Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check for exec=on if the user has a tmp dataset #821

Closed
dlangille opened this issue Jan 21, 2019 · 22 comments

Comments

@dlangille
Copy link
Contributor

commented Jan 21, 2019

$ iocage --version
Version 1.0 RC 2018/11

Host was upgraded to 12.0 earlier in the day.

$ sudo iocage fetch 12.0-RELEASE                                                                                                                 
[0] 9.3-RELEASE (EOL)
[1] 10.1-RELEASE (EOL)
[2] 10.2-RELEASE (EOL)
[3] 10.3-RELEASE (EOL)
[4] 10.4-RELEASE (EOL)
[5] 11.0-RELEASE (EOL)
[6] 11.1-RELEASE (EOL)
[7] 11.2-RELEASE
[8] 12.0-RELEASE

Type the number of the desired RELEASE
Press [Enter] to fetch the default selection: (12.0-RELEASE)
Type EXIT to quit: 8
Fetching: 12.0-RELEASE

Extracting: base.txz... 
Extracting: lib32.txz... 
src.txz missing, will try to redownload!
Downloading: src.txz [####################] 100% 
Extracting: src.txz... 

* Updating 12.0-RELEASE to the latest patch level... 
Traceback (most recent call last):
  File "/usr/local/bin/iocage", line 10, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/iocage_cli/fetch.py", line 129, in cli
    ioc.IOCage().fetch(**kwargs)
  File "/usr/local/lib/python3.6/site-packages/iocage_lib/iocage.py", line 1059, in fetch
    **kwargs).fetch_release()
  File "/usr/local/lib/python3.6/site-packages/iocage_lib/ioc_fetch.py", line 229, in fetch_release
    rel = self.fetch_http_release(eol, _list=_list)
  File "/usr/local/lib/python3.6/site-packages/iocage_lib/ioc_fetch.py", line 537, in fetch_http_release
    self.fetch_update()
  File "/usr/local/lib/python3.6/site-packages/iocage_lib/ioc_fetch.py", line 966, in fetch_update
    su_env=fetch_env
  File "/usr/local/lib/python3.6/site-packages/iocage_lib/ioc_exec.py", line 104, in __enter__
    close_fds=True, bufsize=0, env=self.su_env
  File "/usr/local/lib/python3.6/subprocess.py", line 729, in __init__
    restore_signals, start_new_session)
  File "/usr/local/lib/python3.6/subprocess.py", line 1364, in _execute_child
    raise child_exception_type(errno_num, err_msg, err_filename)
PermissionError: [Errno 13] Permission denied: '/tmp/tmph1m4uq53'


@dlangille

This comment has been minimized.

Copy link
Contributor Author

commented Jan 21, 2019

Well, this is interesting:

[dan@knew:~] $ diff -ruN /usr/sbin/freebsd-update /tmp/tmpb_dqzz3a 
--- /usr/sbin/freebsd-update    2019-01-21 22:25:17.586680000 +0000
+++ /tmp/tmpb_dqzz3a    2019-01-21 23:10:32.296537000 +0000
@@ -27,7 +27,7 @@
 # IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 # POSSIBILITY OF SUCH DAMAGE.
 
-# $FreeBSD: releng/12.0/usr.sbin/freebsd-update/freebsd-update.sh 337497 2018-08-08 19:24:20Z asomers $
+# $FreeBSD$
 
 #### Usage function -- called from command-line handling code.
 
@@ -221,7 +221,7 @@
 config_Components () {

+               UNAME_r="${UNAME_r}-RELEASE"
+       fi
+       export UNAME_r
+}
+
 # Define what happens to output of utilities
 config_VerboseLevel () {
        if [ -z ${VERBOSELEVEL} ]; then
@@ -442,7 +451,8 @@
                        NOTTYOK=1
                        ;;
                --currently-running)
-                       shift; export UNAME_r="$1"
+                       shift
+                       config_SourceRelease $1 || usage
                        ;;
 
                # Configuration file equivalents
@@ -658,6 +668,24 @@
        FETCHDIR=${RELNUM}/${ARCH}
        PATCHDIR=${RELNUM}/${ARCH}/bp
 
