Uploaded image for project: 'MariaDB Foundation Development'
  1. MariaDB Foundation Development
  2. MDBF-1061

chmod -R fails on debiansid (ppc64le) on host with docker < 26.0.0

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • N/A
    • N/A
    • Buildbot
    • None

    Description

      https://buildbot.mariadb.org/#/builders/202/builds/21042/steps/4/logs/stdio

      	cp --reflink=auto -a ./README.md debian/mariadb-client/usr/share/doc/mariadb-client
      		 
      	cp --reflink=auto -a ./debian/additions/innotop/changelog.innotop debian/mariadb-client/usr/share/doc/mariadb-client
      		 
      	chmod -R u\+rw,go=rX debian/mariadb-client/usr/share/doc
      		 
      chmod: changing permissions of 'debian/mariadb-client/usr/share/doc/mariadb-client': Operation not permitted
      		 
      chmod: changing permissions of 'debian/mariadb-client/usr/share/doc/mariadb-client/README.md': Operation not permitted
      		 
      chmod: changing permissions of 'debian/mariadb-client/usr/share/doc/mariadb-client/changelog.innotop': Operation not permitted
      		 
      dh_installdocs: error: chmod -R u\+rw,go=rX debian/mariadb-client/usr/share/doc returned exit code 1
      		 
      make: *** [debian/rules:211: binary] Error 25
      		 
      dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2

      glibc fchmodat2 fallback is not reached due to ENOSYS stub not working on ppc64le.
      https://github.com/moby/moby/issues/48471

      newfstatat(4, "file", {st_mode=S_IFREG|0644, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
      		 
      fchmodat2(4, "file", 0644, AT_SYMLINK_NOFOLLOW) = -1 EPERM (Operation not permitted)
      		 
      fcntl(1, F_GETFL)                       = 0x10002 (flags O_RDWR|O_LARGEFILE)
      		 
      write(2, "chmod: ", 7chmod: )

      Cannot reproduce it on amd64 with:

      • debian12
      • kernel 6.1.0-34-amd64
      • Docker version 20.10.24+dfsg1, build 297e128

      which suggests there's an arch specific issue.

      On affected ppc host, running with latest profile at: https://github.com/moby/moby/blob/master/profiles/seccomp/default.json
      solves the issue.

       
      		 
      razvan@us-raptor-bbw1-p9:~$ uname -r
      		 
      6.1.0-22-powerpc64le
      		 
      razvan@us-raptor-bbw1-p9:~$ docker -v
      		 
      Docker version 20.10.24+dfsg1, build 297e128
      		 
       
      		 
       
      		 
      docker run -it --rm --security-opt seccomp=comp.json quay.io/mariadb-foundation/bb-worker:debiansid bash
      		 
       
      		 
      buildbot@a2ef06093cda:~$ mkdir tmp
      		 
      buildbot@a2ef06093cda:~$ touch tmp/file
      		 
      buildbot@a2ef06093cda:~$ strace chmod -R 777 tmp/
      		 
      ...
      		 
      fchmodat2(4, "file", 0777, AT_SYMLINK_NOFOLLOW) = -1 ENOSYS (Function not implemented)
      		 
      ...

      The custom seccomp profile can be set globally and this is what this task will solve.

      Attachments

        Activity

          People

            rvarzaru Varzaru Razvan-Liviu
            rvarzaru Varzaru Razvan-Liviu
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0d
                0d
                Logged:
                Time Spent - 1.5d
                1.5d