Re: fakeroot status

[Roland McGrath]

> Cruel.  So the code in libpager/demux.c is actually wrong in using the
> remote part rather than the local port, I take it?

Yes.

> > Do you mean the issue of peropen state that I mentioned, or something else?
> 
> Yeah, that one.

Ok, I don't think that will bite for the package-building uses of fakeroot.

> Ok, here is an update:
> 
> * in a fakeroot, running suid/sgid binaries doesn't work, it fails with
>   Operation not permitted.  It seems that auth_makeauth fails:
> 
>   83->20000 (  82 0 "ids" "PWD=/" { 80  89  35} { 30  54  38  99  91 (null)}
> {18 0 0 0 0} pn{135 127 129  92 134 120 119  90  12  75   0  89  91  92}
> pn{117})  67->21013 () = 0 {23 3 0 16297 1019142589 0 35309 1 0 0 6372
> 1021229047 0 1019142272 0 1019142514 0 8192 16 0 0 135676248 377 135356968
> 135356968 135356968 361 135357320 135357320 135356968 345 135357304}
>   38->25000 () = 0 1000 {1000 1000} 1000 {1000 1000}
>   38->25001 (   9 0 {1000 0 1000} 1000 {1000 1000}) = 0x40000001 (Operation
> not permitted)
> 
>   I am not sure what happens here, but it seems to indicate that the way
>   programs are executed in a fakeroot is more like if the program comes from
>   fakeroot itself rather than the underlying filesystem.

That makes sense.  Indeed, fakeroot is netfs so it exec's by accessing the
underlying node the same way exec'ing on nfs accesses the remote file.
It's fshelp_exec_reauth trying the makeauth call that rightly fails since
fakeroot's auth port is not root.  

There are a few different ways to attack this:

1. Override netfs_S_file_exec to just pass it through.  Then a setuid exec
   will be a real setuid exec and will escape from the fakeroot and
   fakeauth universes entirely.  This is the behavior of Linux fakeroot,
   since it does nothing special for exec and LD_PRELOAD is ignored by
   setuid executables.

2. Run fakeroot under fakeauth instead of the other way around.
   That is, fakeroot.sh does:
        exec /bin/fakeauth /bin/settrans --chroot \
             /bin/sh -c "cd `pwd`; exec $*" \
             -- / /hurd/fakeroot
   That will put fakeroot itself inside the fakeauth universe where
   it believes it can do bona fide setuid exec's.  However, it will
   in fact be getting a new fake auth port that claims to be whatever
   IDs the setuid process should have, but is really the fakeauth owner.
   The setuid exec will get a faked auth port that claims what it should,
   and so will continue in the fakeauth universe.  However, since netfs
   will set EXEC_SECURE, the exec server will give it the global crdir
   and so it will escape the fakeroot universe.  (Or we could hack fakeroot
   to act like netfs_S_file_exec but clear the EXEC_SECURE flag.) 

3. Hack fakeroot to fake setuid/setgid exec in some particular way.

#1 is the easiest and seems appropriate since the point of the exercise is
to approximate the behavior of Linux fakeroot.

> * Creating pipe fails also with Operation not permitted, and I have no clue
>   yet why. /servers/socket/1 is correctly looked up (with flags being 0, by
>   the way), and then I don't think the pflocal server is even involved in
>   the matter.  I will have to do more debugging here.

You mean fakeroot is not involved any more, right?  The call that matters
is the socket_create call that needs to be forwarded by the generic code in
fakeroot's netfs_demuxer.  It's after that call is made that fakeroot
should no longer be involved.