+       # Disallow upgrade from a version that is not a release
+       case ${RELNUM} in
+               *-RELEASE | *-ALPHA*  | *-BETA* | *-RC*)
+                       ;;
+               *)
+                       echo -n "`basename $0`: "
+                       cat <<- EOF
+                               Cannot upgrade from a version that is not a release
+                               (including alpha, beta and release candidates)
+                               using `basename $0`. Instead, FreeBSD can be directly
+                               upgraded by source or upgraded to a RELEASE/RELENG version
+                               prior to running `basename $0`.
+                               Currently running: ${RELNUM}
+                       EOF
+                       exit 1
+                       ;;
+       esac
+
        # Figure out what directory contains the running kernel
        BOOTFILE=`sysctl -n kern.bootfile`
        KERNELDIR=${BOOTFILE%/kernel}
@@ -1888,7 +1916,7 @@
                echo ${NDEBUG} "files... "
                lam -s "${FETCHDIR}/f/" - -s ".gz" < filelist |
                    xargs ${XARGST} ${PHTTPGET} ${SERVERNAME}   \
-                   2>${QUIETREDIR}
+                       2>${STATSREDIR} | fetch_progress
 
                while read Y; do
                        if ! [ -f ${Y}.gz ]; then
@@ -2896,10 +2924,11 @@
                install_from_index INDEX-NEW || return 1
                install_delete INDEX-OLD INDEX-NEW || return 1
 
-               # Rebuild /etc/spwd.db and /etc/pwd.db if necessary.
+               # Rebuild generated pwd files.
                if [ ${BASEDIR}/etc/master.passwd -nt ${BASEDIR}/etc/spwd.db ] ||
-                   [ ${BASEDIR}/etc/master.passwd -nt ${BASEDIR}/etc/pwd.db ]; then
-                       pwd_mkdb -d ${BASEDIR}/etc ${BASEDIR}/etc/master.passwd
+                   [ ${BASEDIR}/etc/master.passwd -nt ${BASEDIR}/etc/pwd.db ] ||
+                   [ ${BASEDIR}/etc/master.passwd -nt ${BASEDIR}/etc/passwd ]; then
+                       pwd_mkdb -d ${BASEDIR}/etc -p ${BASEDIR}/etc/master.passwd
                fi
 
                # Rebuild /etc/login.conf.db if necessary.
[dan@knew:~] $ 

@skarekrow

This comment has been minimized.

Copy link
Member

commented Jan 22, 2019

Do you have a tmp dataset Dan?

@dlangille

This comment has been minimized.

Copy link
Contributor Author

commented Jan 22, 2019

Does this answer that?

[dan@knew:~] $ zfs list | grep tmp
system/data/bacula-restores                                            201K  29.9T   201K  /tmp/bacula-restores
system/tmp                                                            2.95M  29.9T  2.95M  none
system/var/tmp                                                         457K  29.9T   457K  none
zroot/tmp                                                               92K  2.00G    74K  /tmp
zroot/var/tmp                                                          174K  2.00G  47.5K  /var/tmp
[dan@knew:~] $ echo $TMP

[dan@knew:~] $ echo $TEMP

[dan@knew:~] $ 

@skarekrow

This comment has been minimized.

Copy link
Member

commented Jan 22, 2019

Does zroot/tmp have exec=on?

@dlangille

This comment has been minimized.

Copy link
Contributor Author

commented Jan 22, 2019

I was guessing no before I confirmed:

[dan@knew:~] $ zfs get exec zroot/tmp
NAME       PROPERTY  VALUE  SOURCE
zroot/tmp  exec      off    local

I don't like what I think is coming next.

@skarekrow

This comment has been minimized.

Copy link
Member

commented Jan 22, 2019

Just narrowing down the issue ;)

Turn that on. I swore there was a ticket around here for that issue, not sure where it went. I'll mark this as a bug as we should check that.

@skarekrow skarekrow added bug and removed can't reproduce labels Jan 22, 2019

@skarekrow skarekrow changed the title Updating 12.0-RELEASE to the latest patch level fails with PermissionError: [Errno 13] Permission denied: '/tmp/tmph1m4uq53' Check for exec=on if the user has a tmp dataset Jan 22, 2019

@dlangille

This comment has been minimized.

