s390x images fail to build Could not get file mapping
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-images |
Fix Released
|
Undecided
|
Unassigned | ||
launchpad-buildd |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
s390x images need to install zipl bootloader code.
Most of the parameters are pre-guessed and populated via command line switches.
However, zipl code currently does FIBMAP ioctl call on the target disk to figureout physical system block.
One option is to check if the new confinement allows the ioctl(fd, FIBMAP, &mapped) to succeed on the loop mounted device filesystem, or causes a deny / reject.
Another option, I can run the build locally and check what the answer should be and add command line switches to pass the answers to zipl without it doing FIBMAP ioctl inspection.
/* Get mapping in file system blocks */
phy_per_fs = info->fs_block_size / info->phy_
mapped = logical / phy_per_fs;
subblock = logical % phy_per_fs;
if (ioctl(fd, FIBMAP, &mapped)) {
error_
return -1;
}
if (mapped == 0) {
/* This is a hole in the file */
*physical = 0;
} else {
/* Convert file system block to physical */
*physical = mapped * phy_per_fs + subblock;
/* Add partition start */
*physical += info->geo.start;
}
Related branches
- Colin Watson (community): Approve
-
Diff: 12 lines (+2/-0)1 file modifiedlpbuildd/target/lxd.py (+2/-0)
affects: | launchpad → launchpad-buildd |
Changed in launchpad-buildd: | |
status: | New → Fix Committed |
Changed in cloud-images: | |
status: | New → Fix Released |
I have tweaked zipl to do a perror, and did a build out of a PPA. This resulted in:
+ chroot mountpoint /sbin/zipl -V --image= /boot/vmlinuz --ramdisk= /boot/initrd. img --parameters= root=LABEL= cloudimg- rootfs --target=/boot/ --targetbase= /dev/loop0 --targettype=SCSI --targetblocksi ze=512 --targetoffset=2048
Could not get file mapping.: Operation not permitted
As expected. Checking kernel code, it does this:
52static int ioctl_fibmap(struct file *filp, int __user *p) >a_ops- >bmap) CAP_SYS_ RAWIO)) >a_ops- >bmap(mapping, block);
53{
54 struct address_space *mapping = filp->f_mapping;
55 int res, block;
56
57 /* do we support this mess? */
58 if (!mapping-
59 return -EINVAL;
60 if (!capable(
61 return -EPERM;
62 res = get_user(block, p);
63 if (res)
64 return res;
65 res = mapping-
66 return put_user(res, p);
67}
Thus this suggests that !capable( CAP_SYS_ RAWIO) is not available, and this capability is checked against root user-space (as in real root should have CAP_SYS_RAWIO). And this does sound scary that this is allowed on the devirt livefs builds on s390x....
To get cpc builds going please allow this capability, on s390x, as it was before. Meanwhile I will work on extending zipl command + matching livecd-rootfs SRUs to avoid using FIBMAP by providing pre-calculated values that it tries to inspect.