493378 – sys-apps/openrc-0.12.4 - /var/run and /var/lock symlinks should be relative

Bug 493378 - sys-apps/openrc-0.12.4 - /var/run and /var/lock symlinks should be relative

Summary: sys-apps/openrc-0.12.4 - /var/run and /var/lock symlinks should be relative

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Hosted Projects
Classification:	Unclassified
Component:	OpenRC (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	OpenRC Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-12-05 11:01 UTC by x0r
Modified:	2013-12-06 21:45 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description x0r 2013-12-05 11:01:50 UTC

With the latest stable openrc, I noticed that /var/run is created as a symlink pointing to /run and that /var/lock is created as a symlink to /run/lock.

These absolute symlinks break programs that write to a path such as /path/to/chroot/var/run, before chrooting in /path/to/chroot.

I noticed some distributions (such as Fedora) have /var/run point to ../run instead, which preserves existing behavior and works as expected in this case. Others, such as Debian, did the same then reverted their change on policy and possibly performance grounds.


Reproducible: Always

Steps to Reproduce:
1. Install openrc
2. Run ls -l /var/run and notice the absolute symlink
Actual Results:  
/var/run is a symlink pointing to /run. /var/lock points to /run/lock.

Expected Results:  
/var/run should be pointing to ../run and /var/lock should be pointing to ../run/lock.

Comment 1 Martin Väth 2013-12-05 18:14:20 UTC

> write to a path such as /path/to/chroot/var/run, before chrooting
> in /path/to/chroot.

For a sincere chroot the program should mount --bind /run /path/to/chroot/run anyway. If it does this then when /path/to/chroot/var/run is a relative path, data written to this path is not available in the chroot, but the "rubbish" is written into the chroot and takes unnecessary disk space.

Thus you just trade one type of programs which you break against another type.
What is worse, in the second case "rubbish" is written to the chroot which you do not see inside the chroot, and normally that "rubbish" will stay on harddisk.

It is much more cleaner and transparent if no relative path is used.

(Also, IIRC, a relative path pointing out of a chroot by relative links might be used to break out of the chroot due to a bug in some kernel versions.)

Comment 2 William Hubbs gentoo-dev

2013-12-06 21:45:25 UTC

I am going to agree with Martin on this for now.
To set up a chroot correctly, you should bind-mount /run to
/chroot/run the same way you would bind-mount /proc, /sys and /dev.
We can always re-open this if there are any other specific issues with
the symbolic links. Ultimately, they will be part of baselayout however.
The code in OpenRC is just part of the migration to using /run.
Thanks much.