On 10/03/2016 04:50 PM, Alastair McKinstry wrote:
> In OpenMPI 2.0, Michael Banck discovered that some of the packages that
> failed were doing so as openmpi no longer works under fakeroot.
>
> Upstream (Gilles Gouaillaerdet) point out:
>
> from |validate_cred| in
> |opal/mca/pmix/pmix112/pmix/src/sec/pmix_native.c|
>
> |getsockopt (peer->sd, SOL_SOCKET, SO_PEERCRED, &ucred, &crlen);|
>
> my understanding is that |fakeroot| tricks the processes into
> believing they are ran as |root|,
> as such, |orted| expects a connection from |root| (e.g. |ucred.uid|
> is |0|)
> /* in singleton mode, an |orted| is fork&exec'ed under the hood */
>
> but |fakeroot| cannot trick |getsockopt|, which returns the user
> (non zero)
>
> So its a legitimate tightening of credential-checking in pmix. However
> it causes problems for us running tests under binary-arch.
If the tests themselves don't need root (fakeroot is required for
Debian's build infrastructure), you could just remove the fakeroot
libraries from LD_PRELOAD.
Example script (save as e.g. debian/nofakeroot, make it executable,
call the tests via debian/nofakeroot command in debian/rules):
#!/bin/sh
filter_fakeroot() {
oldifs="$IFS"
IFS=":"
s=
set -- $LD_PRELOAD
for lib in "$@" ; do
if [ x"$lib" = x"${lib%libfakeroot-*}" ] ; then
printf "%s%s" "$s" "$lib"
s=:
fi
done
IFS="$OLDIFS"
}
export LD_PRELOAD="$(filter_fakeroot)"
exec "$@"
Regards,
Christian
