Bug#841935: pbuilder: incorrect permissions on /dev/ptmx breaks openpty()

Simon McVittie smcv at debian.org
Mon Mar 6 11:23:07 UTC 2017


On Mon, 06 Mar 2017 at 09:32:22 +0000, Simon McVittie wrote:
> systemd-nspawn creates a pty outside the container, but then bind-mounts
> it onto /dev/console inside the container. Maybe that would be another
> possibility?

This seems to work fine. tty(1) prints "/dev/console", the same as it does
inside a systemd-nspawn container, and I can run screen.

The attached patch also corrects the cleanup code path to only try to
unmount /dev/ptmx if it is actually mounted, which was a bug in my
previous patch. This requires mountpoint(1), which was in initscripts
(transitively Essential via either sysvinit-core or systemd, and
Priority: required, but not itself Essential) in jessie; it moved to
util-linux (actually Essential) in stretch.

This might be more of a post-stretch feature, I don't know. I wanted
to make sure there was a patch available that would work with the
chroots where /dev/pts is a symlink, even if the debootstrap change is
reverted in the short term.

If you have an informed opinion on my proposed patch on #817236, please
respond there - I'm still hoping that one can be fixed before stretch.

On Mon, 06 Mar 2017 at 09:46:57 +0000, Thorsten Glaser wrote:
> Simon McVittie dixit:
> >Perhaps bind-mounting the host's /dev/pts and also the host's /dev/ptmx
> >would work? I'll try that.

That didn't work in at least some of the situations covered by my
debootstrap test-case (which is essentially just running
script -c 'cat /etc/debian_version' /dev/null inside various types of
chroot). Unfortunately I've lost track of which scenarios failed.

> I’m running sid ;) With chroots from sarge up to sid.
> 
> Thankfully, with “old and then upgraded” chroots, I have the
> proper device node instead of the symlink and have, so far,
> not seen any problems. (Manual package cleanup aside.)

I'm surprised by this. I would have expected that interactive use of
tty things inside pbuilder would have started failing when you upgraded
to a v4.7+ kernel, because the /dev/pts inside the chroot would no longer
be able to "see" the terminal that is on pbuilder's stdin.

If you do a `pbuilder login` (or use your failing-build hook) and run
tty(1) at the resulting prompt, what do you get?

I should point out that if your chroots are sufficiently old, and you
are operating via an "upgrade old chroots" model, then the chroots are
not as minimal as they should be (for instance init is no longer Essential
in stretch). However, you're using pbuilder and not sbuild, so you
have already accepted some risk of having your build environment not match
official buildds' build environments.

Regards,
    S
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-pbuilder-modules-Set-up-dev-ptmx-dev-pts-for-modern-.patch
Type: text/x-diff
Size: 4611 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pbuilder-maint/attachments/20170306/15ec35fd/attachment-0002.patch>


More information about the Pbuilder-maint mailing list