like the one above it.

strace snippet, normal run (works):
  fchownat(AT_FDCWD, "test-file", 0, 0, 0) = -1 EPERM (Operation not permitted)

Inside user namespace (fails):
  fchownat(AT_FDCWD, "test-file", 0, 0, 0) = -1 EINVAL (Invalid argument)

A theory is that the linux kernel returns EINVAL when it encounters UIDs that
don't exist in the user namespace. There is of course the question whether that
is the _expected_ kernel behaviour, but I assume so. Anyway, the below command
backs up the theory about the kernel behaviour; it works because UID 0 exists
in this namespace:

  $ unshare -U -m --map-root-user fakeroot -- chown 0:0 test-file    ### WORKS

I did a small test with this patch:

  @@ -870,7 +870,7 @@ int fchownat(int dir_fd, const char *path, uid_t owner, 
gid_t group, int flags)
     else
       r=0;
  
  -  if(r&&(errno==EPERM))
  +  if(r&&(errno==EPERM||errno==EINVAL))
       r=0;

It fixed the problem for my little test case.

The question is what side-effects this patch may have, and whether it is a
sufficient and / or acceptable fix. There are probably many more syscalls that
may return EINVAL instead of EPERM in user namespaces.

-- System Information:
Debian Release: 8.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages fakeroot depends on:
ii  libc6        2.19-18+deb8u1
ii  libfakeroot  1.20.2-1

fakeroot recommends no packages.

fakeroot suggests no packages.

-- no debconf information

Reply via email to