Bug 1811038

Summary: /usr/bin/mknod: cannot set permissions of '/dev/random': Operation not supported
Product: [Fedora] Fedora Reporter: Mohan Boddu <mboddu>
Component: coreutilsAssignee: Kamil Dudka <kdudka>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 33CC: admiller, flokli, jamartis, jarodwilson, kdudka, kevin, kzak, ooprala, ovasik, p, sebastian.kisela, sergio, svashisht, twaugh
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: coreutils-8.32-2.fc33 coreutils-8.32-3.fc32.1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1812895 1812897 (view as bug list) Environment:
Last Closed: 2021-02-02 09:56:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mohan Boddu 2020-03-06 13:43:13 UTC 
Description of problem:
coreutils-8.32-1 failed the rawhide compose today.

DEBUG util.py:598:  /usr/bin/mknod: cannot set permissions of '/dev/random': Operation not supported
DEBUG util.py:598:  command output:
DEBUG util.py:598:  /usr/bin/mknod: cannot set permissions of '/dev/random': Operation not supported
DEBUG util.py:598:  2020-03-06 06:06:21,843: command returned failure (1)
DEBUG util.py:598:  command returned failure (1)
DEBUG util.py:598:  2020-03-06 06:06:21,843: template command error in runtime-postinstall.tmpl:
DEBUG util.py:598:  template command error in runtime-postinstall.tmpl:
DEBUG util.py:598:  2020-03-06 06:06:21,843:   runcmd chroot /var/tmp/lorax/lorax.7xmi9p_a/installtree /usr/bin/mknod -m 666 /dev/random c 1 8
DEBUG util.py:598:    runcmd chroot /var/tmp/lorax/lorax.7xmi9p_a/installtree /usr/bin/mknod -m 666 /dev/random c 1 8
DEBUG util.py:598:  2020-03-06 06:06:21,845:   subprocess.CalledProcessError: Command '['chroot', '/var/tmp/lorax/lorax.7xmi9p_a/installtree', '/usr/bin/mknod', '-m', '666', '/dev/random', 'c', '1', '8']' returned non-zero exit status 1.
DEBUG util.py:598:    subprocess.CalledProcessError: Command '['chroot', '/var/tmp/lorax/lorax.7xmi9p_a/installtree', '/usr/bin/mknod', '-m', '666', '/dev/random', 'c', '1', '8']' returned non-zero exit status 1.
DEBUG util.py:598:  Traceback (most recent call last):
DEBUG util.py:598:    File "/usr/sbin/lorax", line 222, in <module>
DEBUG util.py:598:      main()
DEBUG util.py:598:    File "/usr/sbin/lorax", line 204, in main
DEBUG util.py:598:      lorax.run(dnfbase, opts.product, opts.version, opts.release,
DEBUG util.py:598:    File "/usr/lib/python3.8/site-packages/pylorax/__init__.py", line 283, in run
DEBUG util.py:598:      rb.postinstall()
DEBUG util.py:598:    File "/usr/lib/python3.8/site-packages/pylorax/treebuilder.py", line 145, in postinstall
DEBUG util.py:598:      self._runner.run("runtime-postinstall.tmpl", configdir=configdir_path)
DEBUG util.py:598:    File "/usr/lib/python3.8/site-packages/pylorax/ltmpl.py", line 149, in run
DEBUG util.py:598:      self._run(commands)
DEBUG util.py:598:    File "/usr/lib/python3.8/site-packages/pylorax/ltmpl.py", line 168, in _run
DEBUG util.py:598:      f(*args)
DEBUG util.py:598:    File "/usr/lib/python3.8/site-packages/pylorax/ltmpl.py", line 528, in runcmd
DEBUG util.py:598:      stdout = runcmd_output(cmd)
DEBUG util.py:598:    File "/usr/lib/python3.8/site-packages/pylorax/executils.py", line 349, in runcmd_output
DEBUG util.py:598:      return execWithCapture(cmd[0], cmd[1:], **kwargs)
DEBUG util.py:598:    File "/usr/lib/python3.8/site-packages/pylorax/executils.py", line 249, in execWithCapture
DEBUG util.py:598:      return _run_program(argv, stdin=stdin, root=root, log_output=log_output, filter_stderr=filter_stderr,
DEBUG util.py:598:    File "/usr/lib/python3.8/site-packages/pylorax/executils.py", line 203, in _run_program
DEBUG util.py:598:      raise subprocess.CalledProcessError(proc.returncode, argv, output)
DEBUG util.py:598:  subprocess.CalledProcessError: Command '['chroot', '/var/tmp/lorax/lorax.7xmi9p_a/installtree', '/usr/bin/mknod', '-m', '666', '/dev/random', 'c', '1', '8']' returned non-zero exit status 1.

koji rawhide failure task link : https://koji.fedoraproject.org/koji/taskinfo?taskID=42239572



Version-Release number of selected component (if applicable):
coreutils-8.32-1.fc33
Comment 1 Kamil Dudka 2020-03-06 14:08:19 UTC 
Does it work any better with an older build of coreutils?  Do we have some steps to reproduce the failure locally?
Comment 2 Kevin Fenzi 2020-03-06 15:56:57 UTC 
Well, it worked the day before. ;) We could untag that latest coreutils and run another compose and confirm that works?

