disable apt sandboxing if the chroot directory is not accessible by the _apt user

This commit is contained in:
Johannes 'josch' Schauer 2019-02-28 11:54:03 +01:00
parent 632b19eca3
commit 920877fa2a
Signed by untrusted user: josch
GPG key ID: F2CBA5C78FBD83E1
2 changed files with 39 additions and 3 deletions

View file

@ -347,6 +347,24 @@ else
./run_null.sh SUDO ./run_null.sh SUDO
fi fi
print_header "mode=root,variant=apt: chroot directory not accessible by _apt user"
cat << END > shared/test.sh
#!/bin/sh
set -eu
export LC_ALL=C.UTF-8
mkdir /tmp/debian-unstable
chmod 700 /tmp/debian-unstable
$CMD --mode=root --variant=apt unstable /tmp/debian-unstable $mirror
tar -C /tmp/debian-unstable --one-file-system -c . | tar -t | sort > tar2.txt
diff -u tar1.txt tar2.txt
rm -r /tmp/debian-unstable
END
if [ "$HAVE_QEMU" = "yes" ]; then
./run_qemu.sh
else
./run_null.sh SUDO
fi
print_header "mode=unshare,variant=apt: create gzip compressed tarball" print_header "mode=unshare,variant=apt: create gzip compressed tarball"
cat << END > shared/test.sh cat << END > shared/test.sh
#!/bin/sh #!/bin/sh

View file

@ -1104,6 +1104,22 @@ sub setup {
# into account. # into account.
$ENV{"APT_CONFIG"} = "$tmpfile"; $ENV{"APT_CONFIG"} = "$tmpfile";
# when apt-get update is run by the root user, then apt will attempt to
# drop privileges to the _apt user. This will fail if the _apt user does
# not have permissions to read the root directory. In that case, we have
# to disable apt sandboxing.
if ($options->{mode} eq 'root') {
my $dummy = '/var/lib/apt/lists/partial/dummy';
if (system('/usr/lib/apt/apt-helper', 'drop-privs', 'touch', "$options->{root}$dummy") != 0) {
warning "Download is performed unsandboxed as root as file $options->{root}$dummy couldn't be accessed by user _apt";
open my $fh, '>>', $tmpfile or error "cannot open $tmpfile for appending: $!";
print $fh "APT::Sandbox::User \"root\";\n";
close $fh;
} else {
unlink "$options->{root}$dummy" or error "unable to unlink $options->{root}$dummy: $!";
}
}
# setting PATH for chroot, ldconfig, start-stop-daemon... # setting PATH for chroot, ldconfig, start-stop-daemon...
if (defined $ENV{PATH} && $ENV{PATH} ne "") { if (defined $ENV{PATH} && $ENV{PATH} ne "") {
$ENV{PATH} = "$ENV{PATH}:/usr/sbin:/usr/bin:/sbin:/bin"; $ENV{PATH} = "$ENV{PATH}:/usr/sbin:/usr/bin:/sbin:/bin";
@ -2480,6 +2496,7 @@ Examples:
--aptopt='Acquire::Languages "none"' --aptopt='Acquire::Languages "none"'
--aptopt='Apt::Install-Recommends "true"' --aptopt='Apt::Install-Recommends "true"'
--aptopt='Acquire::http { Proxy "http://127.0.0.1:3142"; }' --aptopt='Acquire::http { Proxy "http://127.0.0.1:3142"; }'
--aptopt='APT::Sandbox::User "root"'
=item B<--dpkgopt>=I<option>|I<file> =item B<--dpkgopt>=I<option>|I<file>
@ -2624,9 +2641,10 @@ B<fakechroot> is used if the fakechroot binary exists.
=item B<sudo>, B<root> =item B<sudo>, B<root>
This mode directly executes chroot and is the same mode of operation as is used This mode directly executes chroot and is the same mode of operation as is
by debootstrap. It is the only mode that can directly create a directory chroot used by debootstrap. It is the only mode that can directly create a directory
with the right permissions. chroot with the right permissions. If the chroot directory is not accessible
by the _apt user, then apt sandboxing will be automatically disabled.
=item B<unshare> =item B<unshare>