On Tue, Feb 12, 2019 at 05:34:32PM +0000, Oron Peled wrote: > Package: kdump-tools > Version: 1:1.6.1-1 > Followup-For: Bug #856594 > > Dear Maintainer, > > Our use-case is exactly as the original report: > * We debootstrap into temporary folder > * Than we configure apt inside this folder and use "apt-get install....." > * The post-install of "kdump-tools" fails > > The fix that was pointed by comment#15 only solve part of the issue: > * It uses the "linux-version list" command to see if a specific kernel > version is installed. > * But the issue only happen when we install both kernel and kdump-tools > As a test, I removed the kernel from the chroot and was able to > install kdump-tools without issues (even with kdump-tools 1:1.6.1-1)
It seems the fix from comment #10 doesn't seem to solve the problems you point out either. I need to drop it or take it from Ben's merge request, and I am leaning towards dropping it, as the linux-version list already takes care of that part of the problem. > > Moreover, in my variant of the issue: > * Trying to run /etc/kernel/postinst.d/kdump-tools <version> > fails with the following error: > # /etc/kernel/postinst.d/kdump-tools 4.9.0-8-amd64 > kdump-tools: Generating /var/lib/kdump/initrd.img-4.9.0-8-amd64 > mkinitramfs: MODULES dep requires mounted sysfs on /sys > update-initramfs: failed for with 1. > * I.e: > - /sys is not mounted inside the chroot > - This is correct, as I do not want package installation inside > the chroot to touch my host /sys > > IMO, > * The post-install script should skip initramfs generation if inside a chroot > * The "udevd" package has a nice "chrooted()" shell test inside their > postinst > (based on comparing inode numbers of our "/" with pid-1 "/") > * Alternatively, it should check if /sys is mounted As for this issue that you mention, some other "chroots" won't pass the udevd test, because PID 1 will have the same root. They may or may not have /sys/ mounted. And having /sys/ mounted may be a hazard on those just as well. And when /sys/ is not mounted, not failing the postinst does not seem the most sensible choice to me. In my opinion, if you are installing packages without /sys/ mounted, it is possible they will fail. You are working around what you see as a potential security hazard, I'd say you need to work around the potential failures because of it as well. If you want help on the code to do that workaround, I'll help review the potential shortcomings. Right now, either testing for / inode vs pid-1 / inode, and checking for /sys/, don't seem good options to me. The other option would be dropping the creation of the initrd during kdump-tool postinst, and leave it to kdump-tools start. I'll check that will work even before a reboot, just in case the user has crashkernel on the kernel cmdline before kdump-tools installation, and want it to work without a reboot. Then, maybe, we could just drop that line from postinst. Cascardo.
