[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1055826: marked as done (bullseye-pu: package crun/0.17+dfsg-1+deb11u2 (bullseye regression))

Your message dated Sat, 10 Feb 2024 13:02:56 +0000
with message-id <E1rYn0S-002xpw-53@coccia.debian.org>
and subject line Released with 11.9
has caused the Debian Bug report #1055826,
regarding bullseye-pu: package crun/0.17+dfsg-1+deb11u2 (bullseye regression)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1055826: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055826
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: crun@packages.debian.org, carnil@debian.org
Control: affects -1 + src:crun

A change merged into Linux v6.6 broke crun. The change was backported in
the stable branch with v6.1.55, the version in bookworm. We fixed crun
last week crun 1.8.1-1+deb12u1 (unblock request: #1055241).

Salvatore Bonaccorso pointed out that the change was backported into all
the stable branches, including v5.10.197, the version now in bullseye.
bullseye's crun, v0.17, is also affected, therefore bullseye crun +
bullseye Linux (or bullseye crun+bullseye-backports Linux etc.) are now
broken as well.

This upload just backports the same two patches that we backported to
bookworm and that are needed to address this issue. The patches apply
with minimal changes. There are no other changes included in this
upload.

See the bookworm-pu unblock request, #1055241, and SUA 243-1, for more
context.

[ Tests ]
Lightly tested on a bullseye VM.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

Thanks,
Faidon

diff -Nru crun-0.17+dfsg/debian/changelog crun-0.17+dfsg/debian/changelog
--- crun-0.17+dfsg/debian/changelog	2023-02-11 23:44:44.000000000 +0200
+++ crun-0.17+dfsg/debian/changelog	2023-11-02 18:52:46.000000000 +0200
@@ -1,3 +1,12 @@
+crun (0.17+dfsg-1+deb11u2) bullseye; urgency=medium
+
+  * Backport two commits from upstream ("ignore ENOTSUP when chmod a
+    symlink"), that restore containers with systemd as their init system, when
+    running under Linux >= v6.6, >= v6.1.55 and >= 5.10.197, i.e. bullseye's
+    and bookworm's current stable kernels. (Closes: #1053821)
+
+ -- Faidon Liambotis <paravoid@debian.org>  Thu, 02 Nov 2023 18:52:46 +0200
+
 crun (0.17+dfsg-1+deb11u1) bullseye; urgency=medium
 
