search

openzfs / zfs

OpenZFS on Linux and FreeBSD
https://openzfs.github.io/openzfs-docs
Other
10.42k stars 1.73k forks source link

2.2.0-rc3 userspace (zfsutils) breaks without CONFIG_USER_NS #15241

Open macronet opened 1 year ago

macronet commented 1 year ago

System information

Type Version/Name
Distribution Name Debian
Distribution Version 10 (buster)
Kernel Version 5.4.255
Architecture x86_64
OpenZFS Version 2.2.0-rc3

Describe the problem you're observing

root@5-4-255-testbox:~# zfs create test/test
cannot create 'test/test': permission denied

Describe how to reproduce the problem

Compile (5.4) kernel without user namespaces -support (CONFIG_USER_NS)

root@5-4-255-testbox:~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 10 (buster)
Release:    10
Codename:   buster
root@5-4-255-testbox:~# uname -r
5.4.255-test-1
root@5-4-255-testbox:~# zfs version
zfs-2.1.12-1
zfs-kmod-2.1.12-1
root@5-4-255-testbox:~# zpool create test /dev/nvme23n1
root@5-4-255-testbox:~# zfs create test/test
root@5-4-255-testbox:~# zpool destroy test
root@5-4-255-testbox:~# modprobe -r zfs
root@5-4-255-testbox:~# modprobe -r spl

<purge debian zfs-2.1.12 -packages>
<compile openzfs 2.2.0-rc3 from 4a104ac0476e7a370d5076c97c0b9bc081499fd0 with sh autogen.sh && ./configure && make native-deb>
<install openzfs 2.2.0-rc3 -packages>

root@5-4-255-testbox:~# zfs version
zfs-2.2.0-rc3
zfs-kmod-2.2.0-rc3
root@5-4-255-testbox:~# zpool create test /dev/nvme23n1 
root@5-4-255-testbox:~# zfs create test/test
cannot create 'test/test': permission denied

Include any warning/errors/backtraces from the system logs

root@5-4-255-testbox:~# strace /sbin/zfs create test/test
execve("/sbin/zfs", ["/sbin/zfs", "create", "test/test"], 0x7ffe474cdf70 /* 26 vars */) = 0
brk(NULL)                               = 0x560fe4728000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
<...snip...>
readlink("/proc/self/ns/user", 0x7ffded0179c0, 127) = -1 ENOENT (No such file or directory)
write(2, "cannot create 'test/test': permi"..., 45cannot create 'test/test': permission denied
) = 45
close(3)                                = 0
close(4)                                = 0
exit_group(1)                           = ?
+++ exited with 1 +++

Workaround

Use zfsutils 2.1.12-1

root@5-4-255-testbox:~# zfs version
zfs-2.1.12-1
zfs-kmod-2.2.0-rc3
root@5-4-255-testbox:~# zfs create test/test
root@5-4-255-testbox:~# zfs list -r test
NAME        USED  AVAIL     REFER  MOUNTPOINT
test        516K  1.41T       96K  /test
test/test    96K  1.41T       96K  /test/test

Or recompile kernel with CONFIG_USER_NS=y and zfsutils 2.2.0-rc3 works normally.

Wraithh commented 9 months ago

Also ran into this with zfs 2.2.1. Found this after a bit of debugging.

lib/libspl/include/zone.h:
#define   GLOBAL_ZONEID    4026531837U
lib/libzfs/libzfs_dataset.c:
    /* we are in a non-global zone, but parent is in the global zone */
    if (getzoneid() != GLOBAL_ZONEID && !is_zoned) {
        (void) zfs_standard_error(hdl, EPERM, errbuf);
        zfs_close(zhp);
        return (-1);
    }

getzoneid() returns 0 (!= GLOBAL_ZONEID) when USER_NS is disabled.