search

nestybox / sysbox

An open-source, next-generation "runc" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.
Apache License 2.0
2.78k stars 152 forks source link

Bad mount in sysbox-build container due to lsb_release parsing #171

Closed drakes00 closed 3 years ago

drakes00 commented 3 years ago

Hi,

I'm trying to install sysbox for Debian buster. It doesn't seem possible to use Ubuntu release packages (not really surprising):

% sudo dpkg -i sysbox_0.2.1-0.ubuntu-focal_amd64.deb                                                                                                          
(Reading database ... 159836 files and directories currently installed.)
Preparing to unpack sysbox_0.2.1-0.ubuntu-focal_amd64.deb ...
Unsupported linux distribution: Debian GNU/Linux
dpkg: error processing archive sysbox_0.2.1-0.ubuntu-focal_amd64.deb (--install):
 new sysbox package pre-installation script subprocess returned error exit status 1
Errors were encountered while processing:
 sysbox_0.2.1-0.ubuntu-focal_amd64.deb

However, when I'm trying to compile from source, Makefile relies first builds sysbox-test image (all good here). Then it tries to launch it through docker and it seems that computing the KERNEL_HEADERS_BASE variable fails somehow, leading it to be "..". That causes the whole docker run command to mount /usr/src/.. in the build container, overriding everything copied by the Dockerfile into /usr/bin:

% make sysbox -n
printf "\n** Building the test container **\n\n"
cd /tmp/sysbox/tests && docker build -t sysbox-test \
        -f Dockerfile.debian-buster .
printf "\n** Building sysbox **\n\n"
echo linux-headers-5.9.0-0.bpo.2-amd64
docker run --privileged --rm --runtime=runc --hostname sysbox-build --name sysbox-build -v /tmp/sysbox:/root/nestybox/sysbox -v /pkg/mod:/go/pkg/mod -v /lib/modules/5.9.0-0.bpo.2-amd64:/lib/modules/5.9.0-0.bpo.2-amd64:ro -v /usr/src/linux-headers-5.9.0-0.bpo.2-amd64:/usr/src/linux-headers-5.9.0-0.bpo.2-amd64:ro -v /usr/src/..:/usr/src/..:ro sysbox-test /bin/bash -c "buildContainerInit sysbox-local"

Some info:

% uname -a
Linux n3zu 5.9.0-0.bpo.2-amd64 #1 SMP Debian 5.9.6-1~bpo10+1 (2020-11-19) x86_64 GNU/Linux
% lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 10 (buster)
Release:        10
Codename:       buster
% lsb_release -cs
buster
% ls /usr/src/* | grep linux-headers
/usr/src/linux-headers-4.19.0-13-amd64:
/usr/src/linux-headers-4.19.0-13-common:
/usr/src/linux-headers-5.9.0-0.bpo.2-amd64:
/usr/src/linux-headers-5.9.0-0.bpo.2-common:
% find /usr/src/linux-headers-5.9.0-0.bpo.2-amd64 -maxdepth 1 -type l -exec readlink {} \;
../../lib/linux-kbuild-5.9/tools
../../lib/linux-kbuild-5.9/scripts
% ls -l /usr/src/linux-headers-5.9.0-0.bpo.2-amd64
total 1456
drwxr-xr-x 3 root root    4096 Jan  1 12:19 arch
drwxr-xr-x 4 root root    4096 Jan  1 12:19 include
-rw-r--r-- 1 root root      61 Nov 19 21:40 Makefile
-rw-r--r-- 1 root root 1476694 Nov 19 21:40 Module.symvers
lrwxrwxrwx 1 root root      34 Nov 19 21:40 scripts -> ../../lib/linux-kbuild-5.9/scripts
lrwxrwxrwx 1 root root      32 Nov 19 21:40 tools -> ../../lib/linux-kbuild-5.9/tools

I don't mind helping with PR but I'm not sure how this path resolution is supposed to end. Should it mount /usr/src ? /usr/src/linux-headers-$(whatever-version) ?

Thanks for the help, Kind regards, Maxime

rodnymolina commented 3 years ago

@drakes00, thanks for your detailed bug report!

Right, you discovered an issue with our approach to identify the kernel-headers in Debian distro. Basically, we are relying on the "find" instruction that you pasted above, to identify the outermost kernel-component folder referenced within the kernel-headers directories, so that we can mount all the headers into the Sysbox build-container. Unfortunately, Debian in your machine is making use of this ../../ pattern to refer to some components of its tool-chain (scripts & tools), which is one-level higher than expected in the file-system hierarchy. This is the reason we are attempting to mount /usr/src/.. as you pointed out.

For some reason I don't see this ../.. path pattern in my local Debian Buster machine, and that explains why this issue was not caught by our integration-tests suites. Anyhow, I clearly see room for the behavior you described above, so we need to fix this issue.

Will get back to you shortly with a quick workaround.

rodnymolina commented 3 years ago

@drakes00 , please apply this change to Sysbox's Makefile to fix the issue. I'm simply skipping softlinks that refer to elements outside "/usr/src" path.

$ sed -i 's/cut -d\"\/\" -f2/cut -d\"\/\" -f2 | egrep -v "^\\.\\."/' Makefile

Will send fix for review in a few mins.

rodnymolina commented 3 years ago

@drakes00, fix just went in, hope that fully fixes this one for you.

rodnymolina commented 3 years ago

Problem fixed. Closing issue now.

drakes00 commented 3 years ago

Sorry for late reply. Thanks a lot for the quick fix! :-)