subject:"Bug#856877\: schroot\: Please mount a new instance of \/dev\/pts"

Bug#856877: Bug#983423: Bug#856877: schroot: Please mount a new instance of /dev/pts

2023-08-19 Thread Christoph Biedl

Simon McVittie wrote...

> 2½ years later, updating a debootstrap merge request reminded me that this
> is unresolved. I see schroot now has a new maintainer and a new upstream:
> please consider applying the patch proposed here to set up a working
> /dev/ptmx and /dev/console in more situations.

Thanks, I'll have a look into that.

> I don't currently have a codeberg account set up, so I haven't proposed
> this at the new upstream yet. I'll try to do that and mark this bug as
> forwarded.

That wouldn't be necessary as it's the same people anyway.

Christoph


signature.asc
Description: PGP signature

Bug#983423: Bug#856877: schroot: Please mount a new instance of /dev/pts

2023-08-19 Thread Simon McVittie

On Wed, 24 Feb 2021 at 00:47:46 +, Simon McVittie wrote:
> On Sun, 05 Mar 2017 at 19:23:40 +, Simon McVittie wrote:
> > [the change proposed here] makes script(1) work inside "schroot --sbuild"
> > inside a LXC
> > container on a Debian jessie kernel. Previously, that would have failed.
> 
> On Tue, 23 Feb 2021 at 23:55:07 +, Simon McVittie wrote:
> > schroot: Default profile doesn't provide a working /dev/ptmx inside lxc >= 3
> ...
> > The same patch I proposed in 2017 for #856877 resolves this, setting
> > up a working /dev/ptmx.  Under lxc 2 it's a symlink to /dev/ptx/ptmx,
> > and under lxc >= 3 it's a device node.
> >¯
> > Under lxc 4, that patch also provides a working /dev/console.
> 
> Here's the patch I proposed in 2017, with an updated commit message.
> 
> Also available as a merge request:
> https://salsa.debian.org/debian/schroot/-/merge_requests/2

2½ years later, updating a debootstrap merge request reminded me that this
is unresolved. I see schroot now has a new maintainer and a new upstream:
please consider applying the patch proposed here to set up a working
/dev/ptmx and /dev/console in more situations.

I don't currently have a codeberg account set up, so I haven't proposed
this at the new upstream yet. I'll try to do that and mark this bug as
forwarded.

Thanks,
smcv

Bug#856877: schroot: Please mount a new instance of /dev/pts

2021-02-23 Thread Simon McVittie

On Sun, 05 Mar 2017 at 19:23:40 +, Simon McVittie wrote:
> the preferred way to
> set up /dev/pts inside containers in recent kernels is to mount a new
> instance of the devpts filesystem on /dev/pts
...
> In particular, this would make the chroots created by debootstrap
> versions 1.0.76 to 1.0.88 (inclusive) work as expected.
...
> A nice side-effect of this change, which I discovered while testing a
> cut-down version of the same code in a new debootstrap autopkgtest, is
> that it makes script(1) work inside "schroot --sbuild" inside a LXC
> container on a Debian jessie kernel. Previously, that would have failed.

On Tue, 23 Feb 2021 at 23:55:07 +, Simon McVittie wrote:
> schroot: Default profile doesn't provide a working /dev/ptmx inside lxc >= 3
...
> The same patch I proposed in 2017 for #856877 resolves this, setting
> up a working /dev/ptmx.  Under lxc 2 it's a symlink to /dev/ptx/ptmx,
> and under lxc >= 3 it's a device node.
>¯
> Under lxc 4, that patch also provides a working /dev/console.

Here's the patch I proposed in 2017, with an updated commit message.

Also available as a merge request:
https://salsa.debian.org/debian/schroot/-/merge_requests/2

smcv
From: Simon McVittie 
Date: Mon, 20 Feb 2017 10:43:24 +
Subject: Mount a new instance of /dev/pts in the chroot

This avoids various failure modes when schroot is run inside some other
container manager, such as lxc, most commonly manifesting as inability
to run programs that create pseudo-terminals such as script(1).

