Package: autopkgtest
Version: 5.16
Severity: normal
User: de...@kali.org
Usertags: origin-kali
If the execution duration exceeds the specified timeout,
`execute_timeout` tries to kill the process it started. This will
systematically fail if the command was wrapped in `sudoify`, because
`execute_timeout` will of course not be able to terminate a process
owned by UID 0.
Here's an actual example, where an lxc test container took too long to
get its networking available (the corresponding call is in
autopkgtest-virt-lxc's `wait_booted` at line 131):
```
autopkgtest-virt-lxc [06:18:24]: ERROR: WARNING: Cannot kill timed out process
['sudo', 'lxc-attach', '--name', 'ci-106-c7628f8c', '--', 'sh', '-ec', 'if [ -d
/run/systemd/system ]; then systemctl start network-online.target; else while
ps -ef | grep -q "/etc/init\\.d/rc"; do sleep 1; done; fi']: [Errno 1]
Operation not permitted
```
I used the following pytest code to isolate and reproduce the error:
```python
import pytest
import re
import sys
sys.path.append('lib')
import VirtSubproc
@pytest.mark.parametrize("cmd", (["sleep", "10"], ["sudo", "sleep", "10"]))
def test_timeout_one_second(cmd, capfd):
with pytest.raises(VirtSubproc.Timeout):
VirtSubproc.execute_timeout(None, 1, cmd)
out, err = capfd.readouterr()
assert not re.search(r'WARNING.*Cannot.*timed out process', err)
```
I don't see an easy solution to this problem; I am able to work around
the issue by using the attached patch, combined with giving the `debci` user
(that runs our autopkgtests) additional sudo permissions for the
commands that timeout for us, but that's suboptimal.
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-4-amd64 (SMP w/36 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages autopkgtest depends on:
ii apt-utils 2.1.20
ii libdpkg-perl 1.20.7.1
ii procps 2:3.3.17-2
ii python3 3.9.1-1
ii python3-debian 0.1.39
Versions of packages autopkgtest recommends:
ii autodep8 0.24
Versions of packages autopkgtest suggests:
ii lxc 1:4.0.6-1
pn lxd <none>
ii ovmf 2020.11-2
ii qemu-efi-aarch64 2020.11-2
ii qemu-efi-arm 2020.11-2
ii qemu-system 1:5.2+dfsg-3
ii qemu-utils 1:5.2+dfsg-9
ii schroot 1.6.10-11+b1
ii vmdb2 0.22-1
-- no debconf information
commit fc83a3471e7f44d6330e8c88d6d9abe7bcd7ab26
Author: Sébastien Delafond <sdelaf...@gmail.com>
Date: Fri Apr 16 12:57:38 2021 +0200
virtsubproc: use sudo to kill timed-out processes started with sudo
diff --git a/lib/VirtSubproc.py b/lib/VirtSubproc.py
index bf948e6..67bc712 100644
--- a/lib/VirtSubproc.py
+++ b/lib/VirtSubproc.py
@@ -147,10 +147,22 @@ def execute_timeout(instr, timeout, *popenargs,
**popenargsk):
out = out.decode('UTF-8', 'replace')
if err is not None:
err = err.decode('UTF-8', 'replace')
- except Timeout:
+ except Timeout as te:
try:
sp.kill()
sp.wait()
+ except PermissionError as pe:
+ adtlog.info('INFO: Cannot kill timed out process %s due to
insufficient permission: %s' %
+ (popenargs[0], pe))
+ try:
+ cmd = ['sudo', '--non-interactive', 'kill', str(sp.pid)]
+ cp = subprocess.run(cmd, timeout=5, capture_output=True)
+ if cp.returncode != 0:
+ raise OSError(cp.stderr.decode('UTF-8', 'replace'))
+ raise te
+ except OSError as es:
+ adtlog.error('WARNING: Cannot sudo-kill timed out process %s:
%s' %
+ (popenargs[0], es))
except OSError as e:
adtlog.error('WARNING: Cannot kill timed out process %s: %s' %
(popenargs[0], e))
