Bug#1071736: sbuild --chroot-mode=unshare fails when /etc/resolv.conf is a symlink /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf

Sun, 26 May 2024 06:30:13 -0700 

Hi,

Quoting Helmut Grohne (2024-05-24 14:12:38)
> while working with debusine.debian.net, I ran into a rather crazier kind
> of issue with the unshare backend. It seems like debusine.debian.net
> creates a chroot.tar where resolv.conf is a symbolic link:
> 
> | lrwxrwxrwx 0/0               0 2024-05-20 17:15 ./etc/resolv.conf -> 
> ../run/systemd/resolve/stub-resolv.conf
> 
> Notably, /run/systemd/resolve does not exist inside the tar nor does
> sbuild run systemd-resolved nor systemd-tmpfiles for creating this
> location. When building, the unshare backend tries to bind mount
> /etc/resolv.conf:
> 
> | --: 13: cannot create /tmp/tmp.sbuild.OQ0pOU6LQg/etc/resolv.conf: Directory 
> nonexistent
> https://debusine.debian.net/artifact/427489/hostname_3.23+nmu2_amd64-2024-05-24T10:06:30Z.build
> 
> This fails, because mount attempts to dereference the symbolic link and
> finds that an intermediate directory does not exist. As a result, this
> fails and network generally does not work resulting in all sorts of
> badness.

I'm not sure where you see bind-mounting /etc/resolv.conf being done in the
$network_setup code. If network is enabled, it reads:

    [ -f /etc/resolv.conf ] && cat /etc/resolv.conf > 
"$rootdir/etc/resolv.conf" || echo "nameserver 127.0.0.53" > 
"$rootdir/etc/resolv.conf";

and when it's disabled:

    ip link set lo up;> "$rootdir/etc/resolv.conf";

> Technically speaking, you can bind mount onto a symbolic link. You just
> cannot do so using the mount(2) API nor the mount(1) command. Unless you
> pass MOVE_MOUNT_T_SYMLINKS to move_mount(2), it will not dereference a
> symlink being pointed at. I'm not sure we want to go this extra mile
> though.
> 
> On the debusine side, I think we want to work around this issue in some
> way to avoid imposing a high version constraint in sbuild. I am
> reporting it here as it kinda is a bug (up to your judgement) and it
> helps having the diagnosis written down.

in unshare mode, we are always working with an ephemeral chroot. Would there be
any downside to sbuild just first running "rm -f $rootdir/etc/resolv.conf" and
then re-creating it as a real file in the $network_setup snippet of
_get_exec_argv() in lib/Sbuild/ChrootUnshare.pm?

Thanks!

cheers, josch

Attachment: signature.asc
Description: signature

Reply via email to