Bug#802612: fakeroot fails in user namespaces (EINVAL / Invalid argument)

2016-05-30 Thread Bjørn Forsman 
Anyone there?

I'd like to move forward, write a patch that hopefully can be accepted
by you guys.

On what code should I base my changes? I see fakeroot-1.20.2 tarball
from 2014, it looks like the latest version. Is there a git repo
somewhere though? (I cannot find it...)

Best regards,
Bjørn Forsman

Bug#802612: fakeroot fails in user namespaces (EINVAL / Invalid argument)

2015-10-23 Thread Bjørn Forsman 
Reading the Linux source for fchownat, in /fs/open.c, there is
little/no doubt that it returns EINVAL on invalid / non-existing UIDs:

  uid = make_kuid(current_user_ns(), user);
  gid = make_kgid(current_user_ns(), group);

  newattrs.ia_valid =  ATTR_CTIME;
  if (user != (uid_t) -1) {
  if (!uid_valid(uid))
  return -EINVAL;

My work-in-progress patch for fakeroot (ref. previous message) is now
extended so it includes this snippet

  -  if(r&&(errno==EPERM))
  +  if(r&&(errno==EPERM||errno==EINVAL))

for all syscalls that involves UIDs / GIDs that I could find in
libfakeroot.c. It is only four functions:

  chown, lchown, fchown, fchownat.

I think the only thing that's missing for this patch is possibly to
also check for uid/gid != 0.
If it is, then the EINVAL really _is_ an invalid argument and fakeroot
should abort.

Thoughts?

- Bjørn

Bug#802612: fakeroot fails in user namespaces (EINVAL / Invalid argument)

2015-10-21 Thread Bjørn Forsman 
Package: fakeroot
Version: 1.20.2-1
Severity: normal
Tags: upstream

Dear Maintainer,

fakeroot does not work as expected inside user namespaces:

  $ touch test-file
  $ ls -ln test-file
  -rw-r--r-- 1 1000 100 0 okt.  21 10:12 test-file
  $ fakeroot -- chown 0:0 test-file ### WORKS
  $ unshare -U -m fakeroot -- chown 0:0 test-file   ### FAILS
  chown: changing ownership of ‘test-file’: Invalid argument

I would have expected the last command to succeeded, like the one above it.

strace snippet, normal run (works):
  fchownat(AT_FDCWD, "test-file", 0, 0, 0) = -1 EPERM (Operation not permitted)

Inside user namespace (fails):
  fchownat(AT_FDCWD, "test-file", 0, 0, 0) = -1 EINVAL (Invalid argument)

A theory is that the linux kernel returns EINVAL when it encounters UIDs that
don't exist in the user namespace. There is of course the question whether that
is the _expected_ kernel behaviour, but I assume so. Anyway, the below command
backs up the theory about the kernel behaviour; it works because UID 0 exists
in this namespace:

  $ unshare -U -m --map-root-user fakeroot -- chown 0:0 test-file### WORKS

I did a small test with this patch:

  @@ -870,7 +870,7 @@ int fchownat(int dir_fd, const char *path, uid_t owner, 
gid_t group, int flags)
 else
   r=0;
  
  -  if(r&&(errno==EPERM))
  +  if(r&&(errno==EPERM||errno==EINVAL))
   r=0;

It fixed the problem for my little test case.

The question is what side-effects this patch may have, and whether it is a
sufficient and / or acceptable fix. There are probably many more syscalls that
may return EINVAL instead of EPERM in user namespaces.

-- System Information:
Debian Release: 8.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages fakeroot depends on:
ii  libc62.19-18+deb8u1
ii  libfakeroot  1.20.2-1

fakeroot recommends no packages.

fakeroot suggests no packages.

-- no debconf information