Bug#956739: marked as done (util-linux: PID persistent namespace broken)

Thu, 23 Jul 2020 16:54:38 -0700 

Your message dated Thu, 23 Jul 2020 23:50:09 +0000
with message-id <[email protected]>
and subject line Bug#956739: fixed in util-linux 2.36-1
has caused the Debian Bug report #956739,
regarding util-linux: PID persistent namespace broken
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
956739: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956739
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: util-linux
Version: 2.33.1-0.1
Severity: normal

Dear Maintainer,

   * What led up to the situation?

I tried using unshare and nsenter with the pid (and mount) persistent 
namespaces.
So I created new namespaces using unshare and tried to enter them using nsenter.

   * What exactly did you do (or not do) that was effective (or
     ineffective)?

Providing nsenter with the same persistent PID namespace file did not result in 
entering the same PID namespace.

console #1

 ~ # mount --make-private /
 ~ # touch /tmp/test-{pid,mnt}
 ~ # unshare --pid=/tmp/test-pid --mount=/tmp/test-mnt --fork --mount-proc
 ~ # ps faxu
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  1.0  0.0   9652  4876 pts/7    S    23:22   0:00 -bash
root         8  0.0  0.0  12156  3144 pts/7    R+   23:22   0:00 ps faxu
 ~ # mount
[all host mounts repeated here]
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
 ~ #

   * What was the outcome of this action?

console #2 (with console #1 still open)

 ~ # nsenter --mount=/tmp/test-mnt --pid=/tmp/test-pid
 / # ps faxu
Error, do this: mount -t proc proc /proc
 / # mount
  mount: failed to read mtab: Datei oder Verzeichnis nicht gefunden

console #3 (with console #1 + #2 still open)

~ # lsns --output-all -u
        NS TYPE   PATH               NPROCS   PID  PPID COMMAND                 
                                                               UID USER         
NETNSID NSFS
4026531835 cgroup /proc/1/ns/cgroup     420     1     0 /sbin/init noibrs 
noibpb nopti nospectre_v2 nospec_store_bypass_disable no_stf_barrier   0 root   
              
4026531836 pid    /proc/1/ns/pid        419     1     0 /sbin/init noibrs 
noibpb nopti nospectre_v2 nospec_store_bypass_disable no_stf_barrier   0 root   
              /tmp/test-pid
4026531837 user   /proc/1/ns/user       420     1     0 /sbin/init noibrs 
noibpb nopti nospectre_v2 nospec_store_bypass_disable no_stf_barrier   0 root   
              
4026531838 uts    /proc/1/ns/uts        420     1     0 /sbin/init noibrs 
noibpb nopti nospectre_v2 nospec_store_bypass_disable no_stf_barrier   0 root   
              
4026531839 ipc    /proc/1/ns/ipc        420     1     0 /sbin/init noibrs 
noibpb nopti nospectre_v2 nospec_store_bypass_disable no_stf_barrier   0 root   
              
4026531840 mnt    /proc/1/ns/mnt        395     1     0 /sbin/init noibrs 
noibpb nopti nospectre_v2 nospec_store_bypass_disable no_stf_barrier   0 root   
              
4026531860 mnt    /proc/50/ns/mnt         1    50     2 kdevtmpfs               
                                                                 0 root         
        
4026532000 net    /proc/1/ns/net        420     1     0 /sbin/init noibrs 
noibpb nopti nospectre_v2 nospec_store_bypass_disable no_stf_barrier   0 root   
   unassigned 
4026532199 mnt    /proc/436/ns/mnt        1   436     1 
/lib/systemd/systemd-udevd                                                      
         0 root                 
4026532209 mnt    /proc/718/ns/mnt        1   718     1 /usr/sbin/irqbalance 
--foreground                                                        0 root      
           
4026532361 mnt    /proc/17407/ns/mnt      4 17407 15596 unshare 
--pid=/tmp/test-pid --mount=/tmp/test-mnt --fork --mount-proc                   
 0 root                 /tmp/test-mnt
4026532362 pid    /proc/17409/ns/pid      1 17409 17407 -bash                   
                                                                 0 root         
        

~ # ps faxu
[excerpt]
root     17407  0.0  0.0   6772   756 pts/7    S    23:22   0:00  |           
\_ unshare --pid=/tmp/test-pid --mount=/tmp/test-mnt --fork --mount-proc
root     17409  0.0  0.0   9652  4876 pts/7    S+   23:22   0:00  |             
  \_ -bash

   * What outcome did you expect instead?

I expected nsenter to join the pid namespace given.
I expected /tmp/test-pid to not shared PID namespace with /init but instead 
with PID 17409.

This is probably due to the PID namespace not affecting the unshare main 
process after the unshare syscall, but only its child processes.
Therefore bind_ns_files_from_child should probably call bind_ns_files not with 
the parent (unshare process) process id but its child process id.
To fix it, instead of ns/pid, ns/pid_for_children could be used. Though, 
ns/pid_for_children is empty before the first child has been created, so 
unshare.c needs some more work than just replacing ns/pid with 
ns/pid_for_children.