Mounting a new instance of devpts is considered to be
best-practice for container managers in Linux >= v2.6.29 with
CONFIG_DEVPTS_MULTIPLE_INSTANCES=y. That config option was made
unconditional in v4.7.

This has some assumptions, which cannot be avoided if we are going to
mount /dev/pts using schroot's fstab:

* If the kernel is older than v4.7, it is assumed to be v2.6.29 or
  later with CONFIG_DEVPTS_MULTIPLE_INSTANCES=y. Users of older kernels,
  or intermediate versions with CONFIG_DEVPTS_MULTIPLE_INSTANCES=n,
  can revert this change via /etc.

* gid 5 must be the right owner for ptys. This is correct for Debian
  (it's the hard-coded tty group specified in base-passwd) and probably
  many other distributions (it's systemd's configure-time default) but
  not necessarily correct everywhere. However, if the host system and the
  chroot disagree on the right gid, schroot's previous behaviour would
  have been wrong anyway, because it bind-mounted the host's /dev/pts.

* /dev/ptmx inside the chroot must be either a real device node (as
  created by debootstrap < 1.0.76, and debootstrap >= 1.0.89 if possible)
  or a symlink to pts/ptmx (as created by debootstrap between 1.0.76 and
  1.0.88 inclusive, and by debootstrap >= 1.0.89 if run in a container
  whose seccomp rules do not allow it to create the device node, such
  as systemd-nspawn).

Bind-mounting /dev/pts/ptmx over /dev/ptmx, so that we get the
new instance's /dev/ptmx equivalent instead of the host's, can only
be done from code, so I have done it in the 10mount hook instead of
in the fstab.

To keep the host system terminal on which we were invoked (which might
itself be a pty, from a different instance of /dev/pts) available to
the chroot, bind-mount it onto /dev/console. This is the same trick
used in the lxc and systemd-nspawn Linux container managers.

Bug-Debian: https://bugs.debian.org/856877
Bug-Debian: https://bugs.debian.org/983423
Signed-off-by: Simon McVittie 
---
 etc/profile-templates/buildd/linux/fstab  |  2 +-
 etc/profile-templates/default/linux/fstab |  2 +-
 etc/profile-templates/desktop/linux/fstab |  2 +-
 etc/profile-templates/sbuild/linux/fstab  |  2 +-
 etc/setup.d/10mount   | 27 +++
 5 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/etc/profile-templates/buildd/linux/fstab b/etc/profile-templates/buildd/linux/fstab
index 26efe88..f2f6136 100644
--- a/etc/profile-templates/buildd/linux/fstab
+++ b/etc/profile-templates/buildd/linux/fstab
@@ -1,4 +1,4 @@
-/dev/pts/dev/ptsnonerw,bind 0   0
+/dev/pts/dev/ptsdevpts  rw,newinstance,ptmxmode=666,mode=620,gid=5 0 0
 tmpfs   /dev/shmtmpfs   defaults0   0
 # Mount a large scratch space for the build, so we don't use up
 # space on an LVM snapshot of the chroot itself.
diff --git a/etc/profile-templates/default/linux/fstab b/etc/profile-templates/default/linux/fstab
index 777f0ed..181ed80 100644
--- a/etc/profile-templates/default/linux/fstab
+++ b/etc/profile-templates/default/linux/fstab
@@ -1,5 +1,5 @@
 /dev/devnonerw,bind 0   0
-/dev/pts/dev/ptsnonerw,bind 0   0
+/dev/pts/dev/ptsdevpts  rw,newinstance,ptmxmode=666,mode=620,gid=5 0 0
 /home   /home   nonerw,bind 0   0
 /tmp/tmpnonerw,bind 0   0

Bug#856877: Bug#983423: Bug#856877: schroot: Please mount a new instance of /dev/pts

Bug#983423: Bug#856877: schroot: Please mount a new instance of /dev/pts

Bug#856877: schroot: Please mount a new instance of /dev/pts

3 matches

Site Navigation

Mail list logo

Footer information