search

ganto / copr-lxc3

RPM spec files for building lxc-3 on Fedora COPR
MIT License
8 stars 2 forks source link

lxd-3.0.0-0.3 fails to build due to "listen unix /run/lxd.socket: bind: permission denied" #3

Closed ganto closed 6 years ago

ganto commented 6 years ago

The current COPR build of lxd-3.0.0-0.3 fail to build successfully because the %check step fails to start the lxd daemon with the following error:

Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.sqpmNo                                                                                                                     
+ umask 022                                                                                                                                                               
+ cd /builddir/build/BUILD                                                                                                                                                
+ cd lxd-3.0.0                                                                                                                                                            
+ export GOPATH=/builddir/build/BUILDROOT/lxd-3.0.0-0.3.fc27.x86_64//usr/share/gocode:/usr/share/gocode                                                                   
+ GOPATH=/builddir/build/BUILDROOT/lxd-3.0.0-0.3.fc27.x86_64//usr/share/gocode:/usr/share/gocode                                                                          
+ go test -buildmode pie -compiler gc -ldflags ' -extldflags '\''-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '\''' github.com/lxc/lxd/lxc                  
ok      github.com/lxc/lxd/lxc  0.038s                                                                                                                                    
+ go test -buildmode pie -compiler gc -ldflags ' -extldflags '\''-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '\''' github.com/lxc/lxd/lxd                  
--- FAIL: TestCluster_Bootstrap (0.02s)                                                                                                                                   
        testing.go:36: 08:21:55.000 info Kernel uid/gid map:                                                                                                              
        testing.go:36: 08:21:55.001 info  - u 0 0 4294967295                                                                                                              
        testing.go:36: 08:21:55.001 info  - g 0 0 4294967295                                                                                                              
        testing.go:36: 08:21:55.001 info Configured LXD uid/gid map:                                                                                                      
        testing.go:36: 08:21:55.001 info  - u 0 100000 65536                                                                                                              
        testing.go:36: 08:21:55.001 info  - g 0 100000 65536                                                                                                              
        testing.go:36: 08:21:55.001 warn AppArmor support has been disabled because of lack of kernel support                                                             
        testing.go:36: 08:21:55.002 info LXD 3.0.0 is starting in mock mode path=/var/lib/lxd                                                                             
        testing.go:36: 08:21:55.002 info Kernel uid/gid map:
        testing.go:36: 08:21:55.002 info  - u 0 0 4294967295                                                                                                              
        testing.go:36: 08:21:55.002 info  - g 0 0 4294967295                                                                                                              
        testing.go:36: 08:21:55.002 info Configured LXD uid/gid map:                                                                                                      
        testing.go:36: 08:21:55.002 info  - u 0 100000 65536                                                                                                              
        testing.go:36: 08:21:55.002 info  - g 0 100000 65536                                                                                                              
        testing.go:36: 08:21:55.002 warn AppArmor support has been disabled because of lack of kernel support                                                             
        testing.go:36: 08:21:55.011 info Initializing database gateway                                                                                                    
        testing.go:36: 08:21:55.011 info Start database node address= id=1                                                                                                
        testing.go:36: 08:21:55.012 info Raft: Initial configuration (index=1): [{Suffrage:Voter ID:1 Address:0}]                                                         
        testing.go:36: 08:21:55.012 info Raft: Node at 0 [Leader] entering Leader state                                                                                   
        testing.go:36: 08:21:55.014 info LXD isn't socket activated                                                                                                       
        testing.go:36: 08:21:55.014 info Stopping REST API handler:                                                                                                       
        testing.go:36: 08:21:55.014 info Stopping /dev/lxd handler                                                                                                        
        testing.go:36: 08:21:55.014 eror Failed to start the daemon: local endpoint: cannot bind socket: listen unix /run/lxd.socket: bind: permission denied             
        testing.go:36: 08:21:55.014 info Starting shutdown sequence                                                                                                       
        testing.go:36: 08:21:55.014 info Stop database gateway                                                                                                            
        testing.go:36: 08:21:55.014 info Stop raft instance                                                                                                               
        testing.go:36: 08:21:55.014 dbug Not unmounting temporary filesystems (containers are still running)                                                              
        testing.go:36: 08:21:55.014 info Saving simplestreams cache                                                                                                       
        testing.go:36: 08:21:55.014 info Saved simplestreams cache
        daemon_integration_test.go:40:                                                                                                                                    
                        Error Trace:    daemon_integration_test.go:40                                                                                                     
                                                                api_cluster_test.go:21                                                                                    
                        Error:          Received unexpected error:                                                                                                        
                                        local endpoint: cannot bind socket: listen unix /run/lxd.socket: bind: permission denied                                          
                        Test:           TestCluster_Bootstrap                                                                                                             
--- FAIL: TestCluster_Get (0.01s)
[...]
--- FAIL: TestContainerTestSuite (0.12s)                                                                                                                                  
    --- FAIL: TestContainerTestSuite/TestContainer_IsPrivileged_Privileged (0.01s)                                                                                        
        main_test.go:63: failed to start daemon: local endpoint: cannot bind socket: listen unix /run/lxd.socket: bind: permission denied                                 
    --- FAIL: TestContainerTestSuite/TestContainer_IsPrivileged_Unprivileged (0.01s)                                                                                      
        main_test.go:63: failed to start daemon: local endpoint: cannot bind socket: listen unix /run/lxd.socket: bind: permission denied                                 
    --- FAIL: TestContainerTestSuite/TestContainer_LoadFromDB (0.01s)                                                                                                     
        main_test.go:63: failed to start daemon: local endpoint: cannot bind socket: listen unix /run/lxd.socket: bind: permission denied                                 
    --- FAIL: TestContainerTestSuite/TestContainer_LogPath (0.01s)                                                                                                        
        main_test.go:63: failed to start daemon: local endpoint: cannot bind socket: listen unix /run/lxd.socket: bind: permission denied                                 
    --- FAIL: TestContainerTestSuite/TestContainer_Path_Regular (0.01s)                                                                                                   
        main_test.go:63: failed to start daemon: local endpoint: cannot bind socket: listen unix /run/lxd.socket: bind: permission denied                                 
    --- FAIL: TestContainerTestSuite/TestContainer_Path_Snapshot (0.01s)                                                                                                  
        main_test.go:63: failed to start daemon: local endpoint: cannot bind socket: listen unix /run/lxd.socket: bind: permission denied                                 
    --- FAIL: TestContainerTestSuite/TestContainer_ProfilesDefault (0.01s)                                                                                                
        main_test.go:63: failed to start daemon: local endpoint: cannot bind socket: listen unix /run/lxd.socket: bind: permission denied                                 
    --- FAIL: TestContainerTestSuite/TestContainer_ProfilesMulti (0.01s)                                                                                                  
        main_test.go:63: failed to start daemon: local endpoint: cannot bind socket: listen unix /run/lxd.socket: bind: permission denied                                 
    --- FAIL: TestContainerTestSuite/TestContainer_ProfilesOverwriteDefaultNic (0.01s)                                                                                    
        main_test.go:63: failed to start daemon: local endpoint: cannot bind socket: listen unix /run/lxd.socket: bind: permission denied                                 
    --- FAIL: TestContainerTestSuite/TestContainer_Rename (0.01s)
        main_test.go:63: failed to start daemon: local endpoint: cannot bind socket: listen unix /run/lxd.socket: bind: permission denied                                 
    --- FAIL: TestContainerTestSuite/TestContainer_findIdmap_isolated (0.01s)                                                                                             
        main_test.go:63: failed to start daemon: local endpoint: cannot bind socket: listen unix /run/lxd.socket: bind: permission denied                                 
    --- FAIL: TestContainerTestSuite/TestContainer_findIdmap_maxed (0.01s)                                                                                                
        main_test.go:63: failed to start daemon: local endpoint: cannot bind socket: listen unix /run/lxd.socket: bind: permission denied                                 
    --- FAIL: TestContainerTestSuite/TestContainer_findIdmap_mixed (0.01s)                                                                                                
        main_test.go:63: failed to start daemon: local endpoint: cannot bind socket: listen unix /run/lxd.socket: bind: permission denied                                 
    --- FAIL: TestContainerTestSuite/TestContainer_findIdmap_raw (0.01s)                                                                                                  
        main_test.go:63: failed to start daemon: local endpoint: cannot bind socket: listen unix /run/lxd.socket: bind: permission denied                                 
--- FAIL: TestDaemonImagesTestSuite (0.01s)                                                                                                                               
    --- FAIL: TestDaemonImagesTestSuite/TestUseCachedImagesIfAvailable (0.01s)                                                                                            
        main_test.go:63: failed to start daemon: local endpoint: cannot bind socket: listen unix /run/lxd.socket: bind: permission denied                                 
--- FAIL: TestIntegration_UnixSocket (0.01s)
[...]
FAIL                                                                                                                                                                      
FAIL    github.com/lxc/lxd/lxd  0.320s                                                                                                                                    

RPM build errors:                                                                                                                                                         
error: Bad exit status from /var/tmp/rpm-tmp.sqpmNo (%check)                                                                                                              
    Bad exit status from /var/tmp/rpm-tmp.sqpmNo (%check)                                                                                                                 
ERROR: Exception(/var/lib/copr-rpmbuild/results/lxd-3.0.0-0.3.fc27.src.rpm) Config(744744-fedora-27-x86_64) 7 minutes 5 seconds

Obviously the regular user running the build and test operations doesn't have the permissions to write to /run which is only writable to root.

ganto commented 6 years ago

I could locally reproduce the error when rebuilding the package via copr-rpmbuild, however mock-only builds didn't trigger the error.

When comparing the test output with a mock build that doesn't fail, it's obvious that in the successful case the unix sockets are placed in the former LXD_DIR which is for each test case a directory placed in /tmp. So this error must be caused by an exported LXD_SOCKET variable in the environment of the build which would overwrite the intended behaviour.

The only place where I ever export this variable is the /etc/profile.d/lxd.sh which is part of the lxd RPM. But we are building the lxd RPM so this file shouldn't be in the profile of the build, does it?

To my surprise, when querying the build environment it tells me the lxd.sh is there because lxd-3.0-0.2 is installed:

Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.ns61L1
+ umask 022
+ cd /builddir/build/BUILD
+ cd lxd-3.0.0
---- DEBUG ----
+ export GOPATH=/builddir/build/BUILDROOT/lxd-3.0.0-0.3.fc27.x86_64//usr/share/gocode:/usr/share/gocode
+ GOPATH=/builddir/build/BUILDROOT/lxd-3.0.0-0.3.fc27.x86_64//usr/share/gocode:/usr/share/gocode
+ echo '---- DEBUG ----'
++ id
>>> User: uid=1000(mockbuild) gid=135(mock) groups=135(mock)
+ echo '>>> User: uid=1000(mockbuild) gid=135(mock) groups=135(mock)'
>>> Environment
+ echo '>>> Environment'
+ sort
+ env
CONFIG_SITE=NONE
GOPATH=/builddir/build/BUILDROOT/lxd-3.0.0-0.3.fc27.x86_64//usr/share/gocode:/usr/share/gocode
HISTCONTROL=ignoredups
HISTSIZE=1000
HOME=/builddir
HOSTNAME=
LANG=C
LOGNAME=mockbuild
LXD_SOCKET=/run/lxd.socket
MAIL=/var/spool/mail/mockbuild
NOTIFY_SOCKET=/run/systemd/nspawn/notify
OLDPWD=/builddir/build/BUILD
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin:/builddir/.local/bin:/builddir/bin
PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig
PROMPT_COMMAND=printf "\033]0;<mock-chroot>\007"
PWD=/builddir/build/BUILD/lxd-3.0.0
RPM_ARCH=x86_64
RPM_BUILD_DIR=/builddir/build/BUILD
RPM_BUILD_ROOT=/builddir/build/BUILDROOT/lxd-3.0.0-0.3.fc27.x86_64
RPM_DOC_DIR=/usr/share/doc
RPM_LD_FLAGS=-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
RPM_OPT_FLAGS=-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables
RPM_OS=linux
RPM_PACKAGE_NAME=lxd
RPM_PACKAGE_RELEASE=0.3.fc27
RPM_PACKAGE_VERSION=3.0.0
RPM_SOURCE_DIR=/builddir/build/SOURCES
SHELL=/bin/bash
SHLVL=2
TERM=vt100
USER=mockbuild
_=/usr/bin/env
container=systemd-nspawn
container_uuid=ef84a3c0-ad08-44d8-956e-6ece8afd9a4b
>>> Profile
+ echo '>>> Profile'
+ ls -lh /etc/profile.d/
total 44K
-rw-r--r--. 1 root root  196 Aug  3  2017 colorgrep.csh
-rw-r--r--. 1 root root  201 Aug  3  2017 colorgrep.sh
-rw-r--r--. 1 root root 1.8K Feb 12 13:44 colorls.csh
-rw-r--r--. 1 root root 1.6K Feb 12 13:44 colorls.sh
-rw-r--r--. 1 root root  162 Aug  5  2017 colorxzgrep.csh
-rw-r--r--. 1 root root  183 Aug  5  2017 colorxzgrep.sh
-rw-r--r--. 1 root root  216 Aug  3  2017 colorzgrep.csh
-rw-r--r--. 1 root root  220 Aug  3  2017 colorzgrep.sh
-rw-r--r--. 1 root root   92 Apr 16 00:15 lxd.sh
-rw-r--r--. 1 root root  120 Aug  5  2017 which2.csh
-rw-r--r--. 1 root root  157 Aug  5  2017 which2.sh
>>> Source
+ echo '>>> Source'
+ test -f /etc/profile.d/lxd.sh
+ rpm -qf /etc/profile.d/lxd.sh
lxd-3.0.0-0.2.fc27.x86_64

The work-around is easy, simply unset the LXD_SOCKET variable (fixed with d2d7529bd0903eed2fff2827375ec932aa900a58). But there is one question remaining:

Where does lxd-3.0.0-0.2.fc27.x86_64 come from? The copr-rpmbuild log files don't contain any output why and how this package was installed. The only place this package is mentioned is in the /var/lib/copr-rpmbuild/results/installed_pkgs.log unfortunately without context.

I'll close this issue as the build problem is solved. I'll add an update if I should find out why lxd is installed when building lxd...