[systemd-devel] moving a directory let me with a 65534:65534 owner/group directory

arnaud gaboury arnaud.gaboury at gmail.com
Thu Sep 1 16:13:28 UTC 2016 

On Thu, Sep 1, 2016 at 4:24 PM arnaud gaboury <arnaud.gaboury at gmail.com>
wrote:

> On Thu, Sep 1, 2016 at 2:02 PM Lennart Poettering <lennart at poettering.net>
> wrote:
>
>> On Thu, 01.09.16 10:47, arnaud gaboury (arnaud.gaboury at gmail.com) wrote:
>>
>> > I have been moving directories and files between my host and my
>> container
>> > many times since more than one year with no issues. Host is Archlinux
>> and
>> > container Fedora 24 (upgrade to 24 is quite recent: no more than 2
>> months).
>> >
>> > I moved a directory today from host to container and this let me, for
>> the
>> > first time, with a directory in the container owned by 65534:65534.
>> > <The UID 65534 is commonly reserved for *nobody*, a user with no system
>> > privileges, as opposed to an ordinary (i.e., *non-privileged*) user.
>> This
>> > UID is often used for individuals accessing the system remotely via FTP
>> or
>> > HTTP[0] >
>>
>> Uh, oh. My gues is this: you are using user namespaces (wich is the
>> default these days if you use systemd-nspawn at .service), and I nevre
>> updated the copy logic in machined to deal with that...
>>
>
I rebuilt my kernel with removing user namespace (as it is set):
 # CONFIG_USER_NS is not set

Here was my container output:
------------------------------------------------
[poisonivy at thetradinghall]/% ls -al
total 16K
dr-xr-xr-x   1 363397120 363397120  198 Sep  1 15:18 ./
dr-xr-xr-x   1 363397120 363397120  198 Sep  1 15:18 ../
dr-xr-xr-x   1 363397120 363397120    0 Feb  3  2016 boot/
drwxrwxr-x   1 363397120 363397120   62 Aug 26 19:59 db/
drwxr-xr-x   7 root      root       440 Sep  1 17:33 dev/
drwxr-xr-x   1 363397120 363397120 4.1K Sep  1 15:34 etc/
drwxr-xr-x   1 363397120 363397120   76 Feb  3  2016 home/
drwxrwxrwx   1 363397120 363397120    0 Aug 28 13:47 keybase/
drwxr-xr-x   1 363397120 363397120    0 Feb  3  2016 media/
drwxr-xr-x   1 363397120 363397120    0 Feb  3  2016 mnt/
drwxr-xr-x   1 363397120 363397120   56 Feb  3  2016 opt/
dr-xr-xr-x 376 root      root         0 Sep  1 17:33 proc/
dr-xr-x---   1 363397120 363397120  378 Sep  1 15:32 root/
drwxr-xr-x  32 root      root       800 Sep  1 17:34 run/
drwxr-xr-x   1 root      root         6 Mar  3 17:43 share/
drwxr-xr-x   1 363397120 363397120    0 Feb  3  2016 srv/
drwxrwxr-x   1 363397120 363397130  242 Sep  1 16:34 storage/
drwxr-xr-x   9 root      root       180 Sep  1 17:33 sys/
drwxrwxrwt  11 root      root       220 Sep  1 17:39 tmp/
drwxr-xr-x   1 363397120 363397120  100 Dec 14  2015 usr/
drwxr-xr-x   1 363397120 363397120  194 Mar 19 18:29 var/
-rw-r--r--   1 363397120 363397120    0 Sep  1 15:18 .autorelabel
lrwxrwxrwx   1 363397120 363397120    7 Feb  3  2016 bin -> usr/bin/
lrwxrwxrwx   1 363397120 363397120    7 Feb  3  2016 lib -> usr/lib/
lrwxrwxrwx   1 363397120 363397120    9 Feb  3  2016 lib64 -> usr/lib64/
lrwxrwxrwx   1 root      root         8 Feb  3  2016 sbin -> usr/sbin/
-----------------------------------------------------------------------------

Back with user namespace set to Y, output is correct (except the nobody
story).


> Or in other words, it's a bug in machined.
>>
>> I filed a github issue to keep track of this, so that we can get this
>> fixed:
>>
>> https://github.com/systemd/systemd/issues/4078
>
>
> Thank you for opening the issue. I have been reading quite a lot about
> this on the past few hours. Most of such issues arise with NTFS, which is
> not my case
> # mount
> /dev/sdb1 on / type btrfs
> (rw,noatime,compress=lzo,ssd,space_cache,autodefrag,subvolid=266,subvol=/rootvol)
> ...........
>
>  if it can help, from container:
> -----------------------------------------------
> root at thetradinghall ➤➤ / # lsattr
> ---------------- ./usr
> lsattr: Inappropriate ioctl for device While reading flags on ./run
> ---------------- ./boot
> lsattr: Inappropriate ioctl for device While reading flags on ./dev
> ---------------- ./home
> ---------------- ./media
> ---------------- ./mnt
> ---------------- ./opt
> lsattr: Inappropriate ioctl for device While reading flags on ./proc
> ---------------- ./root
> ---------------- ./srv
> lsattr: Inappropriate ioctl for device While reading flags on ./sys
> lsattr: Inappropriate ioctl for device While reading flags on ./tmp
> ---------------- ./etc
> ---------------- ./var
> ---------------- ./db
> ---------------- ./storage
> ---------------- ./share
> lsattr: Operation not supported While reading flags on ./sbin
> ---------------- ./keybase
> lsattr: Operation not supported While reading flags on ./bin
> lsattr: Operation not supported While reading flags on ./lib
> lsattr: Operation not supported While reading flags on ./lib64
> -----------------------------------------
>
> This issue is new and have been able to cp/mv from host to container and
> preserve file/folders attributes until now. Something in my recent upgrades
> have done these changes.
>
>
>> Lennart
>>
>> --
>> Lennart Poettering, Red Hat
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20160901/89496ebf/attachment.html>

More information about the systemd-devel mailing list