Package: piuparts Version: 1.3 Severity: wishlist File: /usr/sbin/piuparts Control: fixed 1055508 piuparts/1.3 Control: close 1055508
Hi Nicolas et al, thanks for merging all of my previous little wishlist #1055508. I've close the bug now as all the work has happened in MRs. I have one more wish. If run piuparts inside an unprivileged user namespace and pass a --basetgz that contains device nodes, piuparts will hand this to GNU tar and ask it to extract it. GNU tar will try to mknod those devices and fail. That failure is propagated and piuparts exits with a failure. One solution to this is to only pass a tar to --basetgz that lacks device nodes. It seems though that users will forget that they have to strip device nodes and this would be inconvenient, so the question arises whether we can generally do something about this annoyance. Since my changes from #1055508, piuparts takes care to always construct a minimal /dev hierarchy. This happens regardless of whether we run in a namespace or not. When mknod works, piuparts uses it, otherwise it resorts to bind mounts for supporting unprivileged user namespaces. Conversely, piuparts no longer needs the --basetgz to contain device nodes at all. So a side-effect of my #1055508 changes is that a privileged piuparts can no deal with a --basetgz with devices and without. How about changing piuparts to always ignore user-supplied device nodes? We could pass --exclude=./dev/* to tar in unpack_from_tgz and thus always skip extraction of device nodes. Then (due to my earlier changes), configure_chroot would still ensure a reasonable set of devices to be present. Since tar no longer attempts to extract device nodes, this would enable the use of a --basetgz containing device nodes with a piuparts run in an unprivileged user namespace. It would also mean that you can no longer customize the /dev hierarchy in your basetgz. I'm not sure whether that's a good or a bad property. So what do you think about this change? Is that something you find reasonable? @@ -922,7 +922,7 @@ prefix = [] if settings.eatmydata and os.path.isfile("/usr/bin/eatmydata"): prefix.append("eatmydata") - run(prefix + ["tar", "-C", self.name, "--auto-compress", "-xf", tarball]) + run(prefix + ["tar", "-C", self.name, "--auto-compress", "--exclude=./dev/*", "--exclude=dev/*", "-xf", tarball]) def setup_from_schroot(self, schroot): self.schroot_session = schroot.split(":", 1)[-1] + "-" + str(uuid.uuid1()) + "-piuparts" Thanks for considering Helmut