Open Sanne opened 1 year ago
@Sanne looking into following logs looks like crc-admin-helper-linux
file permission is not correct
DEBU Using root access: make root Podman socket accessible
DEBU Running SSH command: sudo chmod 777 /run/podman/ /run/podman/podman.sock
DEBU SSH command results: err: <nil>, output:
DEBU Running '/home/sanne/.crc/bin/crc-admin-helper-linux rm podman.crc.testing'
Can you check if crc-admin-helper-linux
permission is same as this? if not can you try crc setup --log-level debug
and share the logs?
ls -l $HOME/.crc/bin/
-r-s--x---. 1 root prkumar 5212680 Dec 24 10:01 crc-admin-helper-linux
-r-x------. 1 prkumar prkumar 12606528 Aug 4 15:58 crc-driver-libvirt
It would seem I have the same permissions:
-r-s--x--- 1 root sanne 5212680 Jan 26 00:00 crc-admin-helper-linux
-r-x------ 1 sanne sanne 12606528 Jan 26 00:00 crc-driver-libvirt
Can you try running ~/.crc/bin/crc-admin-helper-linux add 127.0.0.127 issue3490.crc.testing
manually and see if this adds an entry to /etc/hosts?
Could it be selinux blocking the changes to /etc/hosts? If the previous test fails, can you try again after sudo setenforce 0
?
I've run ~/.crc/bin/crc-admin-helper-linux add 127.0.0.127 issue3490.crc.testing
and got:
Error: host file not writable, try running with elevated privileges host file not writable, try running with elevated privileges
No difference even after sudo setenforce 0
.
Then tried sudo ~/.crc/bin/crc-admin-helper-linux add 127.0.0.127 issue3490.crc.testing
... that worked, but I understand it shouldn't be necessary?
~/.crc/bin/crc-admin-helper-linux is suid root, so sudo should not be making a difference :-/ Maybe the mount options of ~/.crc/bin disable suid?
Maybe the mount options of ~/.crc/bin disable suid?
Nailed it!
mount | grep home
:
/dev/nvme1n1p1 on /home type ext4 (rw,nosuid,nodev,relatime)
Thanks - not sure how this option got there.
Thanks - not sure how this option got there.
Just tried a fresh f37 install and I get:
/dev/vda3 on /home type btrfs (rw,relatime,seclabel,compress=zstd:1,space_cache=v2,subvolid=256,subvol=/home)
so fedora does not seem to disable this by default.
Interesting - I might have inherited it from an older Fedora version, I've been doing upgrades for some years.
Bottomline, that might have been my own fault, but I do wonder if it's worth patching the crc
installation process to be more robus about this; I wouldn't consider it out of this world for more people to disallow suid binaries they download from "the internet"...
What do you prefer, should we mark this issue resolved, or would you rather keep it open to potentially improve the sanity checks and/or error messages?
@Sanne keep it open we can add it as part of preflight check.
Issue https://github.com/crc-org/crc/issues/2119 also refers to the use of nosuid
.
General information
crc setup
before starting it? YesCRC version
(upgraded today to
crc-linux-2.13.1-amd64
- had the same issue withcrc-linux-2.12.0-amd64
)CRC status
CRC config
Host Operating System
Steps to reproduce
Expected
Some kind of successfull start.
Actual
It fails to start, last message is:
Logs
Uploaded: https://gist.githubusercontent.com/Sanne/6df940bae0e3d09ec34d865a4f2e709a/raw/e46f3b75e50d31668da84343caeb1872396512d1/crc%2520startup%2520failure
It was previously suggested to me to check the permissions of
/etc.hosts
;Running
ls -la /etc/hosts
:Thanks!