[Bug 1484661] Re: 'click install' within an adt-virt-schroot fails with "Sandbox failure: 'click install' not permitted to write-open '/dev/pts/8'"

Martin Pitt martin.pitt at ubuntu.com
Tue Jan 12 21:25:25 UTC 2016 

FTR, I just tried this again on current xenial: "adt-run click-apparmor
--- schroot xenial" succeeds. My xenial schroot is an off-the-shelf "mk-
sbuild --type=file xenial". I do have these lines in
/etc/schroot/default/fstab:

/dev            /dev            none    rw,bind         0       0
/dev/pts        /dev/pts        none    rw,bind         0       0

Even the "buildd" profile has /dev/pts.

Does your schroot  maybe not have /dev/pts? But if I comment out the
/dev/pts mounting, the test still succeeds. So I wonder what's different
between your and my systems...

** Changed in: autopkgtest (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to autopkgtest in Ubuntu.
https://bugs.launchpad.net/bugs/1484661

Title:
  'click install' within an adt-virt-schroot fails with "Sandbox
  failure: 'click install' not permitted to write-open '/dev/pts/8'"

Status in autopkgtest package in Ubuntu:
  Incomplete

Bug description:
  This used to work and I don't know when this starting failing. If I try to run the click-apparmor autopkgtests (tried both vivid and wily) on a vivid host, then I get:
  adt-run [13:51:51]: test test_aa-clickhook: [-----------------------
  Successfully built package in './com.example.click-apparmor-test_0.1_all.click'.
  WARNING:root:debsig-verify not available; cannot check signatures
  ERROR:root:['dpkg', '--force-not-root', '--force-bad-path', '--force-architecture', '--instdir', '/opt/click.ubuntu.com/com.example.click-apparmor-test/0.1', '--admindir', '/opt/click.ubuntu.com/com.example.click-apparmor-test/0.1/.click', '--path-exclude', '*/.click/*', '--log', '/opt/click.ubuntu.com/.click/log', '--no-triggers', '--install', '/tmp/adttmp.sme399/com.example.click-apparmor-test_0.1_all.click'] failed with exit_code 1:
  Sandbox failure: 'click install' not permitted to write-open '/dev/pts/8'
  dpkg: error processing archive /tmp/adttmp.sme399/com.example.click-apparmor-test_0.1_all.click (--install):
   subprocess dpkg-deb --control returned error exit status 1
  Errors were encountered while processing:
   /tmp/adttmp.sme399/com.example.click-apparmor-test_0.1_all.click

  Traceback (most recent call last):
    File "/usr/bin/click", line 86, in <module>
      sys.exit(main())
    File "/usr/bin/click", line 82, in main
      return mod.run(args)
    File "/usr/lib/python3/dist-packages/click/commands/install.py", line 66, in run
      quiet=not options.verbose)
    File "/usr/lib/python3/dist-packages/click/install.py", line 457, in install
      path, user=user, all_users=all_users, quiet=quiet)
    File "/usr/lib/python3/dist-packages/click/install.py", line 413, in _unpack
      **kwargs)
    File "/usr/lib/python3.4/subprocess.py", line 620, in check_output
      raise CalledProcessError(retcode, process.args, output=output)
  subprocess.CalledProcessError: Command '['dpkg', '--force-not-root', '--force-bad-path', '--force-architecture', '--instdir', '/opt/click.ubuntu.com/com.example.click-apparmor-test/0.1', '--admindir', '/opt/click.ubuntu.com/com.example.click-apparmor-test/0.1/.click', '--path-exclude', '*/.click/*', '--log', '/opt/click.ubuntu.com/.click/log', '--no-triggers', '--install', '/tmp/adttmp.sme399/com.example.click-apparmor-test_0.1_all.click']' returned non-zero exit status 1
  adt-run [13:51:52]: test test_aa-clickhook: -----------------------]
  test_aa-clickhook    FAIL non-zero exit status 1

  This tests attempts to install a click within the schroot (note that debian/tests/test_aa-clickhook mocks the click framework, sets apparmor_parser to /bin/true and modifies click.py to use mock_testenv = True) using:
  click install --user=`getent passwd | sort -t: -nk3 | awk -F: '{if ($3 >= 500) { print $1; exit } }'` /path/to/click

  The above error messages comes from clickpreload.c in the click
  package which is preloaded to reject any writes (except to /dev/tty)
  outside of the click install directory. For some reason, dpkg is
  trying to write to /dev/pts/* (stderr) when run under autopkgtest.

  If I run the click install command manually (after making the
  aforementioned changes test_aa-clickhook does) in the schroot, it
  works fine.

  Furthermore, if I run the tests manually, they also pass:
  $ schroot -c autopkgtest-wily-amd64 -u root
  $ apt-get install click-apparmor
  ...
  $ apt-get source click-apparmor
  ...
  $ cd click-apparmor-0.3.9build1/
  $ rm -rf /tmp/adt ; mkdir /tmp/adt ; ADTTMP=/tmp/adt sh ./debian/tests/test_aa-clickhook
  ...
  PASS (all tests)
  $

  But, if I run the tests via adt, they do not:
  $ apt-get source click-apparmor=0.3.9build1
  ...
  $ cd click-apparmor-0.3.9build1/
  $ adt-run -B --unbuilt-tree ./ --log-file /tmp/adt.out --- adt-virt-schroot autopkgtest-wily-amd64 || echo "** AUTOPKGTESTS FAILED"
  ...
  adt-run [16:08:44]: test test_aa-clickhook: preparing
  ...
  Sandbox failure: 'click install' not permitted to write-open '/dev/pts/28'
  ...
  ** AUTOPKGTESTS FAILED

  If I modify preload/clickpreload.c in click with the attached patch, I
  can see this output when running within the adt-virt-schroot:

  $ adt-run -B /tmp/click/*.deb --unbuilt-tree ./ --log-file /tmp/adt.out --- adt-virt-schroot autopkgtest-wily-amd64 || echo "** AUTOPKGTESTS FAILED"
  ...
  Sandbox debug: 'click install' write-open to '/dev/pts/28'
  Selecting previously unselected package com.example.click-apparmor-test.
  (Reading database ... 0 files and directories currently installed.)
  Preparing to unpack .../com.example.click-apparmor-test_0.1_all.click ...
  Unpacking com.example.click-apparmor-test (0.1) ...
  dpkg: error processing archive /tmp/adttmp.tHXET8/com.example.click-apparmor-test_0.1_all.click (--install):
   corrupted filesystem tarfile - corrupted package archive
  Errors were encountered while processing:
   /tmp/adttmp.tHXET8/com.example.click-apparmor-test_0.1_all.click

  
  However, if I adjust the test_aa-clickhook autopkgtest to copy that package aside so I can try it manually, it is not malformed at all and installs fine in the schroot (after making the aforementioned changes to click.py and apparmor_parser) and my vivid host:
  $ sudo click install --user=$USER --allow-unauthenticated /tmp/com.example.click-apparmor-test_0.1_all.click
  WARNING:root:Signature check failed, but installing anyway as requested
  $ click list --user=$USER
  com.example.click-apparmor-test	0.1

  ProblemType: Bug
  DistroRelease: Ubuntu 15.04
  Package: autopkgtest 3.13
  ProcVersionSignature: Ubuntu 4.1.0-1.1~rc2-generic 4.1.0
  Uname: Linux 4.1.0-1-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.17.2-0ubuntu1.2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Thu Aug 13 14:12:56 2015
  InstallationDate: Installed on 2015-06-13 (60 days ago)
  InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
  PackageArchitecture: all
  SourcePackage: autopkgtest
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/autopkgtest/+bug/1484661/+subscriptions

More information about the foundations-bugs mailing list