Open ghost opened 1 year ago
Do you see any assertion errors when you run VSCode in console? Or further down the journal?
Do you use a desktop environment or something custom? If the latter, do you have security.polkit.enable = true;
in your NixOS configuration?
Do you see any assertion errors when you run VSCode in console? Or further down the journal?
both no.
Do you use a desktop environment or something custom? If the latter, do you have security.polkit.enable = true; in your NixOS configuration?
I use GNOME, and I do have security.polkit.enable set to true, I remember setting it to true as well to try and fix this, but it didn't work.
sorry for being annoying, but are there any news regarding this? It's a rather annoying bug.
I tried it and am unable to reproduce with GNOME and VSCodium:
Created and opened a file:
touch /tmp/test
sudo chown root:root /tmp/test
codium /tmp/test
/nix/store/4xw8n979xpivdc46a9ndcvyhwgif00hz-bash-5.1-p16/bin/bash
I can reproduce the inability to save the file if I change the ownership to something root
cannot write to, e.g. wwwrun:wwwrun
:
Failed to save 'test': Command failed: cd "/home/jtojnar/Projects/nixpkgs"; "/run/wrappers/bin/pkexec" --disable-internal-agent /nix/store/4xw8n979xpivdc46a9ndcvyhwgif00hz-bash-5.1-p16/bin/bash -c "echo SUDOPROMPT; \"/nix/store/j9znrxwq9lpk1smkgyrm3qim6shsyn0y-vscodium-1.74.1.22349/lib/vscode/bin/codium\" --file-write \"/home/jtojnar/.config/VSCodium/code-elevated-D0nnd3S0\" \"/tmp/test\""
Error using --file-write: EACCES: permission denied, open '/tmp/test'
But that is expected and would fail with sudo sh -c "echo foo > /tmp/test"
as well.
I am unable to reproduce the crash.
Hmmm, I use fish as default shell, could that be the case? For me VScode still fails to save the file. IDK what I could do
just running pkexec works, using the path to the pkexec wrapper that crashes also works...
Ok, this happens only with the fhs vscode. Not the default vscode.
I can reproduce it with vscodium-fhs. I never get the polkit prompt, VSCodium says “Failed to save 'test': User did not grant permission.” and the crash you reported gets logged into the journal.
In fact I can reproduce the crash with plain FHS userenv:
$ nix-build --expr 'let pkgs = import ./. {}; in pkgs.buildFHSUserEnv { name = "test"; }'
/nix/store/w33fpy9labig23rh07j2gsxcfqi0497x-test
$ result/bin/test
test-chrootenv:jtojnar@theo:~/Projects/nixpkgs$ echo foo | /run/wrappers/bin/pkexec tee /tmp/test
Assertion `!(st.st_mode & S_ISUID) || (st.st_uid == geteuid())` in NixOS's wrapper.c failed.
Aborted (core dumped)
This assertion is triggered:
fun fact: i also get that assertion output when trying to use sudo in vscode-fhs's integrated terminal
any news regarding this? It's rather annoying.
I updated nixpkgs
and I'm having this problem, now. It might be related to #209870 , since it only appeared recently, after updating nixpkgs
. But, I can't say for sure. But, vscodium-fhs
and vscode-fhs
fail to run anything in the terminal
(and some of my language servers fail to start presumably for the same reason). Everything is like
$ nix --version
[1] 465 segmentation fault (core dumped) nix --version
My journalctl -xe
logs look like
Apr 13 13:40:47 nixos kernel: nix[3721367]: segfault at 1d83a0 ip 00007f2acb96bee6 sp 00007ffcabf9f2a8 error 4 in libc.so.6[7f2acb95c000+159000] likely on CPU 0 (core 0, socket 0)
Apr 13 13:40:47 nixos kernel: Code: 48 03 04 25 00 00 00 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 8b 05 7d 50 1a 00 48 8b 0d fe 4e 1a 00 64 48 8b 00 <48> 8b 00 48 8b 70 38 48 8d 96 00 01 00 00 64 48 89 11 48 8b 78 40
Apr 13 13:40:47 nixos systemd[1]: Started Process Core Dump (PID 3721368/UID 0).
░░ Subject: A start job for unit systemd-coredump@2639-3721368-0.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit systemd-coredump@2639-3721368-0.service has finished successfully.
░░
░░ The job identifier is 38350.
Apr 13 13:40:47 nixos systemd-coredump[3721369]: [🡕] Process 3721367 (nix) of user 1000 dumped core.
Module /nix/store/w67kng09mdbgxbxw9167xaba7332sk7l-krb5-1.20.1/lib/libkrb5support.so.0.1 without build-id.
Module /nix/store/w67kng09mdbgxbxw9167xaba7332sk7l-krb5-1.20.1/lib/libcom_err.so.3.0 without build-id.
Module /nix/store/w67kng09mdbgxbxw9167xaba7332sk7l-krb5-1.20.1/lib/libk5crypto.so.3.1 without build-id.
