Quoting Johannes Schauer Marin Rodrigues (2021-09-08 13:59:02) > since the upload of glibc 2.32 to unstable, adduser under fakechroot > fails because it is not wrapping some library call and thus read the > system's /etc/passwd instead of the chroot's. > > Some bits from strace output:
I managed to create a more minimal reproducer for this problem:
$ perl -e 'print getpwnam("_apt")'
This is with glibc 2.31:
[pid 3889] getcwd("/tmp/chroot", 4096) = 12
[pid 3889] openat(AT_FDCWD, "/tmp/chroot/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
[pid 3889] lseek(3, 0, SEEK_CUR) = 0
[pid 3889] fstat(3, {st_mode=S_IFREG|0644, st_size=922, ...}) = 0
[pid 3889] read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 922
[pid 3889] close(3) = 0
[pid 3889] getcwd("/tmp/chroot", 4096) = 12
[pid 3889] openat(AT_FDCWD, "/tmp/chroot/etc/shadow", O_RDONLY|O_CLOEXEC) = 3
[pid 3889] lseek(3, 0, SEEK_CUR) = 0
[pid 3889] fstat(3, {st_mode=S_IFREG|0640, st_size=501, ...}) = 0
[pid 3889] read(3, "root:*:18878:0:99999:7:::\ndaemon"..., 4096) = 501
[pid 3889] close(3) = 0
And this is with glibc 2.32:
[pid 2372761] openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
[pid 2372761] fstat(3, {st_mode=S_IFREG|0644, st_size=2902, ...}) = 0
[pid 2372761] lseek(3, 0, SEEK_SET) = 0
[pid 2372761] read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2902
[pid 2372761] close(3) = 0
[pid 2372761] openat(AT_FDCWD, "/etc/shadow", O_RDONLY|O_CLOEXEC) = -1 EACCES
(Permission denied)
Curiously, with old glibc, there is an additional getcwd call before the
openat...
signature.asc
Description: signature
