[Bug 2075546] Re: Cannot install into target '/tmp/ubuntu-image-XXX/chroot' mounted with noexec or nodev
Paul Mars
2075546 at bugs.launchpad.net
Wed Aug 14 07:55:59 UTC 2024
I see 2 candidates (into which creating the ubuntu-image-XXXXXXX dir for
each build):
- the current working directory
- /var/tmp AFAICS this is currently still under the / mountpoint, so it should be safer from size constraints and noexec/nodev permissions restrictions.
The drawback of not using /tmp anymore is that we risk filling the disk with failed build directories without the user noticing and without any chance to be saved by a reboot.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to Ubuntu Image.
https://bugs.launchpad.net/bugs/2075546
Title:
Cannot install into target '/tmp/ubuntu-image-XXX/chroot' mounted with
noexec or nodev
Status in Ubuntu Image:
New
Bug description:
On a fresh oracular installation /tmp is a tmpfs mounted by systemd
tmp.mount which is mounted with nodev permissions. This leads to the
following error when trying to run ubuntu-image:
[0] prepare_gadget_tree
[1] load_gadget_yaml
[2] verify_artifact_names
[3] germinate
[4] create_chroot
Error: Error running debootstrap command "/snap/ubuntu-image/876/usr/sbin/debootstrap --arch arm64 --variant=minbase --include=ca-certificates --components=main,universe,multiverse,restricted oracular /tmp/ubuntu-
image-100185c6-1f8d-4d44-88e8-20fa8b330c1e/chroot http://ports.ubuntu.com/ubuntu-ports/". Error is "exit status 1". Output is:
/snap/ubuntu-image/876/usr/sbin/debootstrap: 1638: cannot create /tmp/ubuntu-image-100185c6-1f8d-4d44-88e8-20fa8b330c1e/chroot/test-dev-null: Permission denied
E: Cannot install into target '/tmp/ubuntu-image-100185c6-1f8d-4d44-88e8-20fa8b330c1e/chroot' mounted with noexec or nodev
Looking at mount this is confirmed:
$ mount | grep /tmp
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,nr_inodes=1048576,inode64)
The offender is the systemd tmp.mount target:
$ systemctl cat tmp.mount
# /usr/lib/systemd/system/tmp.mount
# SPDX-License-Identifier: LGPL-2.1-or-later
#
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
[Unit]
Description=Temporary Directory /tmp
Documentation=https://systemd.io/TEMPORARY_DIRECTORIES
Documentation=man:file-hierarchy(7)
Documentation=https://systemd.io/API_FILE_SYSTEMS
ConditionPathIsSymbolicLink=!/tmp
DefaultDependencies=no
Conflicts=umount.target
Before=local-fs.target umount.target
After=swap.target
[Mount]
What=tmpfs
Where=/tmp
Type=tmpfs
Options=mode=1777,strictatime,nosuid,nodev,size=50%%,nr_inodes=1m
Which is part of the systemd package in oracular:
$ dpkg -S /usr/lib/systemd/system/tmp.mount
systemd: /usr/lib/systemd/system/tmp.mount
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-image/+bug/2075546/+subscriptions
More information about the foundations-bugs
mailing list