sbuild / schroot unmounted encrypted home directory

Bug #1430557 reported by Brian Murray on 2015-03-10
38
This bug affects 11 people
Affects Status Importance Assigned to Milestone
schroot (Debian)
Fix Released
Unknown
schroot (Ubuntu)
High
Martin Pitt

Bug Description

After the switch to systemd, sbuild has begun unmounting my encrypted home directory during any build process.

Here is some of my syslog from around when it happened:

Mar 10 15:07:17 impulse schroot[6083]: [vivid-amd64-26be0faa-a54b-4d51-b128-8598be2736fa chroot] (bdmurray->root) Running command: "chown bdmurray:sbuild /build/tvtime-36lAxv/resolver-knYuU0/apt_archive"
Mar 10 15:07:17 impulse schroot[6123]: [vivid-amd64-26be0faa-a54b-4d51-b128-8598be2736fa chroot] (bdmurray->root) Running command: "chmod 0644 /tmp/hf70DNg1s0"
Mar 10 15:07:17 impulse schroot[6125]: [vivid-amd64-26be0faa-a54b-4d51-b128-8598be2736fa chroot] (bdmurray->root) Running command: "mv /tmp/hf70DNg1s0 /etc/apt/sources.list.d/sbuild-build-depends-archive.list"
Mar 10 15:07:17 impulse schroot[6127]: [vivid-amd64-26be0faa-a54b-4d51-b128-8598be2736fa chroot] (bdmurray->root) Running command: "apt-key add /build/tvtime-36lAxv/resolver-knYuU0/apt_archive/sbuild-key.pub"
Mar 10 15:07:17 impulse schroot[6154]: [vivid-amd64-26be0faa-a54b-4d51-b128-8598be2736fa chroot] (bdmurray->root) Running command: "apt-get update -o Dir::Etc::sourcelist=/etc/apt/sources.list.d/sbuild-build-depends-archive.list -o Dir::Etc::sourceparts=/build/tvtime-36lAxv/resolver-knYuU0/sources.list.d --no-list-cleanup"
Mar 10 15:07:17 impulse schroot[6166]: [vivid-amd64-26be0faa-a54b-4d51-b128-8598be2736fa chroot] (bdmurray->root) Running command: "apt-cache gencaches"
Mar 10 15:07:18 impulse schroot[6173]: [vivid-amd64-26be0faa-a54b-4d51-b128-8598be2736fa chroot] (bdmurray->root) Running command: "apt-get --purge -o DPkg::Options::=--force-confold -o DPkg::Options::=--refuse-remove-essential -o APT::Install-Recommends=false -q -yf install sbuild-build-depends-tvtime-dummy"
Mar 10 15:07:26 impulse gnome-session[3166]: (update-notifier:3896): GLib-GObject-WARNING **: The property GtkSettings:gtk-button-images is deprecated and shouldn't be used anymore. It will be removed in a future version.
Mar 10 15:07:26 impulse gnome-session[3166]: (update-notifier:3896): GLib-GObject-WARNING **: The property GtkImage:stock is deprecated and shouldn't be used anymore. It will be removed in a future version.
Mar 10 15:07:26 impulse gnome-session[3166]: Gtk-Message: GtkDialog mapped without a transient parent. This is discouraged.
Mar 10 15:07:26 impulse com.ubuntu.OneConf[3010]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/bdmurray/.cache/oneconf/4266e6fa9940e26744fc563b50f6c63b/other_hosts'
Mar 10 15:07:38 impulse gnome-session[3166]: ConfigBase::load: Unable to open /home/bdmurray/.config/terminator/config ([Errno 2] No such file or directory: '/home/bdmurray/.config/terminator/config')
Mar 10 15:07:38 impulse gnome-session[3166]: (x-terminal-emulator:7566): GnomeUI-WARNING **: While connecting to session manager:
Mar 10 15:07:38 impulse gnome-session[3166]: None of the authentication protocols specified are supported.
Mar 10 15:07:38 impulse gnome-session[3166]: (x-terminal-emulator:7566): GnomeUI-WARNING **: While connecting to session manager:
Mar 10 15:07:38 impulse gnome-session[3166]: None of the authentication protocols specified are supported.
Mar 10 15:07:38 impulse gnome-session[3166]: /usr/share/terminator/terminatorlib/window.py:63: Warning: The property GtkWindow:allow-shrink is deprecated and shouldn't be used anymore. It will be removed in a future version.
Mar 10 15:07:38 impulse gnome-session[3166]: self.set_property('allow-shrink', True)
Mar 10 15:07:38 impulse gnome-session[3166]: ** (x-terminal-emulator:7566): WARNING **: Binding '<Shift><Control><Alt>a' failed!
Mar 10 15:07:38 impulse gnome-session[3166]: Unable to bind hide_window key, another instance/window has it.
Mar 10 15:07:39 impulse schroot[7881]: [vivid-amd64-26be0faa-a54b-4d51-b128-8598be2736fa chroot] (bdmurray->root) Running command: "rm -f /etc/apt/sources.list.d/sbuild-build-depends-archive.list"
Mar 10 15:07:40 impulse org.gnome.zeitgeist.SimpleIndexer[3010]: ** (zeitgeist-fts:3613): WARNING **: Unable to get info on application:///home/bdmurray/.config/gnome-session/saved-session/compiz.desktop
Mar 10 15:07:40 impulse org.gnome.zeitgeist.SimpleIndexer[3010]: ** (zeitgeist-fts:3613): WARNING **: Failed to commit changes: Modifications failed (DatabaseOpeningError: Couldn't open base /home/bdmurray/.local/share/zeitgeist/fts.index/postlist.tmp to write: No such file or directory), and cannot set consistent table revision numbers: Couldn't reread base B