Copy link
Contributor Author

commented Jan 22, 2019

[dan@knew:~] $ sudo zfs set exec=on zroot/tmp
[dan@knew:~] $ sudo iocage fetch 12.0-RELEASE
[0] 9.3-RELEASE (EOL)
[1] 10.1-RELEASE (EOL)
[2] 10.2-RELEASE (EOL)
[3] 10.3-RELEASE (EOL)
[4] 10.4-RELEASE (EOL)
[5] 11.0-RELEASE (EOL)
[6] 11.1-RELEASE (EOL)
[7] 11.2-RELEASE
[8] 12.0-RELEASE

Type the number of the desired RELEASE
Press [Enter] to fetch the default selection: (12.0-RELEASE)
Type EXIT to quit: 8
Fetching: 12.0-RELEASE

Extracting: base.txz... 
Extracting: lib32.txz... 
Extracting: src.txz... 

* Updating 12.0-RELEASE to the latest patch level... 
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching public key from update2.freebsd.org... done.
Fetching metadata signature for 12.0-RELEASE from update2.freebsd.org... done.
Fetching metadata index... done.
Fetching 2 metadata files... done.
Inspecting system... done.
Preparing to download files... done.
Fetching 74 patches.....10....20....30....40....50....60....70.. done.
Applying patches... done.
Fetching 16 files... ....10... done.

The following files will be added as part of updating to 12.0-RELEASE-p2:
/usr/share/zoneinfo/Asia/Qostanay
/usr/src/contrib/sqlite3/Makefile.fallback
/usr/src/contrib/sqlite3/tea
/usr/src/contrib/sqlite3/tea/Makefile.in
/usr/src/contrib/sqlite3/tea/README
/usr/src/contrib/sqlite3/tea/aclocal.m4
/usr/src/contrib/sqlite3/tea/configure
/usr/src/contrib/sqlite3/tea/configure.ac
/usr/src/contrib/sqlite3/tea/doc
/usr/src/contrib/sqlite3/tea/doc/sqlite3.n
/usr/src/contrib/sqlite3/tea/generic
/usr/src/contrib/sqlite3/tea/generic/tclsqlite3.c
/usr/src/contrib/sqlite3/tea/license.terms
/usr/src/contrib/sqlite3/tea/pkgIndex.tcl.in
/usr/src/contrib/sqlite3/tea/tclconfig
/usr/src/contrib/sqlite3/tea/tclconfig/install-sh
/usr/src/contrib/sqlite3/tea/tclconfig/tcl.m4
/usr/src/contrib/sqlite3/tea/win
/usr/src/contrib/sqlite3/tea/win/makefile.vc
/usr/src/contrib/sqlite3/tea/win/nmakehlp.c
/usr/src/contrib/sqlite3/tea/win/rules.vc