-- System Information:
Debian Release: 10.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to de_DE.utf8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to de_DE.utf8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages util-linux depends on:
ii  fdisk          2.33.1-0.1
ii  libaudit1      1:2.8.4-3
ii  libblkid1      2.33.1-0.1
ii  libc6          2.28-10
ii  libcap-ng0     0.7.9-2
ii  libmount1      2.33.1-0.1
ii  libpam0g       1.3.1-5
ii  libselinux1    2.8-1+b1
ii  libsmartcols1  2.33.1-0.1
ii  libsystemd0    241-7~deb10u1
ii  libtinfo6      6.1+20181013-2+deb10u1
ii  libudev1       241-7~deb10u1
ii  libuuid1       2.33.1-0.1
ii  login          1:4.5-1.1
ii  zlib1g         1:1.2.11.dfsg-1

util-linux recommends no packages.

Versions of packages util-linux suggests:
pn  dosfstools          <none>
ii  kbd                 2.0.4-4
pn  util-linux-locales  <none>

-- debconf information:
  util-linux/noauto-with-nonzero-passnum:

--- End Message ---
--- Begin Message --- 
Source: util-linux
Source-Version: 2.36-1
Done: Chris Hofstaedtler <[email protected]>

We believe that the bug you reported is fixed in the latest version of
util-linux, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chris Hofstaedtler <[email protected]> (supplier of updated util-linux package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 23 Jul 2020 22:56:45 +0000
Source: util-linux
Architecture: source
Version: 2.36-1
Distribution: unstable
Urgency: medium
Maintainer: util-linux packagers <[email protected]>
Changed-By: Chris Hofstaedtler <[email protected]>
Closes: 879024 953065 956739 959783 963625
Changes:
 util-linux (2.36-1) unstable; urgency=medium
 .
   * New upstream release. (Closes: #956739, #959783, #953065, #879024)
     The new lsirq and irqtop tools are not installed for now, as without
     per-CPU data they do not seem mature at this time.
   * Use debhelper v13. (Closes: #963625)
Checksums-Sha1:
 52174b9301832a3c1f0d553c6d6c26942ff120b5 4323 util-linux_2.36-1.dsc
 cf99c3df18cf0a13033ec2d3d1a31587eba825d9 5242420 util-linux_2.36.orig.tar.xz
 6043380e843e8cd728fdc9abba76885a96559ab1 95172 util-linux_2.36-1.debian.tar.xz
 281e4aa2e9dc8f70316b862c4c96814de9f932b8 6608 
util-linux_2.36-1_source.buildinfo
Checksums-Sha256:
 6723048336450db0e2fdc5806aa8fef20c74eead01adced45467e88654ee32a7 4323 
util-linux_2.36-1.dsc
 9e4b1c67eb13b9b67feb32ae1dc0d50e08ce9e5d82e1cccd0ee771ad2fa9e0b1 5242420 
util-linux_2.36.orig.tar.xz
 13a28dbf69fa9d6975f9d61b3454245387817b994c1dd6a052a2d34422c64a04 95172 
util-linux_2.36-1.debian.tar.xz
 4a2467778602d0613003291b87d48c031c91eac3d249b4cb8d75696da29d85ff 6608 
util-linux_2.36-1_source.buildinfo
Files:
 af1018de19e40c782d8699e48cf4ddc0 4323 base required util-linux_2.36-1.dsc
 fe7c0f7e439f08970e462c9d44599903 5242420 base required 
util-linux_2.36.orig.tar.xz
 b5d3f5fd7235ab3b9f68579ca4f1d937 95172 base required 
util-linux_2.36-1.debian.tar.xz
 77b5091acfca108a21d6fa5dd0cade25 6608 base required 
util-linux_2.36-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAl8aHEIACgkQXBPW25MF
LgOwxg/+Kv8498MON8PCT3FO8Pjb2hiA8opwe6S5AsAAWO1M/D2n1p9cvXko4OHE
H6rgX8uN8R9WC8VqIYJYxgt6WKRpNWrFTNhVxPj59al++4vWFdhOvhP8nxnAaW1t
jSym5kPJrdohVueRqmTipa9oQBg04LTSNWRVNgt0+cBdl8KHmFz94lDmAOuVX6sv
wtaDDENOevo51PO0I6dA8hwIXouwEQesV09yu0x0O8BvgEGBW/Ep4hy0nqRojI5h
fI0SkV7ax+DpgKyJSW41ae5IlQ90jCrCPNOueciCDa9cl+YUW49I6ZGI6svpK4oj
fctw/8NTTX/xUHQUqfAQaQGfReoigPC1XircvWRwaKKvd+8SwC19B/zr4WBbTYwM
V4ZmvgeAoRlJgXQLevJFXsvtfMSnwV/kVubo820Q2egBtV46xtjotw7V15nvSsJY
Ut7hECIdIDq/QAwLHPaHQc2f7+wM+T4HycGBOtChSgE/tQJxpgXQkWWNrZ1vYXyz
axbedV9SUOdtG8IN4KnZo5BZvCzd/RGA3obP/lyJ1opx8vizFYQJgfb1/Psn7G/g
bEcnk0VsS52ypTyzVklK1LnD1tdhIVW5o8Ho0Dev94w06hsBttca7SVtAner/o6Z
yhSKeML1gADsBVtPc9RowKgpShZ5fo45UwhXOfOgTgfbJRSJh+I=
=hUtE
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to