Notice the failure of applications to access /home/bdmurray anymore.

Brian Murray (brian-murray) wrote :

My /etc/schroot/sbuild/fstab file does include /home/bdmurray with the following options:

/home/bdmurray /home/bdmurray none rw,bind 0 0

tags: added: vivid
Changed in sbuild (Ubuntu):
assignee: nobody → Martin Pitt (pitti)
Brian Murray (brian-murray) wrote :

This also happened when my cronjob to update my schroots ran e.g.:

for d in $(schroot -l | grep -- '^source:')
do
    echo $d
    schroot -q -c $d -u root --directory / -- sh -c 'apt-get -qq update && apt-get -y dist-upgrade && apt-get clean'
    #schroot -c $d -u root -- sh -c \
done

affects: sbuild (Ubuntu) → schroot (Ubuntu)
summary: - sbuild unmounted encrypted home directory
+ sbuild / schroot unmounted encrypted home directory
Sebastien Bacher (seb128) wrote :

seems similar to bug #1427264 / bug #769595

Brian Murray (brian-murray) wrote :

The workaround in bug 1427264 regarding the fstab entry is the same as the one I'm using.

Brian Murray (brian-murray) wrote :

Removing my home directory entries from /etc/sbuild didn't help.

I was able to use schroot to update my vivid chroot and that did NOT unmount my home directory.

However, running sbuild does.

Brian Murray (brian-murray) wrote :

The first issue occurs when checking dependencies:

Check dependencies
──────────────────

Merged Build-Depends: build-essential, fakeroot
Filtered Build-Depends: build-essential, fakeroot
Signature not found in user keyring
Perhaps try the interactive 'ecryptfs-mount-private'
grep: debian/control: No such file or directory

Brian Murray (brian-murray) wrote :

I was able to work-around this by renaming ~/.ecryptfs/auto-umount to ~/.ecryptfs/auto-mount.bak so my home directory isn't unmounted.

Martin Pitt (pitti) on 2015-03-13
Changed in schroot (Ubuntu):
importance: Undecided → High
tags: added: systemd-boot
Martin Pitt (pitti) wrote :

I believe this is well enough understood. Tyler was working on this yesterday, and I'm on vacation the next 1.5 weeks, so unassigning me for now. This is still on my radar due to the systemd-boot tag.

Changed in schroot (Ubuntu):
assignee: Martin Pitt (pitti) → nobody
status: New → Triaged
Robert Bruce Park (robru) wrote :

Yeah I'm getting this trying to enter a trusty schroot on my xenial box.

Changed in schroot (Ubuntu):
assignee: nobody → Martin Pitt (pitti)
Changed in schroot (Debian):
status: Unknown → Confirmed
Martin Pitt (pitti) on 2016-02-01
Changed in schroot (Ubuntu):
status: Triaged → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package schroot - 1.6.10-1ubuntu3

---------------
schroot (1.6.10-1ubuntu3) xenial; urgency=medium

  * Add mount-make-bind-mounts-private.patch: Make bind mounts use private
    mount propagation, to avoid recursive bind mounts in the schroot spilling
    over into the host and unmounting them on the host when tearing down the
    schroot. Patch by Tyler Hicks, thank you! (LP: #1430557, Closes: #786566)

 -- Martin Pitt <email address hidden> Mon, 01 Feb 2016 16:11:09 +0100

Changed in schroot (Ubuntu):
status: Fix Committed → Fix Released
Changed in schroot (Debian):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.