[buildd-tools-devel] Bug#566879: Bug#566879: dchroot: does not work as root

Roger Leigh rleigh at codelibre.net
Wed Jan 27 09:23:33 UTC 2010 

On Tue, Jan 26, 2010 at 05:38:16PM +0100, Aurelien Jarno wrote:
> On Tue, Jan 26, 2010 at 11:43:53AM +0000, Roger Leigh wrote:
> > On Tue, Jan 26, 2010 at 01:35:50AM +0100, Aurelien Jarno wrote:
> > Does the same occur if you run schroot as root?
> 
> No schroot as root works fine.
> 
> | (gdb) bt
> | #0  0x00007fcdbea39e60 in __cxa_throw () from /usr/lib/libstdc++.so.6
> | #1  0x000000000049a972 in sbuild::auth_null::authenticate (this=<value optimized out>, auth_status=<value optimized out>) at ../../../sbuild/sbuild-auth-null.cc:103
> | #2  0x000000000047bb02 in sbuild::session::run (this=0x24f2370) at ../../../sbuild/sbuild-session.cc:503
> | #3  0x0000000000431560 in schroot::main_base::run_impl (this=0x7fffa20f6e10) at ../../../../bin/schroot/schroot-main-base.cc:311
> | #4  0x000000000042af47 in schroot_base::main::run (this=0x7fffa20f6e10, argc=<value optimized out>, argv=0x7fffa20f7018) at ../../../../bin/schroot-base/schroot-base-main.cc:115
> | #5  0x000000000041f969 in run<dchroot::options, dchroot::main> (argc=1, argv=0x7fffa20f7018) at ../../../../bin/schroot-base/schroot-base-run.h:69
> | #6  main (argc=1, argv=0x7fffa20f7018) at ../../../../bin/dchroot/dchroot.cc:43

Thanks for this and the logs; this pinpoints it exactly, and I've also
reproduced it myself (I wasn't seeing this because I had root in groups
and root-groups).  Doing the same will act as a temporary workaround
should you need it.

I just need to work out why it's trying user authentication in the first
place, then I should have a fix soon.

> BTW, I am still using dchroot because schroot is missing the possibility
> to run a command (it only allows an executable and its arguments). Is it
> planned to add this feature to schroot?

Not exactly, but it is possible to get the same behaviour.  dchroot
would concatenate /all/ non-option command-line arguments together
(separated by spaces) and then pass this to su(3).  This lets you run
shell commands easily, but at the cost of completely breaking quoting.

Due to the breakage, the schroot command and options are never
concatenated and are passed through to execve(2) unchanged, eliminating
quoting issues.  This is the reason we won't directly support the
dchroot method for running a command--it would just re-introduce the
breakage we worked hard to remove.

I would suggest running "schroot -c $chroot -- sh -c '$command'" to
run a shell command.  With the addition of "sh -c" and the quoting
around the command, it's functionally identical to dchroot.  This is,
in fact, just what dchroot does internally.

You could maybe do this with a wrapper script or shell alias, but then
again, dchroot is already such a wrapper.


Regards,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20100127/2ec8f907/attachment.pgp>

More information about the Buildd-tools-devel mailing list