Module /nix/store/w67kng09mdbgxbxw9167xaba7332sk7l-krb5-1.20.1/lib/libkrb5.so.3.3 without build-id.
Module /nix/store/by4gv37sharnf370ki60zam5s7qklqqh-bzip2-1.0.8/lib/libbz2.so.1.0.8 without build-id.
Module /nix/store/5533i5qzsxysjf38p1nlza9g9wvh09wk-xz-5.4.2/lib/liblzma.so.5.4.2 without build-id.
Module /nix/store/w67kng09mdbgxbxw9167xaba7332sk7l-krb5-1.20.1/lib/libgssapi_krb5.so.2.2 without build-id.
Module /nix/store/2ldgh1qis9p4zf8bgsdm7897gw8vv36g-zlib-1.2.13/lib/libz.so.1.2.13 without build-id.
Module /nix/store/g012c53brxmb0if3lpmkjwmxk74hjflh-gcc-12.2.0-lib/lib/libstdc++.so.6.0.30 without build-id.
Module /nix/store/5w5qpm9z3iyib615pdih6nvk9spv3jbv-gcc-12.2.0-libgcc/lib/libgcc_s.so.1 without build-id.
Module libattr.so.1 without build-id.
Module libkeyutils.so.1 without build-id.
Module libunistring.so.5 without build-id.
Module libxml2.so.2 without build-id.
Module libacl.so.1 without build-id.
Module libbrotlicommon.so.1 without build-id.
Module libaws-c-common.so.1 without build-id.
Module libaws-checksums.so.1.0.0 without build-id.
Module libaws-c-sdkutils.so.1.0.0 without build-id.
Module libaws-c-cal.so.1.0.0 without build-id.
Module libaws-c-compression.so.1.0.0 without build-id.
Module libs2n.so.1 without build-id.
Module libaws-c-io.so.1.0.0 without build-id.
Module libaws-c-http.so.1.0.0 without build-id.
Module libaws-c-auth.so.1.0.0 without build-id.
Module libaws-c-s3.so.0unstable without build-id.
Module libaws-c-event-stream.so.1.0.0 without build-id.
Module libaws-c-mqtt.so.1.0.0 without build-id.
Module libzstd.so.1 without build-id.
Module libssh2.so.1 without build-id.
Module libidn2.so.0 without build-id.
Module libnghttp2.so.14 without build-id.
Module libcpuid.so.16 without build-id.
Module libarchive.so.13 without build-id.
Module libbrotlidec.so.1 without build-id.
Module libbrotlienc.so.1 without build-id.
Module libseccomp.so.2 without build-id.
Module libaws-crt-cpp.so without build-id.
Module libaws-cpp-sdk-core.so without build-id.
Module libaws-cpp-sdk-s3.so without build-id.
Module libaws-cpp-sdk-transfer.so without build-id.
Module libboost_context.so.1.79.0 without build-id.
Module libeditline.so.1 without build-id.
Stack trace of thread 514:
#0 0x00007f2acb96bee6 __ctype_init (/nix/store/1n2l5law9g3b77hcfyp50vrhhssbrj5g-glibc-2.37-8/lib/libc.so.6 + 0x31ee6)
#1 0x00007f2acba89930 __libc_early_init (/nix/store/1n2l5law9g3b77hcfyp50vrhhssbrj5g-glibc-2.37-8/lib/libc.so.6 + 0x14f930)
#2 0x00007f2accbadf9b dl_main (ld-linux-x86-64.so.2 + 0x20f9b)
#3 0x00007f2accba9966 _dl_sysdep_start (ld-linux-x86-64.so.2 + 0x1c966)
#4 0x00007f2accbab525 _dl_start (ld-linux-x86-64.so.2 + 0x1e525)
#5 0x00007f2accbaa308 _start (ld-linux-x86-64.so.2 + 0x1d308)
ELF object binary architecture: AMD x86-64
░░ Subject: Process 3721367 (nix) dumped core
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ Documentation: man:core(5)
░░
░░ Process 3721367 (nix) crashed and dumped core.
░░
░░ This usually indicates a programming error in the crashing program and
░░ should be reported to its vendor as a bug.
Apr 13 13:40:47 nixos systemd[1]: systemd-coredump@2639-3721368-0.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ The unit systemd-coredump@2639-3721368-0.service has successfully entered the 'dead' state.
``
At a quick glance it sounds more likely to be related to the glibc upgrade.
Yeah, I think so, too. But, I'm kind of lost as to how to fix the fhs
derivation. The non-fhs
derivation works fine.
'etcher' has been removed because it depended on an insecure version of Electron
Describe the bug
As title says
Steps To Reproduce
Steps to reproduce the behavior:
Expected behavior
Pkexec shouldn't crash, the prompt for password comes up and the file is saved.
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Notify maintainers
@jtojnar
Metadata
Please run
nix-shell -p nix-info --run "nix-info -m"
and paste the result.