Package: fakeroot Version: 1.20.2-1 Severity: normal Tags: upstream Dear Maintainer,
fakeroot does not work as expected inside user namespaces: $ touch test-file $ ls -ln test-file -rw-r--r-- 1 1000 100 0 okt. 21 10:12 test-file $ fakeroot -- chown 0:0 test-file ### WORKS $ unshare -U -m fakeroot -- chown 0:0 test-file ### FAILS chown: changing ownership of ‘test-file’: Invalid argument I would have expected the last command to succeeded, like the one above it. strace snippet, normal run (works): fchownat(AT_FDCWD, "test-file", 0, 0, 0) = -1 EPERM (Operation not permitted) Inside user namespace (fails): fchownat(AT_FDCWD, "test-file", 0, 0, 0) = -1 EINVAL (Invalid argument) A theory is that the linux kernel returns EINVAL when it encounters UIDs that don't exist in the user namespace. There is of course the question whether that is the _expected_ kernel behaviour, but I assume so. Anyway, the below command backs up the theory about the kernel behaviour; it works because UID 0 exists in this namespace: $ unshare -U -m --map-root-user fakeroot -- chown 0:0 test-file ### WORKS I did a small test with this patch: @@ -870,7 +870,7 @@ int fchownat(int dir_fd, const char *path, uid_t owner, gid_t group, int flags) else r=0; - if(r&&(errno==EPERM)) + if(r&&(errno==EPERM||errno==EINVAL)) r=0; It fixed the problem for my little test case. The question is what side-effects this patch may have, and whether it is a sufficient and / or acceptable fix. There are probably many more syscalls that may return EINVAL instead of EPERM in user namespaces. -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages fakeroot depends on: ii libc6 2.19-18+deb8u1 ii libfakeroot 1.20.2-1 fakeroot recommends no packages. fakeroot suggests no packages. -- no debconf information