The following files will be updated as part of updating to 12.0-RELEASE-p2:
/bin/freebsd-version
/usr/bin/svnlite
/usr/bin/svnliteadmin
/usr/bin/svnlitebench
/usr/bin/svnlitedumpfilter
/usr/bin/svnlitefsfs
/usr/bin/svnlitelook
/usr/bin/svnlitemucc
/usr/bin/svnliterdump
/usr/bin/svnliteserve
/usr/bin/svnlitesync
/usr/bin/svnliteversion
/usr/include/netinet/cc/cc.h
/usr/include/netinet/cc/cc_cubic.h
/usr/include/private/sqlite3/sqlite3.h
/usr/include/private/sqlite3/sqlite3ext.h
/usr/lib/libhdb.a
/usr/lib/libhdb.so.11
/usr/lib/libhdb_p.a
/usr/lib/libpmc.a
/usr/lib/libpmc.so.5
/usr/lib/libpmc_p.a
/usr/lib/libprivatesqlite3.a
/usr/lib/libprivatesqlite3.so.0
/usr/lib/libprivatesqlite3_p.a
/usr/lib32/libhdb.a
/usr/lib32/libhdb.so.11
/usr/lib32/libhdb_p.a
/usr/lib32/libpmc.a
/usr/lib32/libpmc.so.5
/usr/lib32/libpmc_p.a
/usr/lib32/libprivatesqlite3.a
/usr/lib32/libprivatesqlite3.so.0
/usr/lib32/libprivatesqlite3_p.a
/usr/libexec/bootpd
/usr/share/zoneinfo/Africa/Casablanca
/usr/share/zoneinfo/Africa/El_Aaiun
/usr/share/zoneinfo/Africa/Sao_Tome
/usr/share/zoneinfo/America/Metlakatla
/usr/share/zoneinfo/Asia/Hong_Kong
/usr/share/zoneinfo/Asia/Qyzylorda
/usr/share/zoneinfo/Asia/Tehran
/usr/share/zoneinfo/Pacific/Chuuk
/usr/share/zoneinfo/Pacific/Guam
/usr/share/zoneinfo/Pacific/Kosrae
/usr/share/zoneinfo/Pacific/Kwajalein
/usr/share/zoneinfo/Pacific/Majuro
/usr/share/zoneinfo/Pacific/Nauru
/usr/share/zoneinfo/Pacific/Palau
/usr/share/zoneinfo/Pacific/Pohnpei
/usr/share/zoneinfo/Pacific/Saipan
/usr/share/zoneinfo/zone.tab
/usr/src/contrib/sqlite3/Makefile.am
/usr/src/contrib/sqlite3/Makefile.in
/usr/src/contrib/sqlite3/Makefile.msc
/usr/src/contrib/sqlite3/configure
/usr/src/contrib/sqlite3/configure.ac
/usr/src/contrib/sqlite3/shell.c
/usr/src/contrib/sqlite3/sqlite3.c
/usr/src/contrib/sqlite3/sqlite3.h
/usr/src/contrib/sqlite3/sqlite3ext.h
/usr/src/contrib/tzdata/Makefile
/usr/src/contrib/tzdata/NEWS
/usr/src/contrib/tzdata/africa
/usr/src/contrib/tzdata/asia
/usr/src/contrib/tzdata/australasia
/usr/src/contrib/tzdata/leapseconds
/usr/src/contrib/tzdata/leapseconds.awk
/usr/src/contrib/tzdata/northamerica
/usr/src/contrib/tzdata/theory.html
/usr/src/contrib/tzdata/version
/usr/src/contrib/tzdata/ziguard.awk
/usr/src/contrib/tzdata/zone.tab
/usr/src/contrib/tzdata/zone1970.tab
/usr/src/libexec/bootpd/bootpd.c
/usr/src/sys/conf/newvers.sh
/usr/src/sys/netinet/cc/cc.h
/usr/src/sys/netinet/cc/cc_cubic.c
/usr/src/sys/netinet/cc/cc_cubic.h
/usr/src/sys/netinet/tcp_reass.c
Installing updates... done.
[dan@knew:~] $ sudo zfs set exec=off zroot/tmp
[dan@knew:~] $ 

@skarekrow

This comment has been minimized.

Copy link
Member

commented Jan 22, 2019

👍 Now all goes as expected, great to hear

@dlangille

This comment has been minimized.

Copy link
Contributor Author

commented Jan 22, 2019

I suspect I must turn it on again for the actual upgrade of jails.

@dlangille

This comment has been minimized.

Copy link
Contributor Author

commented Jan 22, 2019

Nope, that doesn't help for upgrade

[dan@knew:~] $ sudo zfs set exec=on zroot/tmp
[dan@knew:~] $ sudo iocage upgrade empty -r 12.0-RELEASE
Traceback (most recent call last):
  File "/usr/local/bin/iocage", line 10, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/iocage_cli/upgrade.py", line 39, in cli
    ioc.IOCage(jail=jail, skip_jails=True).upgrade(release)
  File "/usr/local/lib/python3.6/site-packages/iocage_lib/iocage.py", line 1949, in upgrade
    callback=self.callback
  File "/usr/local/lib/python3.6/site-packages/iocage_lib/ioc_upgrade.py", line 82, in upgrade_jail
    tmp_dataset = self.zfs_get_dataset_name('/tmp')
AttributeError: 'IOCUpgrade' object has no attribute 'zfs_get_dataset_name'
[dan@knew:~] $ 

@skarekrow

This comment has been minimized.

Copy link
Member

commented Jan 22, 2019

You will need to yes and Dan, upgrade your version :P it's months old

@dlangille

This comment has been minimized.

Copy link
Contributor Author

commented Jan 22, 2019

This is the latest in the FreeBSD ports tree.

[dan@knew:~] $ iocage --version
Version	1.0 RC 2018/11
[dan@knew:~] $ which iocage
/usr/local/bin/iocage
[dan@knew:~] $ pkg which /usr/local/bin/iocage
/usr/local/bin/iocage was installed by package py36-iocage-devel-1.0.0.20181219,1
[dan@knew:~] $ 

@dlangille

This comment has been minimized.

