[Bug 1484661] Re: 'click install' within an adt-virt-schroot fails with "Sandbox failure: 'click install' not permitted to write-open '/dev/pts/8'"

Jamie Strandboge jamie at ubuntu.com
Thu Aug 13 21:27:36 UTC 2015 

** Patch added: "preload-debugging.patch"
   https://bugs.launchpad.net/ubuntu/+source/autopkgtest/+bug/1484661/+attachment/4444430/+files/preload-debugging.patch

** Description changed:

  This used to work and I don't know when this starting failing. If I try to run the click-apparmor autopkgtests (tried both vivid and wily) on a vivid host, then I get:
  adt-run [13:51:51]: test test_aa-clickhook: [-----------------------
  Successfully built package in './com.example.click-apparmor-test_0.1_all.click'.
  WARNING:root:debsig-verify not available; cannot check signatures
  ERROR:root:['dpkg', '--force-not-root', '--force-bad-path', '--force-architecture', '--instdir', '/opt/click.ubuntu.com/com.example.click-apparmor-test/0.1', '--admindir', '/opt/click.ubuntu.com/com.example.click-apparmor-test/0.1/.click', '--path-exclude', '*/.click/*', '--log', '/opt/click.ubuntu.com/.click/log', '--no-triggers', '--install', '/tmp/adttmp.sme399/com.example.click-apparmor-test_0.1_all.click'] failed with exit_code 1:
  Sandbox failure: 'click install' not permitted to write-open '/dev/pts/8'
  dpkg: error processing archive /tmp/adttmp.sme399/com.example.click-apparmor-test_0.1_all.click (--install):
   subprocess dpkg-deb --control returned error exit status 1
  Errors were encountered while processing:
   /tmp/adttmp.sme399/com.example.click-apparmor-test_0.1_all.click
  
  Traceback (most recent call last):
    File "/usr/bin/click", line 86, in <module>
      sys.exit(main())
    File "/usr/bin/click", line 82, in main
      return mod.run(args)
    File "/usr/lib/python3/dist-packages/click/commands/install.py", line 66, in run
      quiet=not options.verbose)
    File "/usr/lib/python3/dist-packages/click/install.py", line 457, in install
      path, user=user, all_users=all_users, quiet=quiet)
    File "/usr/lib/python3/dist-packages/click/install.py", line 413, in _unpack
      **kwargs)
    File "/usr/lib/python3.4/subprocess.py", line 620, in check_output
      raise CalledProcessError(retcode, process.args, output=output)
  subprocess.CalledProcessError: Command '['dpkg', '--force-not-root', '--force-bad-path', '--force-architecture', '--instdir', '/opt/click.ubuntu.com/com.example.click-apparmor-test/0.1', '--admindir', '/opt/click.ubuntu.com/com.example.click-apparmor-test/0.1/.click', '--path-exclude', '*/.click/*', '--log', '/opt/click.ubuntu.com/.click/log', '--no-triggers', '--install', '/tmp/adttmp.sme399/com.example.click-apparmor-test_0.1_all.click']' returned non-zero exit status 1
  adt-run [13:51:52]: test test_aa-clickhook: -----------------------]
  test_aa-clickhook    FAIL non-zero exit status 1
  
  This tests attempts to install a click within the schroot (note that debian/tests/test_aa-clickhook mocks the click framework, sets apparmor_parser to /bin/true and modifies click.py to use mock_testenv = True) using:
  click install --user=`getent passwd | sort -t: -nk3 | awk -F: '{if ($3 >= 500) { print $1; exit } }'` /path/to/click
  
  The above error messages comes from clickpreload.c in the click package
  which is preloaded to reject any writes (except to /dev/tty) outside of
  the click install directory. For some reason, dpkg is trying to write to
- /dev/pts/* (stderr?) when run under autopkgtest. If I adjust
- clickpreload.c to allow writes to /dev/pts/ and install that when
- running the autopkgtests, the tests pass again.
+ /dev/pts/* (stderr) when run under autopkgtest.
  
  If I run the click install command manually (after making the
  aforementioned changes test_aa-clickhook does) in the schroot, it works
  fine.
  
