Bug 12519

Summary: под unionfs не работает passwd
Product: Sisyphus Reporter: Anton Farygin <rider>
Component: kernel-image-std-smpAssignee: Sergey Vlasov <vsu>
Status: NEW --- QA Contact: qa-sisyphus
Severity: normal    
Priority: P2 CC: silicium, stanv
Version: unstable   
Hardware: all   
OS: Linux   
Attachments:
Description Flags
можно попробовать приложить этот патч none

Description Anton Farygin 2007-08-09 16:48:12 MSD
passwd, запущенный на livecd не отрабатывает.

/mnt/root//etc /etc unionfs
rw,dirs=/mnt/root/etc=rw:/etc=ro,debug=4294967295,delete=whiteout 0 0


Вот кусок strace:
stat64("/etc/tcb/altlinux", {st_mode=S_IFDIR|0710, st_size=80, ...}) = 0
getgroups32(262144, [0, 1, 2, 3, 4, 6, 10, 19]) = 8
setgroups32(0, [])                      = 0
setfsgid32(26)                          = 26
setfsgid32(26)                          = 26
setfsuid32(500)                         = 0
setfsuid32(500)                         = 500
open("/etc/tcb/altlinux/shadow.lock",
O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW, 0600) = 3
fcntl64(3, F_GETFD)                     = 0
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
rt_sigaction(SIGALRM, {0xb7d078f0, ~[RTMIN RT_1], 0}, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [ALRM], [], 8) = 0
setitimer(ITIMER_REAL, {it_interval={1, 0}, it_value={1, 0}}, NULL) = 0
fcntl64(3, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
time(NULL)                              = 1186649173
open("/etc/tcb/altlinux/shadow.tmp", O_WRONLY|O_CREAT|O_TRUNC, 0400) = 4
fcntl64(4, F_GETFL)                     = 0x1 (flags O_WRONLY)
fstat64(4, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7ef6000
_llseek(4, 0, [0], SEEK_CUR)            = 0
open("/etc/tcb/altlinux/shadow", O_RDONLY) = 5
fstat64(5, {st_mode=S_IFREG|0640, st_size=22, ...}) = 0
stat64("/etc/tcb/altlinux/shadow", {st_mode=S_IFREG|0640, st_size=22, ...}) = 0
chmod("/etc/tcb/altlinux/shadow.tmp", 0400) = 0
chown32("/etc/tcb/altlinux/shadow.tmp", 500, 27) = -1 EPERM (Operation not
permitted)
time(NULL)                              = 1186649173
Comment 1 Andriy Stepanov (stanv) 2007-08-21 10:23:14 MSD
Эксперемент на LiveCD:

[root@localhost] # chmod 2710 /etc/tcb/altlinux
католог /etc/tcb/altlinux получает законные права drwx--s---

владелецом каталога /etc/tcb/altlinux является: user (uid) auth (gid)

[user@localhost] $ touch /etc/tcb/altlinux/test_file

[root@localhost] # ls -l /etc/tcb/altlinux/test_file
-rw-r--r-- 1 user user 0 Aug 21 06:49 test_file 
вместо:
-rw-r--r-- 1 user auth 0 Aug 21 06:49 test_file

т.е. unionfs не отрабатывает флаг SGID для каталога.
Comment 2 Andriy Stepanov (stanv) 2007-08-21 10:24:43 MSD
Created attachment 2158 [details]
можно попробовать приложить этот патч
Comment 3 Andriy Stepanov (stanv) 2007-08-23 09:25:44 MSD
Вот что ответили по поводу моего патча, разработчики unionfs:

1. --------------------------------------------------------------------------

On Tue, Aug 21, 2007 at 10:11:51AM +0400, Andrew Stepanov wrote:
> > Hello.
> >
> > I have LiveCD.
> >
> > Mount options are like this:
> >
> > /mnt/root//etc /etc unionfs
> > rw,dirs=/mnt/root/etc=rw:/etc=ro,debug=4294967295,delete=whiteout 0 0

Which version of unionfs is this? It looks old. Unionfs 2.x doesn't support
the debug/delete mount options - no need for them really.

> > CD-ROM contain /etc/tcb/user directory with 'drwx--x---' rights
> >
> > [root@localhost~] # chmod 2710 /etc/tcb/user directory now with 
> > 'drwx--s---' rights
> >
> > /etc/tcb/user is owned by 'user' (uid) and 'auth' (gid)
> >
> > [user@localhost~] $ touch /etc/tcb/user/test_file
> > [user@localhost~] $ ls -l /etc/tcb/user/test_file
> > -rw-r--r-- 1 user user 0 Aug 21 06:49 test_file
> > Instead of:
> > -rw-r--r-- 1 user auth 0 Aug 21 06:49 test_file

Good catch.

> > Please, see attached patch. Does it solve this problem ?
> >
> > Thanks.

> > diff -ruN linux-2.6.18/fs/unionfs/inode.c
linux-2.6.18-modified/fs/unionfs/inode.c
> > --- linux-2.6.18/fs/unionfs/inode.c	2007-08-20 16:23:45 +0400
> > +++ linux-2.6.18-modified/fs/unionfs/inode.c	2007-08-20 16:20:44 +0400
> > @@ -85,7 +85,12 @@
> >  
> >  		newattrs.ia_mode = mode & ~current->fs->umask;
> >  		newattrs.ia_uid = current->fsuid;
> > -		newattrs.ia_gid = current->fsgid;
> > +		else if (parent->i_mode & S_ISGID) {

I'm a little bit confused about the above 'else' keyword (could be that
you're looking at 1.x code which is different quite a bit), but otherwise I
think idea is sane.

Josef 'Jeff' Sipek.

> > +			newattrs.i_gid = parent->i_gid;
> > +			if (S_ISDIR(mode))
> > +				mode |= S_ISGID;
> > +		} else
> > +			newattrs.ia_gid = current->fsgid;
> >  
> >  		if (wh_dentry->d_inode->i_size != 0) {
> >  			newattrs.ia_valid |= ATTR_SIZE;


2. --------------------------------------------------------------------------

Andrew, I've verified that the SGID bug doesn't exist in Unionfs-2.1.  As
Jeff hinted, you're probably using Unionfs 1.x, right?  If so, we strongly
recommend you upgrade to 2.1 -- this and many bugs are fixed.

Erez.
Comment 4 Michail Yakushin 2008-07-11 13:01:57 MSD
Проблема актуальна?
Comment 5 Anton Farygin 2008-07-11 15:52:30 MSD
Надо проверять на LiveCD.