1811038 – /usr/bin/mknod: cannot set permissions of '/dev/random': Operation not supported

Bug 1811038 - /usr/bin/mknod: cannot set permissions of '/dev/random': Operation not supported

Summary: /usr/bin/mknod: cannot set permissions of '/dev/random': Operation not supported

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	coreutils
Sub Component:
Version:	33
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Kamil Dudka
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-03-06 13:43 UTC by Mohan Boddu
Modified:	2021-02-16 19:39 UTC (History)
CC List:	14 users (show)
Fixed In Version:	coreutils-8.32-2.fc33 coreutils-8.32-3.fc32.1
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1812895 1812897 (view as bug list)
Environment:
Last Closed:	2021-02-02 09:56:06 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Mohan Boddu 2020-03-06 13:43:13 UTC

Description of problem:
coreutils-8.32-1 failed the rawhide compose today.

DEBUG util.py:598:  /usr/bin/mknod: cannot set permissions of '/dev/random': Operation not supported
DEBUG util.py:598:  command output:
DEBUG util.py:598:  /usr/bin/mknod: cannot set permissions of '/dev/random': Operation not supported
DEBUG util.py:598:  2020-03-06 06:06:21,843: command returned failure (1)
DEBUG util.py:598:  command returned failure (1)
DEBUG util.py:598:  2020-03-06 06:06:21,843: template command error in runtime-postinstall.tmpl:
DEBUG util.py:598:  template command error in runtime-postinstall.tmpl:
DEBUG util.py:598:  2020-03-06 06:06:21,843:   runcmd chroot /var/tmp/lorax/lorax.7xmi9p_a/installtree /usr/bin/mknod -m 666 /dev/random c 1 8
DEBUG util.py:598:    runcmd chroot /var/tmp/lorax/lorax.7xmi9p_a/installtree /usr/bin/mknod -m 666 /dev/random c 1 8
DEBUG util.py:598:  2020-03-06 06:06:21,845:   subprocess.CalledProcessError: Command '['chroot', '/var/tmp/lorax/lorax.7xmi9p_a/installtree', '/usr/bin/mknod', '-m', '666', '/dev/random', 'c', '1', '8']' returned non-zero exit status 1.
DEBUG util.py:598:    subprocess.CalledProcessError: Command '['chroot', '/var/tmp/lorax/lorax.7xmi9p_a/installtree', '/usr/bin/mknod', '-m', '666', '/dev/random', 'c', '1', '8']' returned non-zero exit status 1.
DEBUG util.py:598:  Traceback (most recent call last):
DEBUG util.py:598:    File "/usr/sbin/lorax", line 222, in <module>
DEBUG util.py:598:      main()
DEBUG util.py:598:    File "/usr/sbin/lorax", line 204, in main
DEBUG util.py:598:      lorax.run(dnfbase, opts.product, opts.version, opts.release,
DEBUG util.py:598:    File "/usr/lib/python3.8/site-packages/pylorax/__init__.py", line 283, in run
DEBUG util.py:598:      rb.postinstall()
DEBUG util.py:598:    File "/usr/lib/python3.8/site-packages/pylorax/treebuilder.py", line 145, in postinstall
DEBUG util.py:598:      self._runner.run("runtime-postinstall.tmpl", configdir=configdir_path)
DEBUG util.py:598:    File "/usr/lib/python3.8/site-packages/pylorax/ltmpl.py", line 149, in run
DEBUG util.py:598:      self._run(commands)
DEBUG util.py:598:    File "/usr/lib/python3.8/site-packages/pylorax/ltmpl.py", line 168, in _run
DEBUG util.py:598:      f(*args)
DEBUG util.py:598:    File "/usr/lib/python3.8/site-packages/pylorax/ltmpl.py", line 528, in runcmd
DEBUG util.py:598:      stdout = runcmd_output(cmd)
DEBUG util.py:598:    File "/usr/lib/python3.8/site-packages/pylorax/executils.py", line 349, in runcmd_output
DEBUG util.py:598:      return execWithCapture(cmd[0], cmd[1:], **kwargs)
DEBUG util.py:598:    File "/usr/lib/python3.8/site-packages/pylorax/executils.py", line 249, in execWithCapture
DEBUG util.py:598:      return _run_program(argv, stdin=stdin, root=root, log_output=log_output, filter_stderr=filter_stderr,
DEBUG util.py:598:    File "/usr/lib/python3.8/site-packages/pylorax/executils.py", line 203, in _run_program
DEBUG util.py:598:      raise subprocess.CalledProcessError(proc.returncode, argv, output)
DEBUG util.py:598:  subprocess.CalledProcessError: Command '['chroot', '/var/tmp/lorax/lorax.7xmi9p_a/installtree', '/usr/bin/mknod', '-m', '666', '/dev/random', 'c', '1', '8']' returned non-zero exit status 1.

koji rawhide failure task link : https://koji.fedoraproject.org/koji/taskinfo?taskID=42239572



Version-Release number of selected component (if applicable):
coreutils-8.32-1.fc33

Comment 1 Kamil Dudka 2020-03-06 14:08:19 UTC

Does it work any better with an older build of coreutils?  Do we have some steps to reproduce the failure locally?

