curtin-dev team mailing list archive

[Mitchell Augustin <mp+460552@xxxxxxxxxxxxxxxxxx>]

Mitchell Augustin has proposed merging ~mitchellaugustin/curtin:namespace_chroot_fix into curtin:master.

Commit message:
Symlink ischroot to true in in_target and add --mount-proc to unshare

Some programs that are installed by default in Ubuntu rely on checking
/proc/$pid to determine if certain processes are still alive. Curtin's
current default behavior for "curtin in-target" is to run children
inside a separate PID namespace without also isolating /proc,
meaning checks for /proc/$pid usually wait on the wrong process
entirely. One such example is in any DKMS package, as DKMS checks
/proc/$pid. (I have submitted a similar patch to them to address
this as well: https://github.com/dell/dkms/pull/403).

Adding --mount-proc to unshare --pid args resolves that issue since
/proc is already mounted in util.py. However, it introduces a new
issue with postinstall scripts that rely on ischroot to determine
whether to restart systemd, since ischroot behavior is undefined
in pid namespaces. Symlinking /usr/bin/ischroot to /usr/bin/true
in in-target resolves this issue and is always correct since the
symlink is added only within ChrootableTargets.

Requested reviews:
  curtin developers (curtin-dev)

For more details, see:
https://code.launchpad.net/~mitchellaugustin/curtin/+git/curtin/+merge/460552

Symlink ischroot to true in in_target and add --mount-proc to unshare
-- 
Your team curtin developers is requested to review the proposed merge of ~mitchellaugustin/curtin:namespace_chroot_fix into curtin:master.

diff --git a/curtin/commands/in_target.py b/curtin/commands/in_target.py
index c6f7abd..5c2daf0 100644
--- a/curtin/commands/in_target.py
+++ b/curtin/commands/in_target.py
@@ -46,6 +46,9 @@ def in_target_main(args):
         daemons = True
     cmd = args.command_args
     with util.ChrootableTarget(target, allow_daemons=daemons) as chroot:
+        # Symlink true to ischroot since we may be in separate PID
+        # namespace, which can throw off ischroot
+        chroot.subp(['ln', '-sf', '/usr/bin/true', '/usr/bin/ischroot'])
         exit = 0
         if not args.interactive:
             try:
diff --git a/curtin/util.py b/curtin/util.py
index 9ab4829..e7b9f13 100644
--- a/curtin/util.py
+++ b/curtin/util.py
@@ -204,6 +204,16 @@ def _get_unshare_pid_args(unshare_pid=None, target=None, euid=None):
         raise RuntimeError(
             "given unshare_pid=%s but no unshare command." % unshare_pid_in)
 
+    target_proc = os.path.join(tpath, 'proc')
+
+    LOG.debug("Checking if target_proc (%s) is a mount", target_proc)
+
+    if os.path.ismount(target_proc):
+        LOG.debug("It is, so unshare will use --mount-proc=%s", target_proc)
+        return ['unshare', '--fork', '--pid', '--mount-proc=' + target_proc, '--']
+
+    LOG.debug("It's not, using normal behavior")
+
     return ['unshare', '--fork', '--pid', '--']