Copy link
Contributor Author

commented Jan 22, 2019

also, see above failure with exec=on

@skarekrow

This comment has been minimized.

Copy link
Member

commented Jan 22, 2019

The above failure is related to the old version, that was fixed. You're using iocage-devel which isn't as up-to-date currently. Though I believe another upgrade issue exists in 1.0 as well, so if you're not too afraid, I'd recommend using master right now, it's very close to being released as 1.1, so it should be stable.

@william-gr can we get iocage-devel bumped to the latest git please?

@dlangille

This comment has been minimized.

Copy link
Contributor Author

commented Jan 22, 2019

^ please with the devel... I prefer packages, even if devel.

@skarekrow

This comment has been minimized.

Copy link
Member

commented Jan 22, 2019

Sounds good, just noting for any others coming on by as well.

@dlangille

This comment has been minimized.

Copy link
Contributor Author

commented Jan 22, 2019

FYI, this is the host I migrated from thin ezjail jails to thick iocage jails. I upgraded the host to 12.0 last night. No issue with any jail.

@skarekrow

This comment has been minimized.

Copy link
Member

commented Jan 22, 2019

Awesome to hear!

@dlangille

This comment has been minimized.

Copy link
Contributor Author

commented Jan 22, 2019

@dlangille

This comment has been minimized.

Copy link
Contributor Author

commented Jan 22, 2019

[dan@knew:~] $ iocage --version
Version	1.1 PRERELEASE 2019/01

[dan@knew:~] $ sudo iocage upgrade empty -r 12.0-RELEASE
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching metadata signature for 11.2-RELEASE from update2.freebsd.org... done.
Fetching metadata index... done.
Fetching 1 metadata patches. done.
Applying metadata patches... done.
Fetching 2 metadata files... done.
Inspecting system... done.

The following components of FreeBSD seem to be installed:
world/base world/doc world/lib32

The following components of FreeBSD do not seem to be installed:
src/src world/base-dbg world/lib32-dbg

Does this look reasonable (y/n)? y 

Fetching metadata signature for 12.0-RELEASE from update2.freebsd.org... done.
Fetching metadata index... done.
Fetching 1 metadata patches. done.
Applying metadata patches... done.
Fetching 1 metadata files... done.
Inspecting system... done.
Fetching files from 11.2-RELEASE for merging... done.
Preparing to download files... done.
Fetching 7967 patches.....10....20....30
...
/bin/pwd
/bin/realpath
/bin/red
/bin/rm
/bin/rmail
To install the downloaded upgrades, run "/tmp/tmp5hepy9il install".
Installing updates...
Kernel updates have been installed.  Please reboot and run
"/tmp/tmp5hepy9il install" again to finish installing updates.
Installing updates...
Completing this upgrade requires removing old shared object files.
Please rebuild all installed 3rd party software (e.g., programs
installed from the ports tree) and then run "/tmp/tmp5hepy9il install"
again to finish installing updates.
Installing updates...rmdir: /iocage/jails/empty/root//var/db/etcupdate/current/usr/share/openssl/man/en.ISO8859-1: Directory not empty
rmdir: /iocage/jails/empty/root//var/db/etcupdate/current/usr/share/openssl/man: Directory not empty
rmdir: /iocage/jails/empty/root//var/db/etcupdate/current/usr/share/openssl: Directory not empty
rmdir: /iocage/jails/empty/root//var/db/etcupdate/current/usr/share/man/en.UTF-8: Directory not empty
rmdir: /iocage/jails/empty/root//var/db/etcupdate/current/usr/share/man/en.ISO8859-1: Directory not empty
rmdir: /iocage/jails/empty/root//var/db/etcupdate/current/usr/share/man: Directory not empty
 done.

empty successfully upgraded from 11.2-RELEASE-p7 to 12.0-RELEASE-p2!
[dan@knew:~] $ 

@skarekrow

This comment has been minimized.

Copy link
Member

commented Jan 22, 2019

Fantastic, thanks for posting back. Good to see it worked.

@skarekrow

This comment has been minimized.

Copy link
Member

commented Jan 23, 2019

Forgot this is already addressed in 30769f0

@skarekrow skarekrow closed this Jan 23, 2019

@skarekrow skarekrow added duplicate and removed bug labels Jan 23, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.