Comment 2 Kevin Fenzi 2020-03-06 15:56:57 UTC

Well, it worked the day before. ;) We could untag that latest coreutils and run another compose and confirm that works?

As far as reproducers, this is livemedia-creator with the parameters in the koji task. I think /dev might be bind mounted in from the host in the chroot (which would explain why it cannot change perms, but not why it tries and fails).

Comment 3 Kamil Dudka 2020-03-06 16:19:33 UTC

This is the only change in src/mknod.c upstream between 8.31 and 8.32:

https://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=v8.31-61-g04b136e29#patch10

It does not seem to be related...

Comment 4 Pádraig Brady 2020-03-06 16:35:30 UTC

lchmod() has changed in gnulib quite fundamentally.
The strace diff between 8.31 and 8.32 is:

-mknod("random1", S_IFCHR|0666, makedev(0x1, 0x8)) = 0
-chmod("random1", 0666)                  = 0
+mknod("random2", S_IFCHR|0666, makedev(0x1, 0x8)) = 0
+openat(AT_FDCWD, "random2", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 3
+newfstatat(3, "", {st_mode=S_IFCHR|0644, st_rdev=makedev(0x1, 0x8), ...}, AT_EMPTY_PATH) = 0
+chmod("/proc/self/fd/3", 0666)          = 0
+close(3)                                = 0

I would report this to bug-gnulib and cc Florian Weimer as this looks related:
https://www.sourceware.org/ml/libc-alpha/2020-02/msg00534.html

For lchmod changes see:
https://www.sourceware.org/ml/libc-alpha/2020-02/msg00534.html

Comment 5 Kamil Dudka 2020-03-06 16:50:12 UTC

Thank you for pointing it out, Pádraig!  The mentioned change looks indeed related.

Comment 6 Kevin Fenzi 2020-03-07 18:43:54 UTC

I'm going to untag coreutils-8.32-1.fc33 for now so we can get a rawhide out. Let me know if you need it tagged back for some reason.

Comment 7 Kamil Dudka 2020-03-09 14:02:15 UTC

Kevin, could you please check that there is a working /proc mounted in the chroot when it fails?

Comment 8 Pádraig Brady 2020-03-09 16:46:47 UTC

It would be great to get an strace if possible.

I'll mention this issue now on the upstream patch...

Comment 9 Kamil Dudka 2020-03-09 22:45:05 UTC

I can reproduce it locally now.  It is sufficient to have a chroot where /proc is not mounted and a build of coreutils where the compile-time check `fchmodat+AT_SYMLINK_NOFOLLOW works on non-symlinks` evaluates to yes.  I will be able to share some details tomorrow hopefully.

Comment 10 Kevin Fenzi 2020-03-09 23:21:14 UTC

Sorry for not getting back with more info sooner. Glad you are able to reproduce it.

Comment 11 Kamil Dudka 2020-03-10 14:33:08 UTC

Minimal example:

# yum install -y \
    https://kojipkgs.fedoraproject.org/packages/coreutils/8.32/1.fc33/x86_64/coreutils-8.32-1.fc33.x86_64.rpm \
    https://kojipkgs.fedoraproject.org/packages/coreutils/8.32/1.fc33/x86_64/coreutils-common-8.32-1.fc33.x86_64.rpm

# mkdir -p /var/tmp/chroot/{bin,dev,lib64,proc}
# cp -L /lib64/{ld-linux-x86-64.so.2,libselinux.so.1,libc.so.6,libpcre2-8.so.0,libdl.so.2,libpthread.so.0} /var/tmp/chroot/lib64
# cp /bin/mknod /var/tmp/chroot/bin
# chroot /var/tmp/chroot /bin/mknod /dev/random -m0666 c 1 8
/bin/mknod: cannot set permissions of '/dev/random': Operation not supported
# echo $?
1

# rm -fv /var/tmp/chroot/dev/random 
removed '/var/tmp/chroot/dev/random'

# strace chroot /var/tmp/chroot /bin/mknod /dev/random -m0666 c 1 8
[...]
umask(000)                              = 022
umask(022)                              = 000
mknod("/dev/random", S_IFCHR|0666, makedev(0x1, 0x8)) = 0
openat(AT_FDCWD, "/dev/random", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 3
newfstatat(3, "", {st_mode=S_IFCHR|0644, st_rdev=makedev(0x1, 0x8), ...}, AT_EMPTY_PATH) = 0
chmod("/proc/self/fd/3", 0666)          = -1 ENOENT (No such file or directory)
close(3)                                = 0
write(2, "/bin/mknod: ", 12/bin/mknod: )            = 12
write(2, "cannot set permissions of '/dev/"..., 39cannot set permissions of '/dev/random') = 39
write(2, ": Operation not supported", 25: Operation not supported) = 25
write(2, "\n", 1
)                       = 1
close(1)                                = 0
close(2)                                = 0
exit_group(1)                           = ?

