Bug#747946: pbuilder: should not use su, because it breaks with systemd and user namespaces
Helmut Grohne
helmut at subdivi.de
Tue May 13 09:32:34 UTC 2014
Package: pbuilder
Version: 0.215
Severity: normal
As has been pointed out on debian-devel at
https://lists.debian.org/debian-devel/2014/05/msg00366.html using su in
things like /etc/init.d is wrong. In a similar vein, pbuilder's usage of
SUTOUSER is wrong, because it creates a new session, but builds should
not create sessions. Apart from that, it also breaks running pbuilder
inside user namespaces:
I: Extracting source
su: System error
The invocation of su is a bit more verbose in auth.log:
su[123]: PAM audit_log_acct_message() failed: Operation not permitted
su[123]: pam_authenticate: System error
su[123]: FAILED su for pbuilder by root
su[123]: - ??? root:pbuilder
It is not clear to me what should be used instead. A number of options
were mentioned:
* start-stop-daemon
SUTOUSER=/sbin/start-stop-daemon --start --pidfile /dev/null --chuid pbuilder --startas /bin/sh
(Thanks to Peter Palfrader for coming up with this beast.)
* chpst (non-essential, package runit)
* sudo (non-essential, package sudo)
Helmut
More information about the Pbuilder-maint
mailing list