  Furthermore, if I run the tests manually, they also pass:
  $ schroot -c autopkgtest-wily-amd64 -u root
  $ apt-get install click-apparmor
  ...
  $ apt-get source click-apparmor
  ...
  $ cd click-apparmor-0.3.9build1/
  $ rm -rf /tmp/adt ; mkdir /tmp/adt ; ADTTMP=/tmp/adt sh ./debian/tests/test_aa-clickhook
  ...
  PASS (all tests)
  $
  
  But, if I run the tests via adt, they do not:
  $ apt-get source click-apparmor=0.3.9build1
  ...
  $ cd click-apparmor-0.3.9build1/
  $ adt-run -B --unbuilt-tree ./ --log-file /tmp/adt.out --- adt-virt-schroot autopkgtest-wily-amd64 || echo "** AUTOPKGTESTS FAILED"
  ...
  adt-run [16:08:44]: test test_aa-clickhook: preparing
  ...
  Sandbox failure: 'click install' not permitted to write-open '/dev/pts/28'
  ...
  ** AUTOPKGTESTS FAILED
  
- 
- If I modify preload/clickpreload.c in click with the attached debdiff, I can see this output when running within the adt-virt-schroot:
+ If I modify preload/clickpreload.c in click with the attached patch, I
+ can see this output when running within the adt-virt-schroot:
  
  Sandbox debug: 'click install' write-open to '/dev/pts/28'
  Selecting previously unselected package com.example.click-apparmor-test.
  (Reading database ... 0 files and directories currently installed.)
  Preparing to unpack .../com.example.click-apparmor-test_0.1_all.click ...
  Unpacking com.example.click-apparmor-test (0.1) ...
  dpkg: error processing archive /tmp/adttmp.tHXET8/com.example.click-apparmor-test_0.1_all.click (--install):
-  corrupted filesystem tarfile - corrupted package archive
+  corrupted filesystem tarfile - corrupted package archive
  Errors were encountered while processing:
-  /tmp/adttmp.tHXET8/com.example.click-apparmor-test_0.1_all.click
+  /tmp/adttmp.tHXET8/com.example.click-apparmor-test_0.1_all.click
  
- 
- However, it I adjust the test_aa-clickhook autopkgtest to copy that package aside it is not malformed at all and installs fine in the schroot (after making the aforementioned changes to click.py and apparmor_parser) and my vivid host:
- $ sudo click install --user=$USER --allow-unauthenticated /tmp/com.example.click-apparmor-test_0.1_all.click 
+ However, if I adjust the test_aa-clickhook autopkgtest to copy that package aside so I can try it manually, it is not malformed at all and installs fine in the schroot (after making the aforementioned changes to click.py and apparmor_parser) and my vivid host:
+ $ sudo click install --user=$USER --allow-unauthenticated /tmp/com.example.click-apparmor-test_0.1_all.click
  WARNING:root:Signature check failed, but installing anyway as requested
  $ click list --user=$USER
  com.example.click-apparmor-test	0.1
  
  
  ProblemType: Bug
  DistroRelease: Ubuntu 15.04
  Package: autopkgtest 3.13
  ProcVersionSignature: Ubuntu 4.1.0-1.1~rc2-generic 4.1.0
  Uname: Linux 4.1.0-1-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.17.2-0ubuntu1.2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Thu Aug 13 14:12:56 2015
  InstallationDate: Installed on 2015-06-13 (60 days ago)
  InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
  PackageArchitecture: all
  SourcePackage: autopkgtest
  UpgradeStatus: No upgrade log present (probably fresh install)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to autopkgtest in Ubuntu.
https://bugs.launchpad.net/bugs/1484661

Title:
  'click install' within an adt-virt-schroot fails with "Sandbox
  failure: 'click install' not permitted to write-open '/dev/pts/8'"

Status in autopkgtest package in Ubuntu:
  New

Bug description:
  This used to work and I don't know when this starting failing. If I try to run the click-apparmor autopkgtests (tried both vivid and wily) on a vivid host, then I get:
  adt-run [13:51:51]: test test_aa-clickhook: [-----------------------
  Successfully built package in './com.example.click-apparmor-test_0.1_all.click'.
  WARNING:root:debsig-verify not available; cannot check signatures
  ERROR:root:['dpkg', '--force-not-root', '--force-bad-path', '--force-architecture', '--instdir', '/opt/click.ubuntu.com/com.example.click-apparmor-test/0.1', '--admindir', '/opt/click.ubuntu.com/com.example.click-apparmor-test/0.1/.click', '--path-exclude', '*/.click/*', '--log', '/opt/click.ubuntu.com/.click/log', '--no-triggers', '--install', '/tmp/adttmp.sme399/com.example.click-apparmor-test_0.1_all.click'] failed with exit_code 1:
  Sandbox failure: 'click install' not permitted to write-open '/dev/pts/8'
  dpkg: error processing archive /tmp/adttmp.sme399/com.example.click-apparmor-test_0.1_all.click (--install):
   subprocess dpkg-deb --control returned error exit status 1
  Errors were encountered while processing:
   /tmp/adttmp.sme399/com.example.click-apparmor-test_0.1_all.click

