Changes between Initial Version and Version 2 of Ticket #1074


Ignore:
Timestamp:
09/19/11 20:37:07 (11 years ago)
Author:
geofft
Comment:

This was silently deployed to -proposed last Thursday night and production just now.

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #1074

    • Property Status changed from new to closed
    • Property Reporter changed from jdreed to geofft
    • Property Component changed from -- to login chroot
    • Property Summary changed from Fix for [redacted] to D-Bus-activated services run outside the chroot
    • Property Resolution changed from to fixed
  • Ticket #1074 – Description

    initial v2  
    1 We need a fix for [redacted] to prevent users from [redacted] on the cluster machines. 
     1D-Bus has a facility for running services when you send a message to a well-known name but no service is bound to that well-known name (these services are listed in /usr/share/dbus-1/system-services). The system D-Bus daemon runs outside the chroot, so naturally services it activates will also run outside the chroot. 
     2 
     3This interacts poorly in a couple of cases with privileged-inside-the-chroot programs making requests to daemons outside the chroot over D-Bus. One notable case is aptdaemon, used by Ubuntu Software Center -- if you install something via that GUI (as opposed to any other GUI, or the command line), then it will get installed in the environment of aptdaemon, namely outside the chroot. 
     4 
     5We're probably seeing this in production, given that we've run into a couple of machines with Skype mysteriously installed outside the chroot, and Skype from the partners repository is well-advertised in Ubuntu Software Center. 
     6 
     7Addressing #462 would fix this solidly, but would also be fairly high-impact. A much smaller-impact fix is to hook the servicehelper (/usr/lib/dbus-1.0/dbus-daemon-launch-helper, as mentioned in /etc/dbus-1/system.conf), which elevates privileges from the messagebus user to root when running a service. Since we want D-Bus activation to work at boot time, we should have a wrapper that detects if a login chroot exists, and runs the original servicehelper inside the chroot if so, and otherwise just runs the original servicehelper.