[buildd-tools-devel] Bug#727712: Supplementary groups taken from the host system instead of the chroot

Gaudenz Steinlin gaudenz at debian.org
Fri Oct 25 16:22:55 UTC 2013 

Package: schroot
Version: 1.6.5-1.1
Severity: important
Tags: patch

Supplememntary groups are initilized with initgroups before switching to
the chroot. This means that groups are initialize according to the group
database on the host system instead of the chroot. But groups should be
initialized according to the group database inside the chroot.

The attached patch moves the group initialization after the chroot call.
It is done against 1.6.5, but should also apply to 1.7.1 modulo the
changed file location.

But #685512 is a related but orthogonal problem. It might make sense to
also move the pam initialization to after the chroot call to use the pam
configuration inside the chroot. Otherwise setting groups with
pam_groups won't because they get overwritten by initgroups (as it's the
case right now as far as I understand the code). But setting groups with
pam_groups seems like a corner case to me.

Gaudenz

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (800, 'testing'), (700, 'unstable'), (50, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.10-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages schroot depends on:
ii  libboost-filesystem1.54.0       1.54.0-2
ii  libboost-iostreams1.54.0        1.54.0-2
ii  libboost-program-options1.54.0  1.54.0-2
ii  libboost-regex1.54.0            1.54.0-2
ii  libboost-system1.54.0           1.54.0-2
ii  libc6                           2.17-93
ii  libgcc1                         1:4.8.1-10
ii  liblockdev1                     1.0.3-1.5+b1
ii  libpam0g                        1.1.3-9
ii  libstdc++6                      4.8.1-10
ii  libuuid1                        2.20.1-5.5
ii  schroot-common                  1.6.5-1.1

schroot recommends no packages.

Versions of packages schroot suggests:
pn  aufs-modules | unionfs-modules  <none>
ii  btrfs-tools                     0.19+20130705-2
ii  debootstrap                     1.0.53
ii  lvm2                            2.02.98-6+b1
pn  qemu-user-static                <none>

-- Configuration Files:
/etc/schroot/sbuild/nssdatabases changed [not included]

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: chroot_before_initgroups
Type: text/x-diff
Size: 1661 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20131025/484219be/attachment.diff>

More information about the Buildd-tools-devel mailing list