Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

new polkit listener causes segfault without system bus #2781

Closed
ramcq opened this issue Mar 24, 2019 · 10 comments
Closed

new polkit listener causes segfault without system bus #2781

ramcq opened this issue Mar 24, 2019 · 10 comments
Labels
bug cli Issues involving the flatpak command

Comments

@ramcq
Copy link
Contributor

ramcq commented Mar 24, 2019

We use the Ubuntu PPAs on some Endless build clusters, running flatpak inside docker containers to do some app/content build tasks. Some jobs run as root, some run as the user, but neither used the system helper as the containers had no system bus at all. Since upgrading to the new CLI code in 1.3.0, these jobs all segfault because it seems that in anticipation of using the system helper, the polkit listener is set up, and libpolkit is not safe in the case there is no system bus:

(gdb) run remote-list
Starting program: /usr/bin/flatpak remote-list
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffef8f5700 (LWP 611)]

(/usr/bin/flatpak remote-list:607): GLib-GIO-CRITICAL **: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

** (/usr/bin/flatpak remote-list:607): CRITICAL **: polkit_authority_register_authentication_agent_with_options_sync: assertion 'POLKIT_IS_AUTHORITY (authority)' failed
[Thread 0x7fffef8f5700 (LWP 611) exited]

Thread 1 "flatpak" received signal SIGSEGV, Segmentation fault.
0x00007ffff798deb2 in ?? () from /usr/lib/x86_64-linux-gnu/libpolkit-agent-1.so.0
(gdb) bt
#0  0x00007ffff798deb2 in ?? () from /usr/lib/x86_64-linux-gnu/libpolkit-agent-1.so.0
#1  0x00007ffff798e648 in polkit_agent_listener_register_with_options ()
  from /usr/lib/x86_64-linux-gnu/libpolkit-agent-1.so.0
#2  0x00005555555782e7 in install_polkit_agent () at app/flatpak-main.c:555
#3  flatpak_run (res_error=0x7fffffffdf78, argv=0x7fffffffe1d8, argc=1)
   at app/flatpak-main.c:694
#4  main (argc=<optimized out>, argv=<optimized out>) at app/flatpak-main.c:802
@matthiasclasen
Copy link
Collaborator

Doesn't crash here :(

@ramcq
Copy link
Contributor Author

ramcq commented Mar 26, 2019

@matthiasclasen Doh. Will ask @dnohales to share some more details about reproducing. (Can we add -dbgsym for polkit? It might be that this Ubuntu has an old/buggy polkit.)

@dnohales
Copy link

Ok, I found something interesting, this is the test I did. Basically I ran this Docker container:

FROM ubuntu:16.04

RUN apt-get update && \
    apt-get dist-upgrade -y && \
    apt-get install -y apt-transport-https \
                       curl \
                       software-properties-common && \
    apt-get autoremove -y && \
    apt-get clean

RUN add-apt-repository ppa:alexlarsson/flatpak && \
    apt-get update && \
    apt-get install -y flatpak && \
    apt-get clean

RUN mkdir /code
COPY . /code

CMD ["/code/start.sh"]

So, for the start.sh script, this works ok:

#!/bin/bash

flatpak remote-list

But this raises a segfault:

#!/bin/bash

faketty () {
    script -qfec "$(printf "%q " "$@")"
}

faketty flatpak remote-list

Running flatpak remote-list from an interactive shell using docker exec -ti while the container is running an infinite loop also raises a segfault.

On the other hand, this runs ok:

#!/bin/bash

faketty () {
    script -qfec "$(printf "%q " "$@")"
}

mkdir -p /var/run/dbus
dbus-daemon --system
faketty flatpak remote-list

So maybe this has something to do with interactive shells for some reason?

I also tried with ubuntu:18.04 with the same results.

@matthiasclasen
Copy link
Collaborator

matthiasclasen commented Mar 26, 2019
edited
Loading

hmm. I tried

DBUS_SYSTEM_BUS_ADDRESS= flatpak remote-list

in my desktop, and it worked just fine (it told me that it couldn't get a connection to the system bus)

Would be good to get a stacktrace with polkit symbols.

@dnohales
Copy link

@matthiasclasen

# gdb flatpak
GNU gdb (Ubuntu 8.1-0ubuntu3) 8.1.0.20180409-git
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from flatpak...Reading symbols from /usr/lib/debug/.build-id/8c/a180e50ce92ef7e1ec8c4e3171a125f2bfadaf.debug...done.
done.
(gdb) run remote-list
Starting program: /usr/bin/flatpak remote-list
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffedda2700 (LWP 927)]
[New Thread 0x7fffed5a1700 (LWP 928)]

(/usr/bin/flatpak remote-list:922): GLib-GIO-CRITICAL **: 16:38:46.341: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

** (/usr/bin/flatpak remote-list:922): CRITICAL **: 16:38:46.341: polkit_authority_register_authentication_agent_with_options_sync: assertion 'POLKIT_IS_AUTHORITY (authority)' failed
[Thread 0x7fffed5a1700 (LWP 928) exited]

Thread 1 "flatpak" received signal SIGSEGV, Segmentation fault.
0x00007ffff797be32 in server_register (server=server@entry=0x555555885ce0, 
    error=error@entry=0x7fffffffe528) at polkitagentlistener.c:157
157	polkitagentlistener.c: No such file or directory.
(gdb) bt
#0  0x00007ffff797be32 in server_register (server=server@entry=0x555555885ce0, 
    error=error@entry=0x7fffffffe528) at polkitagentlistener.c:157
#1  0x00007ffff797c5ac in polkit_agent_listener_register_with_options (
    listener=0x555555872d40, flags=POLKIT_AGENT_REGISTER_FLAGS_RUN_IN_THREAD, 
    subject=0x555555871e00, object_path=<optimized out>, options=<optimized out>, 
    cancellable=0x0, error=0x7fffffffe528) at polkitagentlistener.c:457
#2  0x000055555557a471 in install_polkit_agent () at app/flatpak-main.c:555
#3  flatpak_run (res_error=0x7fffffffe508, argv=<optimized out>, argc=<optimized out>)
    at app/flatpak-main.c:694
#4  main (argc=<optimized out>, argv=<optimized out>) at app/flatpak-main.c:802

@matthiasclasen
Copy link
Collaborator

Not clear whats going on here.

The only idea I have is that you might be missing this patch:

https://gitlab.freedesktop.org/polkit/polkit/commit/542c6ec832919df6a74e16aba574adaeebe35e08

@matthiasclasen matthiasclasen added bug cli Issues involving the flatpak command labels Apr 10, 2019
@dos1
Copy link

dos1 commented May 15, 2019

@dnohales thanks a lot!
I'm having the same issue. Removing -t parameter from docker/podman invocation (so, not creating a tty) makes it work.

@ramcq
Copy link
Contributor Author

ramcq commented Jul 2, 2019

Aha! @smcv to the rescue - #2997 fixes this

@smcv
Copy link
Collaborator

smcv commented Jul 13, 2019

#2997 has been merged now.

@smcv
Copy link
Collaborator

smcv commented Jul 13, 2019

The missing polkit patch was commit 59f2d96ce3ac63173669f299a9453a7bf5e70a70 from 0.108. I attached a copy to https://bugs.debian.org/923046.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug cli Issues involving the flatpak command
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@dos1 @ramcq @dnohales @smcv @matthiasclasen