[buildd-tools-devel] Bug#619002: Bug#619002: sbuild-update: doesn't work anymore: You do not have permission to access the schroot service

Roger Leigh rleigh at codelibre.net
Sun Mar 20 21:41:41 UTC 2011 

On Sun, Mar 20, 2011 at 12:52:02PM +0100, Jakub Wilk wrote:
> Package: sbuild
> Version: 0.62.0-1
> Severity: normal
> 
> sbuild-update doesn't work anymore after upgrade from 0.61.0-1:
> 
> # cat /etc/schroot/chroot.d/unstable-i386.conf
> [unstable-i386]
> personality=linux32
> type=directory
> description=Debian unstable (i386)
> directory=/srv/chroots/unstable-i386/
> groups=root,sbuild,staff
> root-groups=root,sbuild
> source-groups=root
> aliases=default,unstable
> union-type=aufs
> 
> # whoami
> root
> 
> # schroot -c source:unstable apt-get update
> Hit http://ftp.pl.debian.org unstable InRelease
> Hit http://ftp.pl.debian.org unstable/main i386 Packages/DiffIndex
> Hit http://ftp.pl.debian.org unstable/main TranslationIndex
> Reading package lists... Done
> 
> # sbuild-update -u source:unstable
> E: Access not authorised
> I: You do not have permission to access the schroot service.
> I: This failure will be reported.
> Chroot setup failed
> Error setting up source:unstable chroot
> Chroot setup failed at /usr/bin/sbuild-update line 166.

Group sbuild is not in source-root-groups, and you're using a
filesystem union which requires it.

This configuration was previously working, but not entirely correct.
With 0.62.0, the privilege separation means the 'sbuild' user is used
to run schroot, and this required group sbuild to be in root-groups
and source-root-groups.  If you were running sbuild-update as a normal
user in group sbuild, you would probably have already hit the issue.

This is, I think, the problem you are seeing.  Please let me know if
this assessment is correct (or not).


Thanks,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20110320/0206ce42/attachment-0001.pgp>

More information about the Buildd-tools-devel mailing list