Debian Bug report logs - #508523
[linux-image-2.6.26-1-vserver-amd64] Can't delete vservers or remove hashed files (works in 2.6.25)

version graph

Package: linux-2.6; Maintainer for linux-2.6 is Debian Kernel Team <debian-kernel@lists.debian.org>;

Reported by: Ivan Kohler <ivan-debian@420.am>

Date: Fri, 12 Dec 2008 00:12:02 UTC

Severity: important

Tags: wontfix

Fixed in version 2.6.32-3

Done: Bastian Blank <waldi@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Micah Anderson <micah@debian.org>:
Bug#508523; Package util-vserver. (Fri, 12 Dec 2008 00:12:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ivan Kohler <ivan-debian@420.am>:
New Bug report received and forwarded. Copy sent to Micah Anderson <micah@debian.org>. (Fri, 12 Dec 2008 00:12:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Ivan Kohler <ivan-debian@420.am>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: util-vserver: Can't delete vservers or remove hashed files
Date: Thu, 11 Dec 2008 16:09:38 -0800
Package: util-vserver
Version: 0.30.216~r2772-5
Severity: important

root@rootwood:/home/ivan# vserver saturn5 delete
Are you sure you want to delete the vserver saturn5 (y/N) y
/bin/rm: cannot remove `/var/lib/vservers/saturn5/sbin/installkernel': Operation not permitted

and so on, for hundreds of files...

ls -l /var/lib/vservers/saturn5/sbin/installkernel
-rwxr-xr-x 2 root root 2331 2008-06-27 07:21 /var/lib/vservers/saturn5/sbin/installkernel

It appears that all the files it is complaining about were hashified and are thus shared between multiple vservers.

I also cannot remove any shared files at all:

root@rootwood:/home/ivan# vserver qis enter
qis:/# rm -f /usr/local/share/perl/5.8.8/FS/cust_main.pm
rm: cannot remove `/usr/local/share/perl/5.8.8/FS/cust_main.pm': Operation not permitted

-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-vserver-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages util-vserver depends on:
ii  debconf                       1.5.24     Debian configuration management sy
ii  iproute                       20080725-2 networking and traffic control too
ii  libbeecrypt6                  4.1.2-7    open source C library of cryptogra
ii  libc6                         2.7-16     GNU C Library: Shared libraries
ii  make                          3.81-5     The GNU version of the "make" util
ii  net-tools                     1.60-22    The NET-3 networking toolkit
ii  util-linux                    2.13.1.1-1 Miscellaneous system utilities

Versions of packages util-vserver recommends:
ii  binutils            2.18.1~cvs20080103-7 The GNU assembler, linker and bina
ii  debootstrap         1.0.10               Bootstrap a basic Debian system

Versions of packages util-vserver suggests:
ii  iptables                      1.4.1.1-4  administration tools for packet fi
ii  linux-image-2.6.24-1-amd64 [l 2.6.24-7   Linux 2.6.24 image on AMD64
ii  linux-image-2.6.25-2-amd64 [l 2.6.25-7   Linux 2.6.25 image on AMD64
ii  linux-image-2.6.25-2-vserver- 2.6.25-7   Linux 2.6.25 image on AMD64
ii  linux-image-2.6.26-1-vserver- 2.6.26-11  Linux 2.6.26 image on AMD64, Linux
ii  module-init-tools             3.4-1      tools for managing Linux kernel mo
ii  procps                        1:3.2.7-9  /proc file system utilities
pn  vlan                          <none>     (no description available)
ii  wget                          1.11.4-2   retrieves files from the web
pn  yum                           <none>     (no description available)

-- debconf information:
  util-vserver/prerm_stop_running_vservers: true
  util-vserver/postrm_remove_vserver_configs: false




Bug reassigned from package `util-vserver' to `kernel-2.6'. Request was from Ivan Kohler <ivan-debian@420.am> to control@bugs.debian.org. (Tue, 23 Dec 2008 02:06:02 GMT) Full text and rfc822 format available.

Changed Bug title to `[linux-image-2.6.26-1-vserver-amd64] Can't delete vservers or remove hashed files (works in 2.6.25)' from `util-vserver: Can't delete vservers or remove hashed files'. Request was from Ivan Kohler <ivan-debian@420.am> to control@bugs.debian.org. (Tue, 23 Dec 2008 02:06:03 GMT) Full text and rfc822 format available.

