New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Could not Flash from sshfs mounted filesystem #1436
Comments
I once had this error myself on a SMB-mounted filesystem, but didn't bother reporting it as I didn't know if it was a situation that any users would run into - looks like I was wrong! @jviotti The problem is that the network-share gets mounted by the user (using GVFS behind the scenes), and is then only accessible to the user who did the network-mount. So when the writer-process then elevates itself to @marcgott As you may have already realised, a temporary workaround is to copy the file from sshfs to somewhere on your local computer, and Etcher will then be able to flash it correctly from there. |
Done some more digging around on this... related links: I mounted a SMB share (as a normal user) on my Ubuntu 14.04 laptop, and when I do $ ls -l /run/user/1001/
total 8
drwx------ 2 andrew andrew 60 May 16 12:07 dconf
dr-x------ 3 andrew andrew 0 May 15 10:03 gvfs
drwx------ 2 andrew andrew 40 May 15 10:03 gvfs-burn
drwx------ 2 andrew andrew 120 May 15 10:03 keyring-utkuo6
drwx------ 2 andrew andrew 80 May 15 10:03 pulse
drwx------ 2 andrew andrew 40 May 16 09:45 unity
drwx------ 3 andrew andrew 60 May 15 10:03 upstart
-rw-r--r-- 1 andrew andrew 5 May 15 10:03 upstart-dbus-bridge.2345.pid
-rw-r--r-- 1 andrew andrew 5 May 15 10:03 upstart-file-bridge.2345.pid
lrwxrwxrwx 1 root root 17 May 15 10:03 X11-display -> /tmp/.X11-unix/X0 However when I then try $ sudo ls -l /run/user/1001/
ls: cannot access /run/user/1001/gvfs: Permission denied
total 8
drwx------ 2 andrew andrew 60 May 16 12:07 dconf
d????????? ? ? ? ? ? gvfs
drwx------ 2 andrew andrew 40 May 15 10:03 gvfs-burn
drwx------ 2 andrew andrew 120 May 15 10:03 keyring-utkuo6
drwx------ 2 andrew andrew 80 May 15 10:03 pulse
drwx------ 2 andrew andrew 40 May 16 09:45 unity
drwx------ 3 andrew andrew 60 May 15 10:03 upstart
-rw-r--r-- 1 andrew andrew 5 May 15 10:03 upstart-dbus-bridge.2345.pid
-rw-r--r-- 1 andrew andrew 5 May 15 10:03 upstart-file-bridge.2345.pid
lrwxrwxrwx 1 root root 17 May 15 10:03 X11-display -> /tmp/.X11-unix/X0 i.e. anything inside the $ ls -l /run/user/1001/gvfs/
total 0
drwx------ 1 andrew andrew 0 Dec 17 13:34 smb-share:server=andynas.local,share=home When I try selecting an image (in this case The relevant lines from the DevTools console are:
TBH I don't know if there's anything we can do about this - unless the |
Yeah, I don't think we can do much here. Can we at least throw a meaningful error describing that the selected file is not accessible by root, but only by the normal user, conflicting wth the fact that Etcher requires root permissions? |
Hm, wait. The image writer takes a readable stream of the image, and that is already created outside the module, so in theory it may be possible to somehow create it with different permissions. I'll be very busy in the following weeks, but I'd love to explore this possibility. |
...and it's just occurred to me that when we add the "create backup" feature ( #266 ), we'll want to do the permissions the "other way around", i.e. read from the raw device as the root-user, but then write the output file as the normal-user ;) |
For raw reads from a device you don't need to be root (or elevated) on any OS, afaik – so that shouldn't give us complications |
Shouldn't we be able to elevate a process while keeping the uid of the normal user (think the equivalent of |
AFAIK you're either running as the root user (which allows us to write to the raw device), or you're running as the normal user (needed in this case to read from the user-level GVFS network share) - I don't think a single process can be running in both modes (?). I think you'd need to use IPC (e.g. a pipe) to communicate between a root-level process and a separate user-level process. However a root-level process can launch a user-level process, as seen here ;-) (thanks for the $ sudo sudo -u andrew ls -l /run/user/1001/
total 8
drwx------ 2 andrew andrew 60 May 17 00:39 dconf
dr-x------ 3 andrew andrew 0 May 15 10:03 gvfs
drwx------ 2 andrew andrew 40 May 15 10:03 gvfs-burn
drwx------ 2 andrew andrew 120 May 15 10:03 keyring-utkuo6
drwx------ 2 andrew andrew 80 May 15 10:03 pulse
drwx------ 2 andrew andrew 40 May 17 01:11 unity
drwx------ 3 andrew andrew 60 May 15 10:03 upstart
-rw-r--r-- 1 andrew andrew 5 May 15 10:03 upstart-dbus-bridge.2345.pid
-rw-r--r-- 1 andrew andrew 5 May 15 10:03 upstart-file-bridge.2345.pid
lrwxrwxrwx 1 root root 17 May 15 10:03 X11-display -> /tmp/.X11-unix/X0 (here I believe there's effectively three processes - the outer-level Pinging @petrosagg in case he has any clever ideas ;-) (or in case I'm horribly wrong) |
@lurch @jviotti @jhermsmeier A potential solution to this problem would be to open the source file before elevation and passing the file descriptor to the elevated process. This way all the checks will have already been done before elevation and the root process should be able to read as normal. |
Is it safe to pass file-descriptors between processes? Given that the elevated and non-elevated parts communicate via IPC, I guess you'd need to serialise and then deserialise the fd? Hmm, I found https://stackoverflow.com/questions/28003921/sending-file-descriptor-by-linux-socket/ which seems to be *nix-specific, so I dunno if that'd work on Windows? |
Hmmm, why was this closed? |
@thundron @jviotti hitting the same thing, may we reopen this? And possibly try the suggestion from @petrosagg just above in this thread? |
[anujdeshpande] This issue has attached support thread https://jel.ly.fish/#/17864624-3903-4e52-b792-cad2b5931323 |
At minimum, there really, REALLY needs to be some sort of warning if you're trying to flash using an image from a network drive. |
The text was updated successfully, but these errors were encountered: