Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 910587 - PermissionError when running emerge in a user namespace
Summary: PermissionError when running emerge in a user namespace
Status: RESOLVED INVALID
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Core (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Portage team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-20 11:57 UTC by Daan De Meyer
Modified: 2023-07-22 14:56 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daan De Meyer 2023-07-20 11:57:57 UTC 
When running emerge in user namespace with /dev from the host system, I get the following exception: PermissionError: [Errno 1] Operation not permitted: '/dev/pts/34'.


Reproducible: Always

Actual Results:  
```
Exception in callback AsynchronousTask._exit_listener_cb(<bound method...7f8459664b80>>)
handle: <Handle AsynchronousTask._exit_listener_cb(<bound method...7f8459664b80>>)>
Traceback (most recent call last):
  File "/usr/lib/python3.11/asyncio/events.py", line 80, in _run
    self._context.run(self._callback, *self._args)
  File "/usr/lib/python3.11/site-packages/_emerge/AsynchronousTask.py", line 209, in _exit_listener_cb
    listener(self)
  File "/usr/lib/python3.11/site-packages/_emerge/EbuildPhase.py", line 203, in _async_start_exit
    self._start_lock()
  File "/usr/lib/python3.11/site-packages/_emerge/EbuildPhase.py", line 226, in _start_lock
    self._start_ebuild()
  File "/usr/lib/python3.11/site-packages/_emerge/EbuildPhase.py", line 283, in _start_ebuild
    self._start_task(ebuild_process, self._ebuild_exit)
  File "/usr/lib/python3.11/site-packages/_emerge/CompositeTask.py", line 111, in _start_task
    task.start()
  File "/usr/lib/python3.11/site-packages/_emerge/AsynchronousTask.py", line 34, in start
    self._start()
  File "/usr/lib/python3.11/site-packages/_emerge/AbstractEbuildProcess.py", line 211, in _start
    self._start_post_builddir_lock(start_ipc_daemon=start_ipc_daemon)
  File "/usr/lib/python3.11/site-packages/_emerge/AbstractEbuildProcess.py", line 244, in _start_post_builddir_lock
    SpawnProcess._start(self)
  File "/usr/lib/python3.11/site-packages/_emerge/SpawnProcess.py", line 130, in _start
    retval = self._spawn(self.args, **kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/_emerge/EbuildProcess.py", line 24, in _spawn
    return _doebuild_spawn(
           ^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/portage/package/ebuild/doebuild.py", line 242, in _doebuild_spawn
    return spawn(cmd, settings, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/portage/package/ebuild/doebuild.py", line 2017, in spawn
    _os.chown(subprocess_tty, int(portage_uid), int(portage_gid))

```

Expected Results:  
emerge does not fail when it can't chown a PTS.
Comment 1 Daan De Meyer 2023-07-20 11:59:52 UTC 
Features:

```
"getbinpkg",
"-candy",
"-sandbox",
"-userfetch",
"-userpriv",
"-usersandbox",
"-usersync",
"-ebuild-locks",
"parallel-install",
```
Comment 2 Mike Gilbert gentoo-dev 2023-07-20 15:21:36 UTC 
What's the use case here?
Comment 3 Daan De Meyer 2023-07-21 10:50:44 UTC 
> What's the use case here?

Unprivileged builds of gentoo images with mkosi of which I'm the maintainer.
Comment 4 Mike Gilbert gentoo-dev 2023-07-21 13:39:46 UTC 
Is there a reason you need /dev/pts from the host system?

systemd-nspawn would mount a new devpts instance after unsharing the user namespace.

I hesitate to just ignore the error; I presume we are doing this chown for a good reason.
Comment 5 Daan De Meyer 2023-07-22 14:56:25 UTC 
Turns out that setting FEATURES via the environment variable doesn't work for ebuilds when ROOT != SYSROOT. I switched to appending to etc/portage/make.conf and that allows me to disable userpriv which fixes this issue so closing.