Bug reassigned from package `kernel-2.6' to `linux-2.6'. Request was from Ivan Kohler <ivan-debian@420.am> to control@bugs.debian.org. (Tue, 23 Dec 2008 02:09:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#508523; Package linux-2.6. (Mon, 19 Jan 2009 23:42:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ivan Kohler <ivan-debian@420.am>:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. (Mon, 19 Jan 2009 23:42:02 GMT) Full text and rfc822 format available.

Message #16 received at 508523@bugs.debian.org (full text, mbox):

From: Ivan Kohler <ivan-debian@420.am>
To: 508523@bugs.debian.org
Cc: micah@debian.org
Subject: follow-up information on 2.6.26 vserver regression
Date: Mon, 19 Jan 2009 15:36:11 -0800
To follow up on this problem, it appears that files created by "vserver 
hashify" under 2.6.26 are missing the "U" attribute:

# /usr/sbin/showattr rate.pm
-----uI- rate.pm

The "I" (Immutable) flag is on, but the "U" flag which turns an 
immutable file into a vserver-copy-on-write file is missing.  (U stands 
for Immutable-Invert-on-Unlink)

A file hashed under 2.6.25, or fixed manually ("/usr/sbin/setattr 
--iunlink filename") looks like this:

# /usr/sbin/showattr rate.pm                                                   
-----UI- rate.pm

And of course, files which are not hashed across multiple vservers have 
neither flag:

# /usr/sbin/showattr intlrates.csv
-----ui- intlrates.csv                               

Cc:ing util-vserver maintainer in case he has any input to add on what 
"vserver hashify" from util-vserver does to create copy-on-write files 
and why it might be failing on 2.6.26 but worked fine on 2.6.25.


Here is a quick script to fix permissions, for any folks having this 
problem.  I'm running this in my weekly vserver hashify cron job, 
between the "vserver hashify" steps and the step to remove orphan files, 
i.e.

#!/bin/sh
for a in `ls /var/lib/vservers/`; do mkdir -p /etc/vservers/$a/apps/vunify; vserver --verbose $a hashify; done
/home/ivan/fixvservers/fixvservers #kludge step
find /var/lib/vservers/.hash -type f -links 1 -print0 | xargs -0 rm


fixvservers script follows:

#!/usr/bin/perl

use File::Find;
use String::ShellQuote;

find( \&wanted, '/var/lib/vservers' );

sub wanted {
  my $dir = $File::Find::dir;
  my $file = $_;
  my $pathname = $File::Find::name;

  return if $pathname =~ qr{^/var/lib/vservers/\w+/(dev|proc)/};

  return if -l $file
         || -p $file
         || -S $file
         || -b $file
         || -c $file
         || -t $file
         ;

  $qfile = shell_quote $file;

  chomp( my $showattr = `/usr/sbin/showattr -d $qfile` );
  my( $attr, $fileagain ) = split(' ', $showattr);

  return unless $attr =~ /^.....Ui.$/ || $attr =~ /^.....uI.$/;

  #print "$attr $pathname\n";

  if ( $attr =~ /^.....Ui.$/ ) {
    die "U but not I???";
    #system("/usr/sbin/setattr --immutable $qfile");
  } elsif ( $attr =~ /^.....uI.$/ ) {
    system("/usr/sbin/setattr --iunlink $qfile");
  } else {
    die "guru meditation";
  }

}

-- 
_ivan




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#508523; Package linux-2.6. (Tue, 12 May 2009 13:42:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to ben@bristolwireless.net:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. (Tue, 12 May 2009 13:42:03 GMT) Full text and rfc822 format available.

Message #21 received at 508523@bugs.debian.org (full text, mbox):

From: ben@bristolwireless.net
To: 508523@bugs.debian.org
Subject: Fix for this issue
Date: Tue, 12 May 2009 14:38:43 +0100
After a conversation on IRC with Herbert Pötzl it appears that the  
changes in the position of some xattr flags on the vserver patch used  
within the Debian kernel are to blame for this behaviour.

There is an additional flag differences which affect chroot security  
which should also be changed also.

#508523 is also probably related.