# rm -fv /var/tmp/chroot/dev/random 
removed '/var/tmp/chroot/dev/random'
# mount -t proc proc /var/tmp/chroot/proc
# strace chroot /var/tmp/chroot /bin/mknod /dev/random -m0666 c 1 8
umask(000)                              = 022
umask(022)                              = 000
mknod("/dev/random", S_IFCHR|0666, makedev(0x1, 0x8)) = 0
openat(AT_FDCWD, "/dev/random", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 3
newfstatat(3, "", {st_mode=S_IFCHR|0644, st_rdev=makedev(0x1, 0x8), ...}, AT_EMPTY_PATH) = 0
chmod("/proc/self/fd/3", 0666)          = 0
close(3)                                = 0
close(1)                                = 0
close(2)                                = 0
exit_group(0)                           = ?

Comment 12 Kamil Dudka 2020-03-10 16:35:36 UTC

It turns out that the observed behavior is caused by the implementation of lchmod() in glibc.  A pure rebuild of coreutils-8.31-10.fc32 on a rawhide system triggers the same bug.

Comment 13 Pádraig Brady 2020-03-10 19:29:00 UTC

You can force the gnulib implementation of lchmod with `configure ac_cv_func_lchmod=no`.
That implementation in 8.32 is similar to the glibc implementation,
but it also falls back to chmod() without /proc,
and so does not have this problem.

Comment 14 Kamil Dudka 2020-03-11 11:05:43 UTC

Thanks!  I will use it as a workaround until the issue is resolved upstream.

Comment 15 Kamil Dudka 2020-03-11 12:23:55 UTC

dist-git commit: https://src.fedoraproject.org/rpms/coreutils/c/acfa9e81

Comment 16 Kamil Dudka 2020-03-12 13:02:14 UTC

I have pushed a downstream change for now to avoid breakage of existing software.  On the other hand, coreutils/gnulib/glibc upstream developers are not going to fix this anytime soon.  So the long term fix needs to go to lorax: it needs to mount a proc file system on /var/tmp/lorax/lorax.7xmi9p_a/installtree/proc before running mknod in the chroot.

Comment 17 Fedora Update System 2020-03-12 18:49:44 UTC

coreutils-8.32-3.fc32 has been pushed to the Fedora 32 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-17c2561434

Comment 18 Florian Klink 2020-04-29 13:46:29 UTC

We saw something similar in NixOS, which runs builds in a sandbox.

In our findings, it seems however something in between _binutils_ 2.31.1 and 2.34 caused this bug, not glibc.

We can individually build certain package bumps, and it was certainly one of the binutils bumps introducing the necessity to the `ac_cv_func_lchmod=no` configure hack in coreutils to unbreak it, but after building more, realized other packages needed these fixes as well, like rsync (which caused our linux kernel builds to fail) - see https://github.com/NixOS/nixpkgs/pull/85951#issuecomment-621199816.

Are you sure this is a problem in glibc, and not binutils? Has there been any discussion with upstream about that?

Comment 19 Kamil Dudka 2020-04-29 14:16:13 UTC

I am not sure about other packages but for coreutils it was really the change in glibc what introduced this bug.  It started to provide its own lchmod() implemetation at some point and the implementation relies on /proc being properly mounted.  If you need to make things work again without rebuilding anything, just make sure that a proc filesystem is mounted on /proc each time you directly or indirectly use glibc's implementation of lchmod().  I cannot see how binutils could ever be related to this bug.

Comment 20 Kamil Dudka 2020-04-29 14:25:00 UTC

(In reply to Florian Klink from comment #18)
> Has there been any discussion with upstream about that?

Yes.  As I understand it, coreutils/glibc/gnulib upstream developers are not going to fix it until there is an appropriate syscall available in Linux kernel:

https://lists.gnu.org/archive/html/bug-gnulib/2020-03/msg00028.html
https://lists.gnu.org/archive/html/bug-gnulib/2020-03/msg00031.html

Comment 21 Florian Klink 2020-04-29 14:45:18 UTC

At least here, moving from binutils 2.33.1 to 2.34 (https://github.com/NixOS/nixpkgs/pull/85951/commits/efdb29597a76c526dc0d9a55f8adf2ec5c33b0ee) is what's needed to reliably break the coreutils test suite (more context in the comment thread at https://github.com/NixOS/nixpkgs/pull/85951).

We have been on glibc 2.30 before and after this commit, and there's definitely no other glibc available inside the whole build environment.

Thanks for the pointers to the ML - I'll need to dive into how our /proc looks like inside the build sandbox (https://github.com/NixOS/nix/blob/master/src/libstore/build.cc#L3198) - there's also some seccomp magic involved (https://github.com/NixOS/nix/blob/master/src/libstore/build.cc#L2978), and how these could cause the weird behaviour I'm seeing now.

Comment 22 Ben Cotton 2020-08-11 13:13:04 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 33 development cycle.
Changing version to 33.

Note You need to log in before you can comment on or make changes to this bug.