463886 – sys-kernel/dracut-026-r1 - chroot: failed to run command ‘/usr/sbin/prelink’: Permission denied

Bug 463886 - sys-kernel/dracut-026-r1 - chroot: failed to run command ‘/usr/sbin/prelink’: Permission denied

Summary: sys-kernel/dracut-026-r1 - chroot: failed to run command ‘/usr/sbin/prelink’:...

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Amadeusz Żołnowski (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-03-30 16:06 UTC by Dennis Schridde
Modified:	2013-04-18 11:46 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dennis Schridde 2013-03-30 16:06:59 UTC

When running dracut on my system, I get:
I: *** Pre-linking files ***
I: Skipping program /etc/prelink.conf.d/*.conf as it cannot be found and is flagged to be optional
chroot: failed to run command ‘/usr/sbin/prelink’: Permission denied
I: *** Pre-linking files done ***

# ll /usr/sbin/prelink 
-rwxr-xr-x 1 root root 327704 Oct  5 16:58 /usr/sbin/prelink
# ll /usr/sbin -d
drwxr-xr-x 1 root root 6626 Mar 30 17:00 /usr/sbin

I don't really understand why it complains...

Comment 1 Amadeusz Żołnowski (RETIRED) gentoo-dev

2013-04-02 08:20:24 UTC

Have you run dracut as root?

Comment 2 Alexander Tsoy 2013-04-02 08:58:34 UTC

I didn't try 026 yet, but I guess this is because of hardened:
1. chroot is very restricted
2. prelink doesn't work.

Comment 3 Alexander Tsoy 2013-04-02 08:59:30 UTC

(In reply to comment #2)
> 2. prelink doesn't work.
http://www.gentoo.org/doc/en/prelink-howto.xml

Comment 4 Alexander Tsoy 2013-04-02 09:05:00 UTC

Anyway it seems that removing of prelink should help:

PRELINK_BIN=$(command -v prelink)
if [[ $UID = 0 ]] && [[ $PRELINK_BIN ]]; then
    if [[ $DRACUT_FIPS_MODE ]]; then
        dinfo "*** Pre-unlinking files ***"
        dracut_install -o prelink /etc/prelink.conf /etc/prelink.conf.d/*.conf /etc/prelink.cache
        chroot "$initdir" $PRELINK_BIN -u -a
        rm -f "$initdir"/$PRELINK_BIN
        rm -fr "$initdir"/etc/prelink.*
        dinfo "*** Pre-unlinking files done ***"
    else
        dinfo "*** Pre-linking files ***"
        dracut_install -o prelink /etc/prelink.conf /etc/prelink.conf.d/*.conf
        chroot "$initdir" $PRELINK_BIN -a
        rm -f "$initdir"/$PRELINK_BIN
        rm -fr "$initdir"/etc/prelink.*
        dinfo "*** Pre-linking files done ***"
    fi
fi

Comment 5 Dennis Schridde 2013-04-02 13:43:51 UTC

(In reply to comment #1)
> Have you run dracut as root?

Yes, I run it as root. My kernel is not hardened. dmesg logs nothing. /var/log/everything/current does not log anything related either.

Comment 6 Alexander Tsoy 2013-04-02 14:45:56 UTC

(In reply to comment #5)
Maybe /var/tmp mounted with noexec option?

Comment 7 Amadeusz Żołnowski (RETIRED) gentoo-dev

2013-04-02 16:07:16 UTC

Or /tmp/? Because this one is used for default on Gentoo.

Comment 8 Dennis Schridde 2013-04-02 17:45:29 UTC

(In reply to comment #6)
> (In reply to comment #5)
> Maybe /var/tmp mounted with noexec option?
(In reply to comment #7)
> Or /tmp/? Because this one is used for default on Gentoo.

Yes, both are noexec.

Comment 9 Alexander Tsoy 2013-04-02 19:26:39 UTC

(In reply to comment #7)
> Or /tmp/? Because this one is used for default on Gentoo.

No, default value for tmpdir is /var/tmp and it is not changed on Gentoo:

# grep -hr tmpdir /var/tmp/portage/sys-kernel/dracut-026-r1/image/etc/
#tmpdir=/tmp

Comment 10 Alexander Tsoy 2013-04-02 19:31:59 UTC

Dennis, you should remount /var/tmp without noexec before running dracut, or use --tmpdir option to override the default value.

Comment 11 Alexander Tsoy 2013-04-02 19:34:04 UTC

Or create config in /etc/dracut.conf.d/ and define tmpdir in it.

Comment 12 Amadeusz Żołnowski (RETIRED) gentoo-dev

2013-04-18 11:46:17 UTC

Dennis, have you tried Alexander's hints? I'm closing it for now. Please reopen if the issue occurs for you.