Ubuntu
tar package

tar(1) on noble gives EPERM [Operation not permitted] errors when extracting symlinks

Bug #2056302 reported by Daniel Richard G.
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tar (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

This concerns tar 1.35+dfsg-3 in Ubuntu noble. This does NOT affect tar 1.34+dfsg-1.2ubuntu1.1 in mantic.

I'm seeing errors like this:

    $ tar xvJf /extern/source/chromium_122.0.6261.111.orig.tar.xz --wildcards chromium-122.0.6261.111/ash/webui/camera_app_ui/resources/cca\*
    chromium-122.0.6261.111/ash/webui/camera_app_ui/resources/cca
    tar: chromium-122.0.6261.111/ash/webui/camera_app_ui/resources/cca: Cannot change mode to rwxr-xr-x: Operation not permitted

(I am running this in a noble Docker container environment, and the command is extracting into normal user file space.)

This is what strace shows:

23 symlinkat("utils/cca.py", AT_FDCWD, "chromium-122.0.6261.111/ash/webui/camera_app_ui/resources/cca") = 0
23 utimensat(AT_FDCWD, "chromium-122.0.6261.111/ash/webui/camera_app_ui/resources/cca", [UTIME_OMIT, {tv_sec=1709684076, tv_nsec=0} /* 2024-03-06T00:14:36+0000 */], AT_SYMLINK_NOFOLLOW) = 0
23 newfstatat(AT_FDCWD, "chromium-122.0.6261.111/ash/webui/camera_app_ui/resources/cca", {st_mode=S_IFLNK|0777, st_size=12, ...}, AT_SYMLINK_NOFOLLOW) = 0
23 fchmodat2(AT_FDCWD, "chromium-122.0.6261.111/ash/webui/camera_app_ui/resources/cca", 0755, AT_SYMLINK_NOFOLLOW) = -1 EPERM (Operation not permitted)

The fchmodat(2) man page has the following verbiage:

   AT_SYMLINK_NOFOLLOW
      If pathname is a symbolic link, do not dereference it: instead
      operate on the link itself. This flag is not currently imple‐
      mented.

For comparison, this is what happens on mantic:

24 symlinkat("utils/cca.py", AT_FDCWD, "chromium-122.0.6261.111/ash/webui/camera_app_ui/resources/cca") = 0
24 utimensat(AT_FDCWD, "chromium-122.0.6261.111/ash/webui/camera_app_ui/resources/cca", [UTIME_OMIT, {tv_sec=1709684076, tv_nsec=0} /* 2024-03-06T00:14:36+0000 */], AT_SYMLINK_NOFOLLOW) = 0
24 newfstatat(AT_FDCWD, "chromium-122.0.6261.111/ash/webui/camera_app_ui/resources/cca", {st_mode=S_IFLNK|0777, st_size=12, ...}, AT_SYMLINK_NOFOLLOW) = 0
24 openat(AT_FDCWD, "chromium-122.0.6261.111/ash/webui/camera_app_ui/resources/cca", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 3
24 newfstatat(3, "", {st_mode=S_IFLNK|0777, st_size=12, ...}, AT_EMPTY_PATH) = 0
24 close(3) = 0

Tags: noble
Daniel Richard G. (skunk)
summary: - tar(1) gives EPERM errors when extracting symlinks
+ tar(1) on noble gives EPERM [Operation not permitted] errors when
+ extracting symlinks
Revision history for this message
Daniel Richard G. (skunk) wrote :

Tracked down the cause to the Docker host, which runs on jammy, not knowing about fchmodat2(). The syscall should normally return ENOTSUP when called with AT_SYMLINK_NOFOLLOW on Linux, but the Docker seccomp profile causes it to return EPERM, which confuses tar(1). Closing.

Changed in tar (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.