  Traceback (most recent call last):
    File "/usr/bin/click", line 86, in <module>
      sys.exit(main())
    File "/usr/bin/click", line 82, in main
      return mod.run(args)
    File "/usr/lib/python3/dist-packages/click/commands/install.py", line 66, in run
      quiet=not options.verbose)
    File "/usr/lib/python3/dist-packages/click/install.py", line 457, in install
      path, user=user, all_users=all_users, quiet=quiet)
    File "/usr/lib/python3/dist-packages/click/install.py", line 413, in _unpack
      **kwargs)
    File "/usr/lib/python3.4/subprocess.py", line 620, in check_output
      raise CalledProcessError(retcode, process.args, output=output)
  subprocess.CalledProcessError: Command '['dpkg', '--force-not-root', '--force-bad-path', '--force-architecture', '--instdir', '/opt/click.ubuntu.com/com.example.click-apparmor-test/0.1', '--admindir', '/opt/click.ubuntu.com/com.example.click-apparmor-test/0.1/.click', '--path-exclude', '*/.click/*', '--log', '/opt/click.ubuntu.com/.click/log', '--no-triggers', '--install', '/tmp/adttmp.sme399/com.example.click-apparmor-test_0.1_all.click']' returned non-zero exit status 1
  adt-run [13:51:52]: test test_aa-clickhook: -----------------------]
  test_aa-clickhook    FAIL non-zero exit status 1

  This tests attempts to install a click within the schroot (note that debian/tests/test_aa-clickhook mocks the click framework, sets apparmor_parser to /bin/true and modifies click.py to use mock_testenv = True) using:
  click install --user=`getent passwd | sort -t: -nk3 | awk -F: '{if ($3 >= 500) { print $1; exit } }'` /path/to/click

  The above error messages comes from clickpreload.c in the click
  package which is preloaded to reject any writes (except to /dev/tty)
  outside of the click install directory. For some reason, dpkg is
  trying to write to /dev/pts/* (stderr) when run under autopkgtest.

  If I run the click install command manually (after making the
  aforementioned changes test_aa-clickhook does) in the schroot, it
  works fine.

  Furthermore, if I run the tests manually, they also pass:
  $ schroot -c autopkgtest-wily-amd64 -u root
  $ apt-get install click-apparmor
  ...
  $ apt-get source click-apparmor
  ...
  $ cd click-apparmor-0.3.9build1/
  $ rm -rf /tmp/adt ; mkdir /tmp/adt ; ADTTMP=/tmp/adt sh ./debian/tests/test_aa-clickhook
  ...
  PASS (all tests)
  $

  But, if I run the tests via adt, they do not:
  $ apt-get source click-apparmor=0.3.9build1
  ...
  $ cd click-apparmor-0.3.9build1/
  $ adt-run -B --unbuilt-tree ./ --log-file /tmp/adt.out --- adt-virt-schroot autopkgtest-wily-amd64 || echo "** AUTOPKGTESTS FAILED"
  ...
  adt-run [16:08:44]: test test_aa-clickhook: preparing
  ...
  Sandbox failure: 'click install' not permitted to write-open '/dev/pts/28'
  ...
  ** AUTOPKGTESTS FAILED

  If I modify preload/clickpreload.c in click with the attached patch, I
  can see this output when running within the adt-virt-schroot:

  Sandbox debug: 'click install' write-open to '/dev/pts/28'
  Selecting previously unselected package com.example.click-apparmor-test.
  (Reading database ... 0 files and directories currently installed.)
  Preparing to unpack .../com.example.click-apparmor-test_0.1_all.click ...
  Unpacking com.example.click-apparmor-test (0.1) ...
  dpkg: error processing archive /tmp/adttmp.tHXET8/com.example.click-apparmor-test_0.1_all.click (--install):
   corrupted filesystem tarfile - corrupted package archive
  Errors were encountered while processing:
   /tmp/adttmp.tHXET8/com.example.click-apparmor-test_0.1_all.click

  However, if I adjust the test_aa-clickhook autopkgtest to copy that package aside so I can try it manually, it is not malformed at all and installs fine in the schroot (after making the aforementioned changes to click.py and apparmor_parser) and my vivid host:
  $ sudo click install --user=$USER --allow-unauthenticated /tmp/com.example.click-apparmor-test_0.1_all.click
  WARNING:root:Signature check failed, but installing anyway as requested
  $ click list --user=$USER
  com.example.click-apparmor-test	0.1


  ProblemType: Bug
  DistroRelease: Ubuntu 15.04
  Package: autopkgtest 3.13
  ProcVersionSignature: Ubuntu 4.1.0-1.1~rc2-generic 4.1.0
  Uname: Linux 4.1.0-1-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.17.2-0ubuntu1.2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Thu Aug 13 14:12:56 2015
  InstallationDate: Installed on 2015-06-13 (60 days ago)
  InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
  PackageArchitecture: all
  SourcePackage: autopkgtest
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/autopkgtest/+bug/1484661/+subscriptions

More information about the foundations-bugs mailing list