[Piuparts-devel] Bug#1063382: piuparts: dealing with a --basetgz containing device nodes when run inside an unprivileged user namespace

Helmut Grohne helmut at subdivi.de
Wed Feb 7 10:28:33 GMT 2024 

Package: piuparts
Version: 1.3
Severity: wishlist
File: /usr/sbin/piuparts
Control: fixed 1055508 piuparts/1.3
Control: close 1055508

Hi Nicolas et al,

thanks for merging all of my previous little wishlist #1055508. I've
close the bug now as all the work has happened in MRs.

I have one more wish. If run piuparts inside an unprivileged user
namespace and pass a --basetgz that contains device nodes, piuparts will
hand this to GNU tar and ask it to extract it. GNU tar will try to mknod
those devices and fail. That failure is propagated and piuparts exits
with a failure.

One solution to this is to only pass a tar to --basetgz that lacks
device nodes. It seems though that users will forget that they have to
strip device nodes and this would be inconvenient, so the question
arises whether we can generally do something about this annoyance.

Since my changes from #1055508, piuparts takes care to always construct
a minimal /dev hierarchy. This happens regardless of whether we run in a
namespace or not. When mknod works, piuparts uses it, otherwise it
resorts to bind mounts for supporting unprivileged user namespaces.
Conversely, piuparts no longer needs the --basetgz to contain device
nodes at all. So a side-effect of my #1055508 changes is that a
privileged piuparts can no deal with a --basetgz with devices and
without.

How about changing piuparts to always ignore user-supplied device nodes?
We could pass --exclude=./dev/* to tar in unpack_from_tgz and thus
always skip extraction of device nodes. Then (due to my earlier
changes), configure_chroot would still ensure a reasonable set of
devices to be present. Since tar no longer attempts to extract device
nodes, this would enable the use of a --basetgz containing device nodes
with a piuparts run in an unprivileged user namespace. It would also
mean that you can no longer customize the /dev hierarchy in your
basetgz. I'm not sure whether that's a good or a bad property.

So what do you think about this change? Is that something you find
reasonable?

@@ -922,7 +922,7 @@
         prefix = []
         if settings.eatmydata and os.path.isfile("/usr/bin/eatmydata"):
             prefix.append("eatmydata")
-        run(prefix + ["tar", "-C", self.name, "--auto-compress", "-xf", tarball])
+        run(prefix + ["tar", "-C", self.name, "--auto-compress", "--exclude=./dev/*", "--exclude=dev/*", "-xf", tarball])

     def setup_from_schroot(self, schroot):
         self.schroot_session = schroot.split(":", 1)[-1] + "-" + str(uuid.uuid1()) + "-piuparts"

Thanks for considering

Helmut

More information about the Piuparts-devel mailing list