[Buildd-tools-devel] Bug#401180: schroot: using a symlink for /var/lib/schroot/mount causes /home and /tmp to be erased

Lucas Nussbaum lucas at lucas-nussbaum.net
Sat Dec 2 08:49:43 CET 2006 

On 01/12/06 at 16:47 -0800, Steve Langasek wrote:
> severity 401180 important
> thanks
> 
> On Fri, Dec 01, 2006 at 02:29:29PM +0100, Lucas Nussbaum wrote:
> > Package: schroot
> > Version: 1.0.3-1
> > Severity: critical
> > Justification: causes removal of /home
> 
> > I am using "file" chroots. the chroot is usually untared under
> > /var/lib/schroot, however, I wanted to change this to another location
> > (my /var is quite small, and many apps don't like it being full).
> 
> > I couldn't find any way to specify another directory for this, so I just
> > symlinked /var/lib/schroot to another place. However, this caused
> > $LIBEXEC_DIR/schroot-listmounts to be unable to determine that /home,
> > /tmp, etc were still bind-mounted. So do_umount_all in that file exits
> > without error even if my filesystems are still bind-mounted, and my home
> > directory and my /tmp got removed.
> 
> Symlinking system directories that are under the control of packages is
> always a risky affair.  I'm sorry if this resulted in real data loss for
> you, but I don't think it's appropriate to hold schroot responsible at an
> RC-level for all the ways that things can go wrong if you put symlinks where
> directories are expected.

I still think that it should be considered RC, because it could make the user
very very unhappy. If one of the following condiditions was true, I
would agree that it isn't RC:
- schroot provides a way to change the directory with a config option
- schroot detects that a symlink is used, warns the user about
  possible data loss, and refuses to start
- schroot doesn't bind-mount /home by default, but only /tmp
- schroot detects that it couldn't find any bind-mount to unmount, and
  refuses to clean-up the environment. This is easy to do, I just
changed 10mount to do that:
do_umount_all()
{
    echo "Mount points:"
    "$LIBEXEC_DIR/schroot-listmounts" -m "$1"
    if [ $("$LIBEXEC_DIR/schroot-listmounts" -m "$1" | wc -l) -lt 2 ];
then
            echo "No mount point found! Something is probably very strange!"
            exit 1
    fi
    "$LIBEXEC_DIR/schroot-listmounts" -m "$1" |
[...]

However, schroot doesn't do any of those currently.

> BTW, an obvious way to do this without the use of symlinks would be to make
> /var/lib/schroot *itself* a bind-mount...
 
Yeah, that works, but it isn't documented. If you have the bad idea to
use a symlink first, you won't discover this before your /home will be
gone :)

I think you should reconsider setting this as RC. I fear that we will
release with that if it's not RC ...
-- 
| Lucas Nussbaum
| lucas at lucas-nussbaum.net   http://www.lucas-nussbaum.net/ |
| jabber: lucas at nussbaum.fr             GPG: 1024D/023B3F4F |

More information about the Buildd-tools-devel mailing list