Changes between Initial Version and Version 2 of Ticket #1074

09/19/11 20:37:07 (13 years ago)

This was silently deployed to -proposed last Thursday night and production just now.


  • Ticket #1074

    • Property Status changed from new to closed
    • Property Reporter changed from jdreed to geofft
    • Property Component changed from -- to login chroot
    • Property Summary changed from Fix for [redacted] to D-Bus-activated services run outside the chroot
    • Property Resolution changed from to fixed
  • Ticket #1074 – Description

    initial v2  
    1 We need a fix for [redacted] to prevent users from [redacted] on the cluster machines. 
     1D-Bus has a facility for running services when you send a message to a well-known name but no service is bound to that well-known name (these services are listed in /usr/share/dbus-1/system-services). The system D-Bus daemon runs outside the chroot, so naturally services it activates will also run outside the chroot. 
     3This interacts poorly in a couple of cases with privileged-inside-the-chroot programs making requests to daemons outside the chroot over D-Bus. One notable case is aptdaemon, used by Ubuntu Software Center -- if you install something via that GUI (as opposed to any other GUI, or the command line), then it will get installed in the environment of aptdaemon, namely outside the chroot. 
     5We're probably seeing this in production, given that we've run into a couple of machines with Skype mysteriously installed outside the chroot, and Skype from the partners repository is well-advertised in Ubuntu Software Center. 
     7Addressing #462 would fix this solidly, but would also be fairly high-impact. A much smaller-impact fix is to hook the servicehelper (/usr/lib/dbus-1.0/dbus-daemon-launch-helper, as mentioned in /etc/dbus-1/system.conf), which elevates privileges from the messagebus user to root when running a service. Since we want D-Bus activation to work at boot time, we should have a wrapper that detects if a login chroot exists, and runs the original servicehelper inside the chroot if so, and otherwise just runs the original servicehelper.