The parts of the vserver patch Debian uses which need to be changed  
for consistency with the other vserver implementations (including  
consistency with Debian Etch's kernels) are:

+#define FS_IXUNLINK_FL	0x01000000 /* Immutable invert on unlink */
should be
+#define FS_IXUNLINK_FL	0x08000000 /* Immutable invert on unlink */

and

+#define FS_BARRIER_FL  0x10000000 /* Barrier for chroot() */
should be
+#define FS_BARRIER_FL  0x04000000 /* Barrier for chroot() */

I've documented a brief summary of what is happening at  
http://linux-vserver.org/Installation_on_Debian#Issues_with_the_current_2.6.26_Kernel


HTH
==
From Ben Green




Reply sent to Ben Hutchings <ben@decadent.org.uk>:
You have taken responsibility. (Tue, 31 May 2011 04:27:07 GMT) Full text and rfc822 format available.

Notification sent to Ivan Kohler <ivan-debian@420.am>:
Bug acknowledged by developer. (Tue, 31 May 2011 04:27:07 GMT) Full text and rfc822 format available.

Message #26 received at 508523-done@bugs.debian.org (full text, mbox):

From: Ben Hutchings <ben@decadent.org.uk>
To: 508523-done@bugs.debian.org
Subject: Re: Fix for this issue
Date: Tue, 31 May 2011 05:24:14 +0100
[Message part 1 (text/plain, inline)]
Version: 2.6.32-3

On Tue, 2009-05-12 at 14:38 +0100, ben@bristolwireless.net wrote:
> After a conversation on IRC with Herbert Pötzl it appears that the  
> changes in the position of some xattr flags on the vserver patch used  
> within the Debian kernel are to blame for this behaviour.
> 
> There is an additional flag differences which affect chroot security  
> which should also be changed also.
> 
> #508523 is also probably related.
> 
> 
> The parts of the vserver patch Debian uses which need to be changed  
> for consistency with the other vserver implementations (including  
> consistency with Debian Etch's kernels) are:
> 
> +#define FS_IXUNLINK_FL	0x01000000 /* Immutable invert on unlink */
> should be
> +#define FS_IXUNLINK_FL	0x08000000 /* Immutable invert on unlink */
> 
> and
> 
> +#define FS_BARRIER_FL  0x10000000 /* Barrier for chroot() */
> should be
> +#define FS_BARRIER_FL  0x04000000 /* Barrier for chroot() */
> 
> I've documented a brief summary of what is happening at  
> http://linux-vserver.org/Installation_on_Debian#Issues_with_the_current_2.6.26_Kernel

I have very little knowledge of vserver, and I don't know how we came to
use different values for these macros.  Unfortunately we cannot change
them in a stable update to Debian 5.0 'lenny' as this will cause further
disruption.

I believe this bug has been fixed in Debian 6.0 'squeeze', in that the
values of these macros are as you say they should be.

Ben.

-- 
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.
[signature.asc (application/pgp-signature, inline)]

Bug No longer marked as fixed in versions 2.6.32-3 and reopened. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 31 May 2011 17:51:02 GMT) Full text and rfc822 format available.

Added tag(s) squeeze and wontfix. Request was from Ivan Kohler <ivan-debian@420.am> to control@bugs.debian.org. (Tue, 31 May 2011 17:51:03 GMT) Full text and rfc822 format available.

Removed tag(s) squeeze. Request was from Ivan Kohler <ivan-debian@420.am> to control@bugs.debian.org. (Tue, 31 May 2011 17:51:05 GMT) Full text and rfc822 format available.

Added tag(s) lenny. Request was from Ivan Kohler <ivan-debian@420.am> to control@bugs.debian.org. (Tue, 31 May 2011 17:51:05 GMT) Full text and rfc822 format available.

Bug Marked as fixed in versions 2.6.32-3. Request was from Ivan Kohler <ivan-debian@420.am> to control@bugs.debian.org. (Tue, 31 May 2011 19:06:03 GMT) Full text and rfc822 format available.

Removed tag(s) lenny. Request was from Bastian Blank <waldi@debian.org> to control@bugs.debian.org. (Sun, 30 Oct 2011 13:03:02 GMT) Full text and rfc822 format available.

Bug closed, send any further explanations to Ivan Kohler <ivan-debian@420.am> Request was from Bastian Blank <waldi@debian.org> to control@bugs.debian.org. (Sun, 30 Oct 2011 13:09:04 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 20 Dec 2011 07:37:50 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 03:10:42 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.