As far as reproducers, this is livemedia-creator with the parameters in the koji task. I think /dev might be bind mounted in from the host in the chroot (which would explain why it cannot change perms, but not why it tries and fails).
Comment 3 Kamil Dudka 2020-03-06 16:19:33 UTC 
This is the only change in src/mknod.c upstream between 8.31 and 8.32:

https://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=v8.31-61-g04b136e29#patch10

It does not seem to be related...
Comment 4 Pádraig Brady 2020-03-06 16:35:30 UTC 
lchmod() has changed in gnulib quite fundamentally.
The strace diff between 8.31 and 8.32 is:

-mknod("random1", S_IFCHR|0666, makedev(0x1, 0x8)) = 0
-chmod("random1", 0666)                  = 0
+mknod("random2", S_IFCHR|0666, makedev(0x1, 0x8)) = 0
+openat(AT_FDCWD, "random2", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 3
+newfstatat(3, "", {st_mode=S_IFCHR|0644, st_rdev=makedev(0x1, 0x8), ...}, AT_EMPTY_PATH) = 0
+chmod("/proc/self/fd/3", 0666)          = 0
+close(3)                                = 0

I would report this to bug-gnulib and cc Florian Weimer as this looks related:
https://www.sourceware.org/ml/libc-alpha/2020-02/msg00534.html

For lchmod changes see:
https://www.sourceware.org/ml/libc-alpha/2020-02/msg00534.html
Comment 5 Kamil Dudka 2020-03-06 16:50:12 UTC 
Thank you for pointing it out, Pádraig!  The mentioned change looks indeed related.
Comment 6 Kevin Fenzi 2020-03-07 18:43:54 UTC 
I'm going to untag coreutils-8.32-1.fc33 for now so we can get a rawhide out. Let me know if you need it tagged back for some reason.
Comment 7 Kamil Dudka 2020-03-09 14:02:15 UTC 
Kevin, could you please check that there is a working /proc mounted in the chroot when it fails?
Comment 8 Pádraig Brady 2020-03-09 16:46:47 UTC 
It would be great to get an strace if possible.

I'll mention this issue now on the upstream patch...
Comment 9 Kamil Dudka 2020-03-09 22:45:05 UTC 
I can reproduce it locally now.  It is sufficient to have a chroot where /proc is not mounted and a build of coreutils where the compile-time check `fchmodat+AT_SYMLINK_NOFOLLOW works on non-symlinks` evaluates to yes.  I will be able to share some details tomorrow hopefully.
Comment 10 Kevin Fenzi 2020-03-09 23:21:14 UTC 
Sorry for not getting back with more info sooner. Glad you are able to reproduce it.
Comment 11 Kamil Dudka 2020-03-10 14:33:08 UTC 
Minimal example:

# yum install -y \
    https://kojipkgs.fedoraproject.org/packages/coreutils/8.32/1.fc33/x86_64/coreutils-8.32-1.fc33.x86_64.rpm \
    https://kojipkgs.fedoraproject.org/packages/coreutils/8.32/1.fc33/x86_64/coreutils-common-8.32-1.fc33.x86_64.rpm

# mkdir -p /var/tmp/chroot/{bin,dev,lib64,proc}
# cp -L /lib64/{ld-linux-x86-64.so.2,libselinux.so.1,libc.so.6,libpcre2-8.so.0,libdl.so.2,libpthread.so.0} /var/tmp/chroot/lib64
# cp /bin/mknod /var/tmp/chroot/bin
# chroot /var/tmp/chroot /bin/mknod /dev/random -m0666 c 1 8
/bin/mknod: cannot set permissions of '/dev/random': Operation not supported
# echo $?
1

# rm -fv /var/tmp/chroot/dev/random 
removed '/var/tmp/chroot/dev/random'

# strace chroot /var/tmp/chroot /bin/mknod /dev/random -m0666 c 1 8
[...]
umask(000)                              = 022
umask(022)                              = 000
mknod("/dev/random", S_IFCHR|0666, makedev(0x1, 0x8)) = 0
openat(AT_FDCWD, "/dev/random", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 3
newfstatat(3, "", {st_mode=S_IFCHR|0644, st_rdev=makedev(0x1, 0x8), ...}, AT_EMPTY_PATH) = 0
chmod("/proc/self/fd/3", 0666)          = -1 ENOENT (No such file or directory)
close(3)                                = 0
write(2, "/bin/mknod: ", 12/bin/mknod: )            = 12
write(2, "cannot set permissions of '/dev/"..., 39cannot set permissions of '/dev/random') = 39
write(2, ": Operation not supported", 25: Operation not supported) = 25
write(2, "\n", 1
)                       = 1
close(1)                                = 0
close(2)                                = 0
exit_group(1)                           = ?

