[Piuparts-devel] Bug#1125784: pre_remove_50_find_bad_permissions broken by bind mounts

Stefano Rivera stefanor at debian.org
Sat Jan 17 15:38:50 GMT 2026 

Package: piuparts
Version: 1.6.0
Severity: normal

In investigating https://salsa.debian.org/freexian-team/debusine/-/issues/1268 
I found that when I enabled the default piuparts scripts under unshare, 
I get a failure from pre_remove_50_find_bad_permissions:

0m8.6s DEBUG: Starting command: ['chroot', '/tmp/tmp8v6btr2_', 'tmp/scripts/pre_remove_50_find_bad_permissions']
0m8.6s DUMP:
ERROR: BAD PERMISSIONS
crw-rw-rw- 1 nobody nogroup 1, 7 Jan 12 22:25 /dev/full
crw-rw-rw- 1 nobody nogroup 1, 3 Jan 12 22:25 /dev/null
crw-rw-rw- 1 nobody nogroup 1, 8 Jan 12 22:25 /dev/random
crw-rw-rw- 1 nobody nogroup 5, 0 Jan 17 13:48 /dev/tty
crw-rw-rw- 1 nobody nogroup 1, 9 Jan 12 22:25 /dev/urandom
crw-rw-rw- 1 nobody nogroup 1, 5 Jan 12 22:25 /dev/zero
0m8.6s ERROR: Command failed (status=1): ['chroot', '/tmp/tmp8v6btr2_', 'tmp/scripts/pre_remove_50_find_bad_permissions']
ERROR: BAD PERMISSIONS
crw-rw-rw- 1 nobody nogroup 1, 7 Jan 12 22:25 /dev/full
crw-rw-rw- 1 nobody nogroup 1, 3 Jan 12 22:25 /dev/null
crw-rw-rw- 1 nobody nogroup 1, 8 Jan 12 22:25 /dev/random
crw-rw-rw- 1 nobody nogroup 5, 0 Jan 17 13:48 /dev/tty
crw-rw-rw- 1 nobody nogroup 1, 9 Jan 12 22:25 /dev/urandom
crw-rw-rw- 1 nobody nogroup 1, 5 Jan 12 22:25 /dev/zero
0m8.8s DEBUG: Starting command: ['umount', '/tmp/tmp8v6btr2_/dev/tty']
0m8.8s DEBUG: Command ok: ['umount', '/tmp/tmp8v6btr2_/dev/tty']
0m8.8s DEBUG: Starting command: ['umount', '/tmp/tmp8v6btr2_/dev/urandom']
0m8.8s DEBUG: Command ok: ['umount', '/tmp/tmp8v6btr2_/dev/urandom']
0m8.8s DEBUG: Starting command: ['umount', '/tmp/tmp8v6btr2_/dev/random']
0m8.8s DEBUG: Command ok: ['umount', '/tmp/tmp8v6btr2_/dev/random']
0m8.8s DEBUG: Starting command: ['umount', '/tmp/tmp8v6btr2_/dev/full']
0m8.8s DEBUG: Command ok: ['umount', '/tmp/tmp8v6btr2_/dev/full']
0m8.8s DEBUG: Starting command: ['umount', '/tmp/tmp8v6btr2_/dev/zero']
0m8.8s DEBUG: Command ok: ['umount', '/tmp/tmp8v6btr2_/dev/zero']
0m8.8s DEBUG: Starting command: ['umount', '/tmp/tmp8v6btr2_/dev/null']
0m8.8s DEBUG: Command ok: ['umount', '/tmp/tmp8v6btr2_/dev/null']
0m8.8s DEBUG: Starting command: ['umount', '/tmp/tmp8v6btr2_/dev/shm']
0m8.8s DEBUG: Command ok: ['umount', '/tmp/tmp8v6btr2_/dev/shm']
0m8.8s DEBUG: Starting command: ['umount', '/tmp/tmp8v6btr2_/dev/pts']
0m8.8s DEBUG: Command ok: ['umount', '/tmp/tmp8v6btr2_/dev/pts']
0m8.8s DEBUG: Starting command: ['umount', '/tmp/tmp8v6btr2_/proc']
0m8.8s DEBUG: Command ok: ['umount', '/tmp/tmp8v6btr2_/proc']
0m8.8s DEBUG: Starting command: ['rm', '-rf', '--one-file-system', '/tmp/tmp8v6btr2_']
0m8.9s DEBUG: Command ok: ['rm', '-rf', '--one-file-system', '/tmp/tmp8v6btr2_']
0m8.9s DEBUG: Removed directory tree at /tmp/tmp8v6btr2_
0m8.9s ERROR: piuparts run ends.

You can see that these files have the correct permissions, but were 
bind-mounted by piuparts. find is running with "-mount" and seeing the 
underlying file-mount-point, I guess.

Not sure what the best solution for this is. I don't see the right 
options in "find" to understand the situation. We could explicitly 
ignore these files in this script.

Stefano

More information about the Piuparts-devel mailing list