Quoting Johannes Schauer Marin Rodrigues (2021-09-08 13:59:02) > since the upload of glibc 2.32 to unstable, adduser under fakechroot > fails because it is not wrapping some library call and thus read the > system's /etc/passwd instead of the chroot's. > > Some bits from strace output:
I managed to create a more minimal reproducer for this problem: $ perl -e 'print getpwnam("_apt")' This is with glibc 2.31: [pid 3889] getcwd("/tmp/chroot", 4096) = 12 [pid 3889] openat(AT_FDCWD, "/tmp/chroot/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 [pid 3889] lseek(3, 0, SEEK_CUR) = 0 [pid 3889] fstat(3, {st_mode=S_IFREG|0644, st_size=922, ...}) = 0 [pid 3889] read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 922 [pid 3889] close(3) = 0 [pid 3889] getcwd("/tmp/chroot", 4096) = 12 [pid 3889] openat(AT_FDCWD, "/tmp/chroot/etc/shadow", O_RDONLY|O_CLOEXEC) = 3 [pid 3889] lseek(3, 0, SEEK_CUR) = 0 [pid 3889] fstat(3, {st_mode=S_IFREG|0640, st_size=501, ...}) = 0 [pid 3889] read(3, "root:*:18878:0:99999:7:::\ndaemon"..., 4096) = 501 [pid 3889] close(3) = 0 And this is with glibc 2.32: [pid 2372761] openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 [pid 2372761] fstat(3, {st_mode=S_IFREG|0644, st_size=2902, ...}) = 0 [pid 2372761] lseek(3, 0, SEEK_SET) = 0 [pid 2372761] read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2902 [pid 2372761] close(3) = 0 [pid 2372761] openat(AT_FDCWD, "/etc/shadow", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied) Curiously, with old glibc, there is an additional getcwd call before the openat...
signature.asc
Description: signature