   * Backport upstream commits b847d14 ("spec: do not set inheritable
diff -Nru crun-0.17+dfsg/debian/patches/series crun-0.17+dfsg/debian/patches/series
--- crun-0.17+dfsg/debian/patches/series	2023-02-11 23:44:44.000000000 +0200
+++ crun-0.17+dfsg/debian/patches/series	2023-11-02 18:52:46.000000000 +0200
@@ -1,2 +1,4 @@
 CVE-2022-27650-b847d14.patch
 CVE-2022-27650-1aeeed2.patch
+utils-ignore-ENOTSUP-when-chmod-a-symlink.patch
+utils-fix-ignore-ENOTSUP-when-chmod-a-symlink.patch
diff -Nru crun-0.17+dfsg/debian/patches/utils-fix-ignore-ENOTSUP-when-chmod-a-symlink.patch crun-0.17+dfsg/debian/patches/utils-fix-ignore-ENOTSUP-when-chmod-a-symlink.patch
--- crun-0.17+dfsg/debian/patches/utils-fix-ignore-ENOTSUP-when-chmod-a-symlink.patch	1970-01-01 02:00:00.000000000 +0200
+++ crun-0.17+dfsg/debian/patches/utils-fix-ignore-ENOTSUP-when-chmod-a-symlink.patch	2023-11-02 18:52:46.000000000 +0200
@@ -0,0 +1,36 @@
+From 60296f112fddc74f4926f8ca6f6e1ef7a61ef5b9 Mon Sep 17 00:00:00 2001
+From: Giuseppe Scrivano <gscrivan@redhat.com>
+Date: Tue, 26 Sep 2023 11:51:19 +0200
+Subject: [PATCH] utils: fix ignore ENOTSUP when chmod a symlink
+
+when ENOTSUP is encountered we must continue copying the other files,
+not doing an early return.
+
+commit 57262a2710c83fa08767f0ce3ba7a80993515bb2 introduced the
+regression with the Podman CI.
+
+Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
+
+Origin: upstream, https://github.com/containers/crun/commit/14afa8a46e2e83608a3a219402bce8ea8d071192
+Bug: https://github.com/containers/crun/issues/1308
+Bug-Debian: https://bugs.debian.org/1053821
+---
+ src/libcrun/utils.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libcrun/utils.c b/src/libcrun/utils.c
+index 5c7f315..5306c5b 100644
+--- a/src/libcrun/utils.c
++++ b/src/libcrun/utils.c
+@@ -1858,7 +1858,7 @@ copy_recursive_fd_to_fd (int srcdirfd, int dfd, const char *srcname, const char
+         {
+           /* If the operation fails with ENOTSUP we are dealing with a symlink, so ignore it.  */
+           if (errno == ENOTSUP)
+-            return 0;
++            continue;
+ 
+           if (UNLIKELY (ret < 0))
+             return crun_make_error (err, errno, "chmod `%s/%s`", destname, de->d_name);
+-- 
+2.39.2
+
diff -Nru crun-0.17+dfsg/debian/patches/utils-ignore-ENOTSUP-when-chmod-a-symlink.patch crun-0.17+dfsg/debian/patches/utils-ignore-ENOTSUP-when-chmod-a-symlink.patch
--- crun-0.17+dfsg/debian/patches/utils-ignore-ENOTSUP-when-chmod-a-symlink.patch	1970-01-01 02:00:00.000000000 +0200
+++ crun-0.17+dfsg/debian/patches/utils-ignore-ENOTSUP-when-chmod-a-symlink.patch	2023-11-02 18:52:46.000000000 +0200
@@ -0,0 +1,48 @@
+From 3bc67556e2f077337e574e4c3aaf18488410b2f5 Mon Sep 17 00:00:00 2001
+From: Giuseppe Scrivano <gscrivan@redhat.com>
+Date: Fri, 22 Sep 2023 11:34:19 +0200
+Subject: [PATCH] utils: ignore ENOTSUP when chmod a symlink
+
+commit 5d1f903f75a80daa4dfb3d84e114ec8ecbf29956 in the kernel, present
+in a release since Linux 6.6 doesn't allow anymore to change the
+mode of a symlink, so just ignore the failure.
+
+Closes: https://github.com/containers/crun/issues/1308
+
+Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
+
+Origin: upstream, https://github.com/containers/crun/commit/57262a2710c83fa08767f0ce3ba7a80993515bb2
+Bug: https://github.com/containers/crun/issues/1308
+Bug-Debian: https://bugs.debian.org/1053821
+---
+ src/libcrun/utils.c | 13 ++-----------
+ 1 file changed, 2 insertions(+), 11 deletions(-)
+
+diff --git a/src/libcrun/utils.c b/src/libcrun/utils.c
+index cac0fb9..5c7f315 100644
+--- a/src/libcrun/utils.c
++++ b/src/libcrun/utils.c
+@@ -1856,18 +1856,9 @@ copy_recursive_fd_to_fd (int srcdirfd, int dfd, const char *srcname, const char
+       ret = fchmodat (destdirfd, de->d_name, mode & ALLPERMS, AT_SYMLINK_NOFOLLOW);
+       if (UNLIKELY (ret < 0))
+         {
++          /* If the operation fails with ENOTSUP we are dealing with a symlink, so ignore it.  */
+           if (errno == ENOTSUP)
+-            {
+-              char proc_path[32];
+-              cleanup_close int fd = -1;
+-
+-              fd = openat (destdirfd, de->d_name, O_PATH | O_NOFOLLOW);
+-              if (UNLIKELY (fd < 0))
+-                return crun_make_error (err, errno, "open `%s/%s`", destname, de->d_name);
+-
+-              sprintf (proc_path, "/proc/self/fd/%d", fd);
+-              ret = chmod (proc_path, mode & ALLPERMS);
+-            }
++            return 0;
+ 
+           if (UNLIKELY (ret < 0))
+             return crun_make_error (err, errno, "chmod `%s/%s`", destname, de->d_name);
+-- 
+2.39.2
+

--- End Message ---
--- Begin Message --- 
Version: 11.9

The upload requested in this bug has been released as part of 11.9.

--- End Message ---
Reply to: