[Tests] Unable to create directory under /tmp with nobody user

[vamsikrishna935]

Output of /etc/passwd:
root:x:0:0:root:/root:/bin/ash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/usr/lib/news:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin
operator:x:11:0:operator:/root:/bin/sh
man:x:13:15:man:/usr/man:/sbin/nologin
postmaster:x:14:12:postmaster:/var/spool/mail:/sbin/nologin
cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
ftp:x:21:21::/var/lib/ftp:/sbin/nologin
sshd:x:22:22:sshd:/dev/null:/sbin/nologin
at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin
squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin
xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin
games:x:35:35:games:/usr/games:/sbin/nologin
postgres:x:70:70::/var/lib/postgresql:/bin/sh
cyrus:x:85:12::/usr/cyrus:/sbin/nologin
vpopmail:x:89:89::/var/vpopmail:/sbin/nologin
ntp:x:123:123:NTP:/var/empty:/sbin/nologin
smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin
guest:x:405:100:guest:/dev/null:/sbin/nologin
nobody:x:65534:65534:nobody:/:/sbin/nologin

Output of /etc/group:
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root,adm
lp:x:7:lp
mem:x:8:
kmem:x:9:
wheel:x:10:root
floppy:x:11:root
mail:x:12:mail
news:x:13:news
uucp:x:14:uucp
man:x:15:man
cron:x:16:cron
console:x:17:
audio:x:18:
cdrom:x:19:
dialout:x:20:root
ftp:x:21:
sshd:x:22:
input:x:23:
at:x:25:at
tape:x:26:root
video:x:27:root
netdev:x:28:
readproc:x:30:
squid:x:31:squid
xfs:x:33:xfs
kvm:x:34:kvm
games:x:35:
shadow:x:42:
postgres:x:70:
cdrw:x:80:
usb:x:85:
vpopmail:x:89:
users:x:100:games
ntp:x:123:
nofiles:x:200:
smmsp:x:209:smmsp
locate:x:245:
abuild:x:300:
utmp:x:406:
ping:x:999:
nogroup:x:65533:
nobody:x:65534:

[[  SGX-LKL ]] libc_start_main_stage2(): Calling app main: /ltp/testcases/kernel/syscalls/chmod/chmod03
chmod03     1  TBROK  :  tst_tmpdir.c:264: tst_tmpdir: mkdtemp(/tmp/chmXXXXXX) failed: errno=EACCES(13): Permission denied
chmod03     2  TBROK  :  tst_tmpdir.c:264: Remaining cases broken

It is blocking 9 test cases. For more details: https://dev.azure.com/ConfidentialContainers/ConfidentialLinuxContainers/_queries/edit/352/?triage=true

[vamsikrishna935]

@prp Could you please help us

[letmaik]

@vamsikrishna935 Please use GitHub's markdown code blocks for anything that's code or log output. See also https://guides.github.com/features/mastering-markdown/.

[vamsikrishna935]

@vamsikrishna935 Please use GitHub's markdown code blocks for anything that's code or log output. See also https://guides.github.com/features/mastering-markdown/.

Thanks @letmaik , modified

[hukoyu]

@davidchisnall @prp this bug is blocking enabling 9 tests. Can you triage and prioritize this issue please.

[davidchisnall]

What is the issue here?

• That the permissions on /tmp are wrong?
• That the nobody user cannot create directories?
• That no user other than root can create directories?
• That switching to the nobody user does not work?

A quick look at the code suggests that the permissions on /tmp should be 0777 (which is not quite right, /tmp should have the sticky bit set), so any user should be able to write files there.

[vamsikrishna935]

What is the issue here?

* That the permissions on `/tmp` are wrong?

* That the `nobody` user cannot create directories?

* That no user other than `root` can create directories?

* That switching to the `nobody` user does not work?

A quick look at the code suggests that the permissions on /tmp should be 0777 (which is not quite right, /tmp should have the sticky bit set), so any user should be able to write files there.

nobody user cannot create directories under /tmp folder, it is failing with EACCESS

[davidchisnall]

@vamsikrishna935, please will you try to explain the cause of this? Repeating the original comment is not helpful. Why is the nobody user unable to create directories under /tmp? The directory is created with permissions 0777, is that still the permission?

[vamsikrishna935]

@vamsikrishna935, please will you try to explain the cause of this? Repeating the original comment is not helpful. Why is the nobody user unable to create directories under /tmp? The directory is created with permissions 0777, is that still the permission?

@davidchisnall , sorry david, i missed. Yes it is created with 777 permissions.

$TMPBASE is /tmp
# Added -m 777 for tests that call tst_tmpdir() and try to
    #  write to it as user nobody
    mkdir -m 777 -p $TMPBASE || \
    {
        echo "FATAL: Unable to make temporary directory $TMPBASE"
        exit 1
    }

[davidchisnall]

I have no idea what that means. Have you confirmed that the /tmp directory has permissions 777? Can another user (not root or nobody) create directories there? Who is the owner of /tmp?

What analysis have you done to attempt to identify the root cause?

[hukoyu]

@vamsikrishna935 any progress on that? I don't see your answer to David's question.

[vamsikrishna935]

@prp Please find the below information, let me know if anything else needed.

Failing to create directory under /tmp with non-root user (nobody) Code snippet: Creating temporary directory with nobody user https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/chmod/chmod03.c#L149%20L157

\tmp permissions: Command used: SGXLKL_VERBOSE=1 SGXLKL_KERNEL_VERBOSE=0 ../../build/sgx-lkl-run-oe --hw-debug sgxlkl-miniroot-fs.img /bin/ls -la /tmp

Output: [[ SGX-LKL ]] libc_start_main_stage2(): Calling app main: /bin/ls total 4 drwxrwxrwx 2 root root 0 Jun 30 11:28 . drwx------ 21 root root 4096 Jun 30 11:21 ..

