[Bug 2056302] Re: tar(1) on noble gives EPERM [Operation not permitted] errors when extracting symlinks

Daniel Richard G. 2056302 at bugs.launchpad.net
Wed Mar 6 11:14:13 UTC 2024 

Tracked down the cause to the Docker host, which runs on jammy, not
knowing about fchmodat2(). The syscall should normally return ENOTSUP
when called with AT_SYMLINK_NOFOLLOW on Linux, but the Docker seccomp
profile causes it to return EPERM, which confuses tar(1). Closing.

** Changed in: tar (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to tar in Ubuntu.
https://bugs.launchpad.net/bugs/2056302

Title:
  tar(1) on noble gives EPERM [Operation not permitted] errors when
  extracting symlinks

Status in tar package in Ubuntu:
  Invalid

Bug description:
  This concerns tar 1.35+dfsg-3 in Ubuntu noble. This does NOT affect
  tar 1.34+dfsg-1.2ubuntu1.1 in mantic.

  I'm seeing errors like this:

      $ tar xvJf /extern/source/chromium_122.0.6261.111.orig.tar.xz --wildcards chromium-122.0.6261.111/ash/webui/camera_app_ui/resources/cca\*
      chromium-122.0.6261.111/ash/webui/camera_app_ui/resources/cca
      tar: chromium-122.0.6261.111/ash/webui/camera_app_ui/resources/cca: Cannot change mode to rwxr-xr-x: Operation not permitted

  (I am running this in a noble Docker container environment, and the
  command is extracting into normal user file space.)

  This is what strace shows:

  23    symlinkat("utils/cca.py", AT_FDCWD, "chromium-122.0.6261.111/ash/webui/camera_app_ui/resources/cca") = 0
  23    utimensat(AT_FDCWD, "chromium-122.0.6261.111/ash/webui/camera_app_ui/resources/cca", [UTIME_OMIT, {tv_sec=1709684076, tv_nsec=0} /* 2024-03-06T00:14:36+0000 */], AT_SYMLINK_NOFOLLOW) = 0
  23    newfstatat(AT_FDCWD, "chromium-122.0.6261.111/ash/webui/camera_app_ui/resources/cca", {st_mode=S_IFLNK|0777, st_size=12, ...}, AT_SYMLINK_NOFOLLOW) = 0
  23    fchmodat2(AT_FDCWD, "chromium-122.0.6261.111/ash/webui/camera_app_ui/resources/cca", 0755, AT_SYMLINK_NOFOLLOW) = -1 EPERM (Operation not permitted)

  The fchmodat(2) man page has the following verbiage:

     AT_SYMLINK_NOFOLLOW
        If pathname is a symbolic link, do not dereference  it:  instead
        operate  on  the link itself.  This flag is not currently impleā€
        mented.

  For comparison, this is what happens on mantic:

  24    symlinkat("utils/cca.py", AT_FDCWD, "chromium-122.0.6261.111/ash/webui/camera_app_ui/resources/cca") = 0
  24    utimensat(AT_FDCWD, "chromium-122.0.6261.111/ash/webui/camera_app_ui/resources/cca", [UTIME_OMIT, {tv_sec=1709684076, tv_nsec=0} /* 2024-03-06T00:14:36+0000 */], AT_SYMLINK_NOFOLLOW) = 0
  24    newfstatat(AT_FDCWD, "chromium-122.0.6261.111/ash/webui/camera_app_ui/resources/cca", {st_mode=S_IFLNK|0777, st_size=12, ...}, AT_SYMLINK_NOFOLLOW) = 0
  24    openat(AT_FDCWD, "chromium-122.0.6261.111/ash/webui/camera_app_ui/resources/cca", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 3
  24    newfstatat(3, "", {st_mode=S_IFLNK|0777, st_size=12, ...}, AT_EMPTY_PATH) = 0
  24    close(3)                          = 0

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2056302/+subscriptions

More information about the foundations-bugs mailing list