The capability isn't really good to be checked, binfmt_misc isn't part
of the usual caps that you'd get e.g. with getpcaps.
One would think that checking for the MP might be better:
root@Keschdeichel:~# mount | grep binfmt_misc
systemd-1 on /proc/sys/fs/binfmt_misc type autofs
(rw,relatime,fd=26,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=16329)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime)
Or the service /lib/systemd/system/binfmt-support.service which e.g. in a LXD
container will not run.
● binfmt-support.service - Enable support for additional executable binary
formats
Loaded: loaded (/lib/systemd/system/binfmt-support.service; enabled; vendor
preset: enabled)
Active: failed (Result: exit-code) since Mon 2019-09-09 08:37:20 UTC; 9ms ago
Docs: man:update-binfmts(8)
Process: 551 ExecStart=/usr/sbin/update-binfmts --enable (code=exited,
status=2)
Main PID: 551 (code=exited, status=2)
Sep 09 08:37:20 e systemd[1]: Starting Enable support for additional executable
binary formats...
Sep 09 08:37:20 e update-binfmts[551]: update-binfmts: warning: unable to open
/proc/sys/fs/binfmt_misc/status for writing: Permission denied
Sep 09 08:37:20 e update-binfmts[551]: update-binfmts: warning: unable to open
/proc/sys/fs/binfmt_misc/status for writing: Permission denied
Sep 09 08:37:20 e update-binfmts[551]: update-binfmts: warning: unable to open
/proc/sys/fs/binfmt_misc/register for writing: Permission denied
And that is the same for the registering of the formats.
This is only mapped into the container and non-writable (usually).
If I remove the container safety exit I get the same:
$ sudo -E /var/lib/dpkg/info/qemu-user-static.postinst configure
...
update-binfmts: warning: unable to open /proc/sys/fs/binfmt_misc/status for
writing: Permission denied
update-binfmts: warning: unable to open /proc/sys/fs/binfmt_misc/register for
writing: Permission denied
update-binfmts: warning: unable to enable binary format qemu-hppa
update-binfmts: exiting due to previous errors
But unfortunately qemu-user-static only recommends binfmt-support (as strictly
you can use qemu-user-static without binfmt). But to register anything this
would need to be available.
The script already has a check if the binary `update-binfmts` exists (as it is
only a recommends).
I'm beginning to lean towards `systemctl is-active binfmt-support.service`
being the best check.
If it is installed and failed, then the following registrations will fail as
well and should not be tried.
While at the same time a container MIGHT be set up with plenty of permissions
(privileged, special mapping of the host binfmt as writable). That isn't
recommended but could be done.
The check to the active service would catch all of those - fix the bug in WSL
(and probably other container formats), while at the same time enable the
feature for those who set up privileged-containers just for that.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1840956
Title:
package qemu-user-static 1:3.1+dfsg-2ubuntu3.3 failed to
install/upgrade: installed qemu-user-static package post-installation
script subprocess returned error exit status 2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1840956/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