Stack trace:

[[  SGX-LKL ]] libc_start_main_stage2(): Calling app main: /ltp/testcases/kernel/syscalls/chmod/chmod03
[Switching to Thread 0x7fff82ffd700 (LWP 28168)]

Thread 11 "ENCLAVE" hit Breakpoint 1, main (ac=1, av=0x7fff40b5eea0) at chmod03.c:101
101     chmod03.c: No such file or directory.
(gdb) c
Continuing.
[Switching to Thread 0x7fff90f9d700 (LWP 28165)]

Thread 8 "ENCLAVE" hit Breakpoint 2, mkdtemp (template=0x7fff40b5dd00 "/tmp/chmXXXXXX") at src/temp/mkdtemp.c:8
8               size_t l = strlen(template);
(gdb) bt
#0  mkdtemp (template=0x7fff40b5dd00 "/tmp/chmXXXXXX") at src/temp/mkdtemp.c:8
#1  0x00007fff3dac1249 in tst_tmpdir () at tst_tmpdir.c:262
#2  0x00007fff3dabf868 in setup () at chmod03.c:157
#3  0x00007fff3dabf531 in main (ac=<optimized out>, av=<optimized out>) at chmod03.c:108
#4  0x00007fff00538402 in libc_start_main_stage2 (main=0x7fff3dabf500 <main>, argc=1, argv=0x7fff40b5eea0)
    at src/env/__libc_start_main.c:168
#5  0x00007fff00538361 in __libc_start_main (main=0x7fff3dabf500 <main>, argc=1, argv=0x7fff40b5eea0)
    at src/env/__libc_start_main.c:153
#6  0x00007fff3dabf6c3 in _start_c (p=<optimized out>) at crt/crt1.c:17
#7  0x00007fff3dabf69b in _start ()
#8  0x0000000000000000 in ?? ()
(gdb) c
Continuing.
chmod03     1  TBROK  :  tst_tmpdir.c:264: tst_tmpdir: mkdtemp(/tmp/chmXXXXXX) failed: errno=EACCES(13): Permission denied

cc @hukoyu

[prp]

@vamsikrishna935 can you address @davidchisnall's original questions?

Can you write a minimal C program that exhibits the problem?

[davidchisnall]

drwxrwxrwx 2 root root 0 Jun 30 11:28 .

So it looks as if /tmp is not being mounted with the sticky bit set, but is world writeable? So any user should be able to create files there.

[vamsikrishna935]

drwxrwxrwx 2 root root 0 Jun 30 11:28 .

So it looks as if /tmp is not being mounted with the sticky bit set, but is world writeable? So any user should be able to create files there.

root user is able to create files.

[vamsikrishna935]

Sample code : for reproducing the bug

#include <signal.h>
#include <pwd.h>
#include "test.h"
#include "safe_macros.h"

char nobody_uid[] = "nobody";
struct passwd *ltpuser;

int main(int ac, char **av)
{
        tst_require_root();
        ltpuser = getpwnam(nobody_uid);
        if (ltpuser == NULL)
                tst_brkm(TBROK | TERRNO, NULL, "getpwnam failed");
        SAFE_SETUID(NULL, ltpuser->pw_uid);

        TEST_PAUSE;

        tst_tmpdir();
}

[davidchisnall]

There is a lot to unpack here that could be broken:

• Is the nobody user found?
• Is the setuid to nobody working?
• Are the filesystem permissions set up such that the UID that corresponds to the nobody user is allowed to create directories?
• Does the same problem appear with other non-root users, or just nobody?

[SeanTAllen]

This also fails for user operator.

[SeanTAllen]

perms look like 777 on /tmp

yet I have to be root to not get a EACCES error when I try to stat /tmp.

S_IR S_IW S_IX*

are all set for USR, GRP, OTH when I examine st_mode.

uid: 0 grp: 0 on /tmp

[prp]

How do you change the user? Are you sure that this is happening correctly?

[SeanTAllen]

user nobody with id of 65534 is found.

[SeanTAllen]

@prp this is the code and it isn't triggering the failure:

int safe_setuid(const char *file, const int lineno, void (*cleanup_fn) (void),
                uid_t uid)
{
    int rval;

    rval = setuid(uid);
    if (rval == -1) {
        tst_brkm(TBROK | TERRNO, cleanup_fn,
             "%s:%d: setuid(%u) failed",
             file, lineno, (unsigned) uid);
    }

    return rval;
}

[SeanTAllen]

The tests pass if you set "/" to 777. currently, it is set to 700.

[davidchisnall]

What are the permissions on the /tmp mountpoint directory before the tmp filesystem is mounted?

[SeanTAllen]

A large amount of things that would be 0755 on a "normal" linux install are 0700 with sgx-lkl. I'm not sure the reasoning there, but its the cause of our nobody test failures.

The minimum that / needs to be for non-root users to have access to "/tmp" is 0755.

[SeanTAllen]

@prp any idea why we are mounting / as 0700?

[prp]

@prp any idea why we are mounting / as 0700?

That is a good question.

[SeanTAllen]

@prp this fix for this issue is to change to 755. I don't know of any harm from that. Although there might be.

Would you be in favor of switching?

[SeanTAllen]

@hukoyu I have a fix for this. Where can I find all the tests that were modified to work around this? I want to have those changes be part of the PR.

[SeanTAllen]

These are the changes that were made to ltp related to this issue:

https://github.com/lsds/ltp/issues/14