Red Hat Bugzilla – Bug 1280029
libguestfs can run commands with stdin not open (or worse still, connected to arbitrary guest-chosen random devices)
Last modified: 2016-02-11 08:32:45 EST
Description of problem ---------------------- Attempting to build a Fedora 23 image and updating its packages results in `dnf update -y` failing with an AttributeError[1]. [...] File "/usr/lib/python3.4/site-packages/dnf/cli/cli.py", line 251, in gpgsigcheck if not sys.stdin.isatty() and not ay: AttributeError: 'NoneType' object has no attribute 'isatty' [...] This seems like a `dnf` bug. I'm filing it here since I noticed it in the context of `virt-builder` (and a regular `dnf update -y` on the host system works just fine.) Version ------- $ uname -r 4.2.5-300.fc23.x86_64 $ rpm -q libguestfs-tools-c qemu-system-x86 libvirt-daemon-kvm dnf libguestfs-tools-c-1.30.4-1.fc23.x86_64 qemu-system-x86-2.4.1-1.fc23.x86_64 libvirt-daemon-kvm-1.2.18.1-2.fc23.x86_64 dnf-1.1.3-1.fc23.noarch How reproducible: Consistently. Steps to reproduce ------------------ Just invoke this command. $ virt-builder fedora-23 -o f23vm1.qcow2 --format qcow2 --update --selinux-relabel --size 40G Actual Results -------------- $ virt-builder fedora-23 -o f23vm1.qcow2 --format qcow2 --update --selinux-relabel --size 40G [ 1.5] Downloading: http://libguestfs.org/download/builder/fedora-23.xz ######################################################################## 100.0% [ 494.9] Planning how to build this image [ 494.9] Uncompressing [ 500.0] Resizing (using virt-resize) to expand the disk to 40.0G [ 528.1] Opening the new disk [ 545.2] Setting a random seed [ 545.2] Updating core packages [. . .] Delta RPMs reduced 93.7 MB of updates to 54.7 MB (41.1% saved) warning: /var/cache/dnf/updates-e042e478e0621ea6/packages/kernel-4.2.5-300.fc23.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 34ec9cba: NOKEY The downloaded packages were saved in cache till the next successful transaction. You can remove cached packages by executing 'dnf clean packages'. Traceback (most recent call last): File "/bin/dnf", line 35, in <module> main.user_main(sys.argv[1:], exit_code=True) File "/usr/lib/python3.4/site-packages/dnf/cli/main.py", line 198, in user_main errcode = main(args) File "/usr/lib/python3.4/site-packages/dnf/cli/main.py", line 84, in main return _main(base, args) File "/usr/lib/python3.4/site-packages/dnf/cli/main.py", line 144, in _main ret = resolving(cli, base) File "/usr/lib/python3.4/site-packages/dnf/cli/main.py", line 173, in resolving base.do_transaction(display=displays) File "/usr/lib/python3.4/site-packages/dnf/cli/cli.py", line 220, in do_transaction self.gpgsigcheck(downloadpkgs) File "/usr/lib/python3.4/site-packages/dnf/cli/cli.py", line 251, in gpgsigcheck if not sys.stdin.isatty() and not ay: AttributeError: 'NoneType' object has no attribute 'isatty' virt-builder: no 'uri' entry for 'rhel' in /etc/xdg/virt-builder/repos.d/rhel.conf, skipping it virt-builder: error: dnf -y update: command exited with an error If reporting bugs, run virt-builder with debugging enabled and include the complete output: virt-builder -v -x [...] Expected results ---------------- `virt-builder --update [...]` should complete successfully. Additional information ---------------------- - A regular `dnf update -y` on the host system itself works just fine. - Simple image building (without '--update') works fine as well: $ virt-builder fedora-23 -o f23vm2.qcow2 --format qcow2 [1] https://docs.python.org/2/library/exceptions.html#exceptions.AttributeError
The minimal reproducer is just: $ virt-builder fedora-23 --update I can reproduce this with virt-builder 1.31.24. I feel justified in saying this is a dnf bug. It shouldn't use sys.stdin.isatty without checking that sys.stdin != None. https://bugzilla.redhat.com/show_bug.cgi?id=1280034 However there is also a bug in libguestfs! It turns out when running external commands, we do: chroot ("/sysroot"); close (0); open ("/dev/null"); /* opens as stdin */ execlp ("dnf", "dnf", "update", NULL); Unfortunately if /dev/null doesn't exist inside the guest chroot, this means that fd 0 will not be connected to anything.
I was going to say this is a security hole, but since the 'dnf' command is already under the control of the guest, it doesn't seem to be.
*** Bug 1280288 has been marked as a duplicate of this bug. ***
*** Bug 1280290 has been marked as a duplicate of this bug. ***
Patch posted: https://www.redhat.com/archives/libguestfs/2015-November/msg00168.html
Fixed with https://github.com/libguestfs/libguestfs/commit/fd2f175ee79d29df101d353e2f380db27b19553a which is in libguestfs >= 1.31.28.
Can we please have the fix backported to stable releases too? We (QA) really need either this fix or the DNF fix in F23, it's screwing with our ability to produce images for openQA testing.
(In reply to awilliam@redhat.com from comment #7) > Can we please have the fix backported to stable releases too? We (QA) really > need either this fix or the DNF fix in F23, it's screwing with our ability > to produce images for openQA testing. We had a screw-up with libguestfs 1.30.5 which is going to take a bit of time to fix and go through testing (bug 1285847). Can we fix dnf instead? It looks as if your patch for dnf was accepted upstream.
yeah, DNF sent an update out today - hopefully that one will work.
rwmj: won't you have to re-generate the virt-builder 'template' image to include the updated DNF?
Hmm, that is indeed true. Let's put reassign this bug to Fedora to fix libguestfs instead.
Couple of builds running here which, if they complete, should contain this fix: http://koji.fedoraproject.org/koji/taskinfo?taskID=11995814 (f23) http://koji.fedoraproject.org/koji/taskinfo?taskID=11995817 (f22)
both failed on x86_64.
Stupid patch program doesn't set the executable bit on new files.
libguestfs-1.30.5-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-943e9fb63b
libguestfs-1.30.5-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-1bf4cbf156
libguestfs-1.30.5-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update libguestfs' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-1bf4cbf156
libguestfs-1.30.5-2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update libguestfs' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-943e9fb63b
*** Bug 1286996 has been marked as a duplicate of this bug. ***
A new virt-builder Fedora 23 image has been uploaded that includes dnf-1.1.4-2.fc23. https://github.com/libguestfs/libguestfs/commit/59ea51d358e4e4d8c8ef6535760fcfc9bfe0a3a3
libguestfs-1.30.5-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
libguestfs-1.30.5-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.