# rm -fv /var/tmp/chroot/dev/random 
removed '/var/tmp/chroot/dev/random'
# mount -t proc proc /var/tmp/chroot/proc
# strace chroot /var/tmp/chroot /bin/mknod /dev/random -m0666 c 1 8
umask(000)                              = 022
umask(022)                              = 000
mknod("/dev/random", S_IFCHR|0666, makedev(0x1, 0x8)) = 0
openat(AT_FDCWD, "/dev/random", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 3
newfstatat(3, "", {st_mode=S_IFCHR|0644, st_rdev=makedev(0x1, 0x8), ...}, AT_EMPTY_PATH) = 0
chmod("/proc/self/fd/3", 0666)          = 0
close(3)                                = 0
close(1)                                = 0
close(2)                                = 0
exit_group(0)                           = ?
Comment 12 Kamil Dudka 2020-03-10 16:35:36 UTC 
It turns out that the observed behavior is caused by the implementation of lchmod() in glibc.  A pure rebuild of coreutils-8.31-10.fc32 on a rawhide system triggers the same bug.
Comment 13 Pádraig Brady 2020-03-10 19:29:00 UTC 
You can force the gnulib implementation of lchmod with `configure ac_cv_func_lchmod=no`.
That implementation in 8.32 is similar to the glibc implementation,
but it also falls back to chmod() without /proc,
and so does not have this problem.
Comment 14 Kamil Dudka 2020-03-11 11:05:43 UTC 
Thanks!  I will use it as a workaround until the issue is resolved upstream.
Comment 15 Kamil Dudka 2020-03-11 12:23:55 UTC 
dist-git commit: https://src.fedoraproject.org/rpms/coreutils/c/acfa9e81
Comment 16 Kamil Dudka 2020-03-12 13:02:14 UTC 
I have pushed a downstream change for now to avoid breakage of existing software.  On the other hand, coreutils/gnulib/glibc upstream developers are not going to fix this anytime soon.  So the long term fix needs to go to lorax: it needs to mount a proc file system on /var/tmp/lorax/lorax.7xmi9p_a/installtree/proc before running mknod in the chroot.
Comment 17 Fedora Update System 2020-03-12 18:49:44 UTC 
coreutils-8.32-3.fc32 has been pushed to the Fedora 32 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-17c2561434
Comment 18 Florian Klink 2020-04-29 13:46:29 UTC 
We saw something similar in NixOS, which runs builds in a sandbox.

In our findings, it seems however something in between _binutils_ 2.31.1 and 2.34 caused this bug, not glibc.

We can individually build certain package bumps, and it was certainly one of the binutils bumps introducing the necessity to the `ac_cv_func_lchmod=no` configure hack in coreutils to unbreak it, but after building more, realized other packages needed these fixes as well, like rsync (which caused our linux kernel builds to fail) - see https://github.com/NixOS/nixpkgs/pull/85951#issuecomment-621199816.

Are you sure this is a problem in glibc, and not binutils? Has there been any discussion with upstream about that?
Comment 19 Kamil Dudka 2020-04-29 14:16:13 UTC 
I am not sure about other packages but for coreutils it was really the change in glibc what introduced this bug.  It started to provide its own lchmod() implemetation at some point and the implementation relies on /proc being properly mounted.  If you need to make things work again without rebuilding anything, just make sure that a proc filesystem is mounted on /proc each time you directly or indirectly use glibc's implementation of lchmod().  I cannot see how binutils could ever be related to this bug.
Comment 20 Kamil Dudka 2020-04-29 14:25:00 UTC 
(In reply to Florian Klink from comment #18)
> Has there been any discussion with upstream about that?

Yes.  As I understand it, coreutils/glibc/gnulib upstream developers are not going to fix it until there is an appropriate syscall available in Linux kernel:

https://lists.gnu.org/archive/html/bug-gnulib/2020-03/msg00028.html
https://lists.gnu.org/archive/html/bug-gnulib/2020-03/msg00031.html
Comment 21 Florian Klink 2020-04-29 14:45:18 UTC 
At least here, moving from binutils 2.33.1 to 2.34 (https://github.com/NixOS/nixpkgs/pull/85951/commits/efdb29597a76c526dc0d9a55f8adf2ec5c33b0ee) is what's needed to reliably break the coreutils test suite (more context in the comment thread at https://github.com/NixOS/nixpkgs/pull/85951).

We have been on glibc 2.30 before and after this commit, and there's definitely no other glibc available inside the whole build environment.

Thanks for the pointers to the ML - I'll need to dive into how our /proc looks like inside the build sandbox (https://github.com/NixOS/nix/blob/master/src/libstore/build.cc#L3198) - there's also some seccomp magic involved (https://github.com/NixOS/nix/blob/master/src/libstore/build.cc#L2978), and how these could cause the weird behaviour I'm seeing now.
Comment 22 Ben Cotton 2020-08-11 13:13:04 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 33 development cycle.
Changing version to 33.