--- Comment From s...@de.ibm.com 2020-07-23 11:06 EDT---
Hi,
I was able to reproduce the "make: echo: Operation not permitted" on my Ubuntu
20.04 s390x machine.
I've installed build and installed the mentioned make-dfsg_4.3-4ubuntu1 package
without the "--disable-posix-spawn" configure flag.
I've build flatpak-builder_1.0.11-1 which executes the test which is triggering
the "Operation not permitted".
Then I've adjusted the tests, thus I can also run them without building the
package itself.
This test runs flatpak-builder which prepares some stuff (e.g. a root-directory
with all needed files / binaries / libraries).
flatpak-builder then creates a container with bwrap and calls a configure
skript, which generates a Makefile.
In a second invocation, make is invoked.
I've adjusted the configure script which now executed an own small program.
This program is first waiting some time, which I use to deterine its PID. Then
I can either attach strace or gdb.
After the timeout, the program just execve's to make. Thus in the end I have a
process-chain like:
flatpak-builder--bwrap---bwrap---configure---make
The strace output shows, that the clone syscall is failing with EPERM:
4269 17:08:47.914142 stat("/usr/bin/echo", {st_mode=S_IFREG|0755,
st_size=39136, ...}) = 0 <0.03>
4270 17:08:47.914155 geteuid() = 1001 <0.01>
4271 17:08:47.914167 getegid() = 1001 <0.02>
4272 17:08:47.914175 getuid()= 1001 <0.01>
4273 17:08:47.914182 getgid()= 1001 <0.01>
4274 17:08:47.914189 access("/usr/bin/echo", X_OK) = 0 <0.05>
4275 17:08:47.914203 mmap(NULL, 36864, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x3ff9c86b000 <0.02>
4276 17:08:47.914214 rt_sigprocmask(SIG_BLOCK, ~[], [HUP INT QUIT TERM CHLD
XCPU XFSZ], 8) = 0 <0.01>
4277 17:08:47.914224 clone(child_stack=0x3ff9c874000,
flags=CLONE_VM|CLONE_VFORK|SIGCHLD) = -1 EPERM (Operation not permitted)
<0.01>
4278 17:08:47.914235 munmap(0x3ff9c86b000, 36864) = 0 <0.04>
4279 17:08:47.914245 rt_sigprocmask(SIG_SETMASK, [HUP INT QUIT TERM CHLD XCPU
XFSZ], NULL, 8) = 0 <0.01>
A gdb session showed that posix_spawn is called by make like that (Info: make
is using vfork() if configured with "--disable-posix-spawn"):
jobs.c:child_execute_job (struct childbase *child, int good_stdin, char **argv)
posix_spawnattr_t attr;
posix_spawn_file_actions_t fa;
short flags = 0;
posix_spawnattr_init (&attr)
posix_spawn_file_actions_init (&fa)
flags |= POSIX_SPAWN_SETSIGMASK; => 0x08
flags |= POSIX_SPAWN_USEVFORK; => 0x40
fdin=0, fdout=1, fderr=2
flags |= POSIX_SPAWN_RESETIDS; => 0x01
=> flags = 0x49
posix_spawnattr_setflags (&attr, flags)
/* Start the program. */
while ((r = posix_spawn (&pid, cmd, &fa, &attr, argv,
child->environment)) == EINTR)
;
In glibc, the posix_spawn is doing this:
posix_spawn(...) -> __spawni(..., 0) -> __spawnix(..., __execve)
void *stack = __mmap (NULL, stack_size, prot, MAP_PRIVATE | MAP_ANONYMOUS |
MAP_STACK, -1, 0);
/* Disable asynchronous cancellation. */
__libc_signal_block_all (&args.oldmask);
# define CLONE(__fn, __stack, __stacksize, __flags, __args) \
__clone (__fn, __stack, __flags, __args)
new_pid = CLONE (__spawni_child, STACK (stack, stack_size), stack_size,
CLONE_VM | CLONE_VFORK | SIGCHLD, &args);
=> __clone (__spawni_child, __stack, CLONE_VM | CLONE_VFORK | SIGCHLD, &args);
/sysdeps/unix/sysv/linux/s390/s390-64/clone.S
(gdb) i r r2 r3 r4 r5 r6
r2 0x3ffb22f53c0 4396740989888
r3 0x3ffb24f4000 4396743081984
r4 0x4111 16657
r5 0x3ffce97c9e0 4397217597920
r6 0x 18446744073709551615
? >0x3ffb2306760stg %r6,48(%r15)
? 0x3ffb2306766 lgr %r0,%r5
? 0x3ffb230676a ltgr%r1,%r2
? 0x3ffb230676e je 0x3ffb23067a6
? 0x3ffb2306772 ltgr%r2,%r3
? 0x3ffb2306776 je 0x3ffb23067a6
? 0x3ffb230677a lgr %r3,%r4
? 0x3ffb230677e lgr %r4,%r6
? 0x3ffb2306782 lg %r5,168(%r15)
? 0x3ffb2306788 lg %r6,160(%r15)
(gdb) i r r1 r2 r3 r4 r5 r6
r1 0x3ffb22f53c0 4396740989888
r2 0x3ffb24f4000 4396743081984
r3 0x4111 16657
# define CLONE_VM 0x0100 /* Set if VM shared between processes. */
# define CLONE_VFORK 0x4000 /* Set if the parent wants the child to wake
it up on mm_release. */
/sysdeps/unix/sysv/linux/bits/signum.h:41:#define SIGCHLD 17 => 0x11
r4 0x 18446744073709551615
r5 0x3ffce97c960 4397217597792
r6 0x0 0
/* sys_clone (void *child_stack, unsigned long flags, pid_t *parent_tid, pid_t
*child_tid, void *tls); */
? 0x3ffb230678e svc 120