[Bug 550318] New: user ids for kiwi created ltsp images wrong, taken from host
http://bugzilla.novell.com/show_bug.cgi?id=550318 Summary: user ids for kiwi created ltsp images wrong, taken from host Classification: openSUSE Product: openSUSE 11.2 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: stefan.bruens@rwth-aachen.de QAContact: qa@suse.de Found By: --- User-Agent: Mozilla/5.0 (compatible; Konqueror/4.3; Linux) KHTML/4.3.2 (like Gecko) SUSE Kiwi creates ltsp images in two stages. The first stage is run from the host, installing packages using "zypper --root <ltsp-root>". It looks like userids for creating the files are taken from the host environment. This affects e.g. dbus and hal packages. This should be either fixed in zypper, or fixed during the the second stage, which is run in the chroot (rpm --setguids). Reproducible: Always Steps to Reproduce: 1. install kiwi-ltsp-prebuilt-unstable 2. unclicfs /srv/kiwi-ltsp/i386.img; sudo mount -o loop,ro fsdata.ext3 /mnt 3. chroot /mnt 4. ls -la /var/run/{hald,dbus} Actual Results: var/run/dbus: total 8 drwxr-xr-x 2 haldaemon privoxy 4096 2009-09-24 00:02 . drwxr-xr-x 9 root root 4096 2009-10-04 09:00 .. var/run/hald: total 16 drwxr-xr-x 4 messagebus quagga 4096 2009-10-04 08:58 . drwxr-xr-x 9 root root 4096 2009-10-04 09:00 .. drwxr-xr-x 2 messagebus quagga 4096 2009-09-24 11:50 hald-local drwxr-xr-x 2 messagebus quagga 4096 2009-09-24 11:50 hald-runner Expected Results: /var/run/dbus: insgesamt 16 drwxr-xr-x 3 messagebus messagebus 4096 27. Okt 07:53 . drwxr-xr-x 26 root root 4096 27. Okt 07:54 .. drwxr-xr-x 3 root root 4096 27. Okt 07:54 at_console -rw-r--r-- 1 root root 5 27. Okt 07:53 pid srwxrwxrwx 1 root root 0 27. Okt 07:53 system_bus_socket /var/run/hald: insgesamt 24 drwxr-xr-x 4 haldaemon haldaemon 4096 27. Okt 07:54 . drwxr-xr-x 26 root root 4096 27. Okt 07:54 .. -rw-r--r-- 1 root root 2266 27. Okt 07:54 acl-list -rw-r--r-- 1 root root 5 27. Okt 07:53 haldaemon.pid drwxr-xr-x 2 haldaemon haldaemon 4096 5. Feb 2009 hald-local drwxr-xr-x 2 haldaemon haldaemon 4096 5. Feb 2009 hald-runner -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=550318 Andreas Jaeger <aj@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |cyberorg@opensuse.org |ovo.novell.com | -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=550318 User cyberorg@opensuse.org added comment http://bugzilla.novell.com/show_bug.cgi?id=550318#c1 Jigish Gohil <cyberorg@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |stefan.bruens@rwth-aachen.d | |e --- Comment #1 from Jigish Gohil <cyberorg@opensuse.org> 2009-10-27 22:43:19 MDT --- Try this: Run thin client and log in. Launch ltsp-localapps xterm Check the owner/permissions from the local xterm, that is the one which is actually in use. I don't think there is a bug, you are getting confused because the image is extracted on the host system and UID/GID of host system do not match the ones in the image's /etc/passwd and /etc/group. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=550318 User stefan.bruens@rwth-aachen.de added comment http://bugzilla.novell.com/show_bug.cgi?id=550318#c2 Stefan Brüns <stefan.bruens@rwth-aachen.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|stefan.bruens@rwth-aachen.d | |e | --- Comment #2 from Stefan Brüns <stefan.bruens@rwth-aachen.de> 2009-10-28 11:06:26 MDT --- logged in with ssh, but this should be the same tc1:~ # l -n /var/run/{hald,dbus} /var/run/dbus: total 12 drwxr-xr-x 2 100 102 4096 2009-10-28 10:58 ./ drwxr-xr-x 13 0 0 4096 2009-10-28 14:52 ../ -rw-r--r-- 1 0 0 5 2009-10-28 10:58 pid srwxrwxrwx 1 0 0 0 2009-10-28 10:58 system_bus_socket= /var/run/hald: total 20 drwxr-xr-x 4 102 104 4096 2009-10-28 10:58 ./ drwxr-xr-x 13 0 0 4096 2009-10-28 14:52 ../ -rw-r--r-- 1 0 0 5 2009-10-28 10:58 haldaemon.pid drwxr-xr-x 2 102 104 4096 2009-09-24 11:50 hald-local/ drwxr-xr-x 2 102 104 4096 2009-09-24 11:50 hald-runner/ tc1:~ # egrep "x:10[0|2]:" /etc/passwd haldaemon:x:100:101:User for haldaemon:/var/run/hal:/bin/false messagebus:x:102:102:User for D-BUS:/var/run/dbus:/bin/false avahi:x:102:104:User for Avahi:/var/run/avahi-daemon:/bin/false -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=550318 User stefan.bruens@rwth-aachen.de added comment http://bugzilla.novell.com/show_bug.cgi?id=550318#c3 --- Comment #3 from Stefan Brüns <stefan.bruens@rwth-aachen.de> 2009-10-29 12:57:08 MDT --- Ok, the real culprit is rpm/nscd interaction (kiwi calls zypper calls rpm). rpm runs outside the chroot directory and uses nscd if available. For a full discussion see: https://bugzilla.redhat.com/show_bug.cgi?id=481796 So this is a bug in rpm -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=550318 User cyberorg@opensuse.org added comment http://bugzilla.novell.com/show_bug.cgi?id=550318#c4 --- Comment #4 from Jigish Gohil <cyberorg@opensuse.org> 2009-10-31 01:49:28 MDT --- fixed in new prebuilt image(will show up online in few hours), it was my mistake, i was using 11.1 /etc/passwd -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=550318 User cyberorg@opensuse.org added comment http://bugzilla.novell.com/show_bug.cgi?id=550318#c5 Jigish Gohil <cyberorg@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |FIXED --- Comment #5 from Jigish Gohil <cyberorg@opensuse.org> 2009-10-31 01:59:26 MDT --- Closing as per above. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=550318 User stefan.bruens@rwth-aachen.de added comment http://bugzilla.novell.com/show_bug.cgi?id=550318#c6 Stefan Brüns <stefan.bruens@rwth-aachen.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |REOPENED Resolution|FIXED | --- Comment #6 from Stefan Brüns <stefan.bruens@rwth-aachen.de> 2009-10-31 12:27:50 MDT --- So, how has this been fixed? This bug is not only about the provided prebuilt images, but also about kiwi. Every custom built image is broken (it may be correct by chance). -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=550318 User cyberorg@opensuse.org added comment http://bugzilla.novell.com/show_bug.cgi?id=550318#c7 Jigish Gohil <cyberorg@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|cyberorg@opensuse.org |ms@novell.com --- Comment #7 from Jigish Gohil <cyberorg@opensuse.org> 2009-10-31 12:47:29 MDT --- If you do not have modified /etc/passwd in kiwi image description this issue should not arise. openSUSE's SuSEconfig runs permission module to fix all the permissions. If every custom image was broken we would not be able to create live isos on the build service or otherwise :) Handing over to Schaefi to look if there is any kiwi bug. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=550318 User stefan.bruens@rwth-aachen.de added comment http://bugzilla.novell.com/show_bug.cgi?id=550318#c8 --- Comment #8 from Stefan Brüns <stefan.bruens@rwth-aachen.de> 2009-10-31 14:56:32 MDT --- 1. I cant see where /etc/passwd is copied into to $LTSNFSPATH. I can only see the one from the fillup-templates. 2. Even then, rpm (which is called by zypper in the first stage) is still running outside the chroot. So every file created by rpm uses the uids/gids from outside the chroot. On the other hand, when rpm calls e.g. getent or useradd, it is executed inside the chroot, and takes the information it finds there. 3. permissions module: This works only for the files explicitly listed there 4. Everything is fine as long as the uids inside the chroot match the ones from outside - you just won't notice the difference. Most probably bootstrapping the BS instances and kiwi images is similar enough to get the same uids. This really is a bug in rpm which misbehaves when called with "--root". I filed this bug against kiwi as I originally thought it is kiwis fault. But as kiwi is affected, I think this bug should stay open until it is fixed for real. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=550318 User cyberorg@opensuse.org added comment http://bugzilla.novell.com/show_bug.cgi?id=550318#c9 Jigish Gohil <cyberorg@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cyberorg@opensuse.org --- Comment #9 from Jigish Gohil <cyberorg@opensuse.org> 2009-10-31 15:00:58 MDT --- the files were in /usr/share/kiwi/images/ltsp/suse-11.2/root/etc/ Those are not removed, and the issue is gone. oBS is using 11.1, but we are creating 11.2 images, they differ a lot. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=550318 User ms@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=550318#c10 Marcus Schaefer <ms@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|ms@novell.com |mls@novell.com --- Comment #10 from Marcus Schaefer <ms@novell.com> 2009-11-03 02:35:42 MST ---
This really is a bug in rpm which misbehaves when called with "--root". I filed this bug against kiwi as I originally thought it is kiwis fault. But as kiwi is affected, I think this bug should stay open until it is fixed for real.
I'm going to assign this to the rpm maintainer so there is a chance that it will be fixed soon Thanks -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=550318 User stefan.bruens@rwth-aachen.de added comment http://bugzilla.novell.com/show_bug.cgi?id=550318#c11 --- Comment #11 from Stefan Brüns <stefan.bruens@rwth-aachen.de> 2009-11-03 09:29:04 MST --- I think there are two possible ways to implement this: 1. fgetpwent($ROOT_DIR/etc/passwd, ...) Rationale: chroot works on a filesystem level anyway. rpm --root is used for bootstrapping, just to install the base system. After the base system has been installed, rpm can be started inside the chroot. Drawback: For "--root", only /etc/passwd will be honored, nsswitch.conf will be ignored. I think this is a non-issue, but this should be documented. 2. Use a helper executed in the chroot Rationale: Behavior will be like in the fully setup system, as nsswitch will be honored. Drawback: Higher complexity. Helper has to be copied into the chroot (or proc has to be bind-mounted into the chroot, to make open+fexecve work). Should only be active for the chroot-case, to avoid slowdowns. (uid 0/root is hardcoded in rpm (lib/fsm.c). So only use helper on demand?) -- For the time being, can we have "rpm --setguids" after the first stage in kiwi-ltsp-setup? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=550318 https://bugzilla.novell.com/show_bug.cgi?id=550318#c12 Jigish Gohil <cyberorg@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |CLOSED Resolution| |NORESPONSE --- Comment #12 from Jigish Gohil <cyberorg@opensuse.org> 2013-12-19 05:29:42 UTC --- Please open a new bug if this issue is still there in 13.1, it has been a very long time since this bug was reported so closing it for now. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com