Skip to content

fix(pebble): /var/lib/pebble/default has mode 0777 #473

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 1, 2024
Merged

fix(pebble): /var/lib/pebble/default has mode 0777 #473

merged 2 commits into from
Feb 1, 2024

Conversation

@rebornplusplus
Copy link
Contributor

@rebornplusplus rebornplusplus commented Jan 31, 2024

Fixes #461.

This PR ensures that the PEBBLE default directory /var/lib/pebble/default always has the mode 0777.

Previously, the mode of the PEBBLE dir was only set to 0777 if there were services or checks specified in the rockcraft.yaml file. Otherwise, it used to be 0755 with user=root group=root. This meant that if Pebble was being run as some user other than root, using the run-user directive or some other way, the Pebble run would fail. It would fail because Pebble could not create the necessary files (socket) inside that directory. This bug is reported in issue #461.

  • Have you signed the CLA?

@rebornplusplus rebornplusplus changed the title Fix/pebble path permission fix(pebble): /var/lib/pebble/default has mode 0777 Jan 31, 2024
@rebornplusplus rebornplusplus force-pushed the fix/pebble-path-permission branch from ce7fd4e to c21431e Compare January 31, 2024 10:14
@rebornplusplus
fix(pebble): /var/lib/pebble/default has mode 0777
b8f9fde 
This commit ensures that the PEBBLE default directory
/var/lib/pebble/default always has the mode 0777.

Previously, the mode of the PEBBLE dir was only set to 0777 if there
were services or checks specified in the rockcraft.yaml. Otherwise, it
used to be 0755 with user=root group=root. This meant that if pebble was
being run as some user other than root, using the `run-user` directive
or some other way, the pebble run would fail. It would fail because
pebble could not create the necessary files (socket) inside that
directory. This bug is reported in issue canonical#461.

Issue canonical#461: canonical#461
@rebornplusplus rebornplusplus force-pushed the fix/pebble-path-permission branch 3 times, most recently from 4f8c384 to 2d08290 Compare February 1, 2024 02:16
@rebornplusplus
test: spread tests for non-root user without services
2d08290 
This commit adds a spread test for non-root user without any services or
checks in the rockcraft.yaml. It contains a very minimal rockcraft.yaml
with only `run-user` specified.
@rebornplusplus rebornplusplus marked this pull request as ready for review February 1, 2024 03:44
cjdcordeiro
cjdcordeiro approved these changes Feb 1, 2024
View reviewed changes
Copy link
Contributor

@cjdcordeiro cjdcordeiro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice thanks.

I just have a comment about the new spread test - couldn't we just re-use the existing run-user test? The task.yaml is pretty much the same, with the exception of timeout 15 docker run --rm --name run-user-test-container run-user-test --args test 10, which TBH, isn't too relevant for the run-user test. I don't think adding more tests would slow down Spread, in theory. But I have the impression the Spread tests have been getting slower and slower, so I'm just being cautions. @tigarmo what's your perception on the scalability of the spread tests?

@rebornplusplus
Copy link
Contributor Author

rebornplusplus commented Feb 1, 2024

Couldn't we just re-use the existing run-user test? The task.yaml is pretty much the same, with the exception of timeout 15 docker run --rm --name run-user-test-container run-user-test --args test 10, which TBH, isn't too relevant for the run-user test.

The rockcraft.yaml in that test contains services which changes the pebble dir permission anyway. I wanted to test without any services or checks i.e. without any additional pebble layers.

@cjdcordeiro
Copy link
Contributor

cjdcordeiro commented Feb 1, 2024

Couldn't we just re-use the existing run-user test? The task.yaml is pretty much the same, with the exception of timeout 15 docker run --rm --name run-user-test-container run-user-test --args test 10, which TBH, isn't too relevant for the run-user test.

The rockcraft.yaml in that test contains services which changes the pebble dir permission anyway. I wanted to test without any services or checks i.e. without any additional pebble layers.

y true, and I'm wondering if the existing run-user test wouldn't be equally useful if we just removed services from it - cause after all, there's only 1 line in task.yaml testing that service

@tigarmo
Copy link
Collaborator

tigarmo commented Feb 1, 2024
edited
Loading

I'm fine with either option; generally a new spread test doesn't take too much extra time. This one took about a minute:

2024-02-01T02:29:13.2405237Z 2024-02-01 02:29:13 Executing google:ubuntu-22.04-64:tests/spread/general/run-user-minimal (feb010222-852385) (12/115)...
2024-02-01T02:30:15.9623158Z 2024-02-01 02:30:15 Restoring google:ubuntu-22.04-64:tests/spread/general/run-user-minimal (feb010222-852385)...
``

@cjdcordeiro
Copy link
Contributor

cjdcordeiro commented Feb 1, 2024

I'm fine with either option; generally a new spread test doesn't take too much extra time. This one took about a minute:

2024-02-01T02:29:13.2405237Z 2024-02-01 02:29:13 Executing google:ubuntu-22.04-64:tests/spread/general/run-user-minimal (feb010222-852385) (12/115)...
2024-02-01T02:30:15.9623158Z 2024-02-01 02:30:15 Restoring google:ubuntu-22.04-64:tests/spread/general/run-user-minimal (feb010222-852385)...
``

Talked with @sergiusens a while ago and the slowness might be related to the number of tests vs the amount of available resources for the spread tests. I think we can tackle this later in a different PR, as maybe the solution is to simply vertically or horizontally scale the spread backend

tigarmo
tigarmo approved these changes Feb 1, 2024
View reviewed changes
Copy link
Collaborator

@tigarmo tigarmo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@tigarmo tigarmo merged commit 72c1af5 into canonical:main Feb 1, 2024
linostar pushed a commit to linostar/rockcraft that referenced this pull request Feb 26, 2024
@rebornplusplus
fix(pebble): /var/lib/pebble/default has mode 0777 (canonical#473)
ee676d0 
This commit ensures that the PEBBLE default directory
/var/lib/pebble/default always has the mode 0777.

Previously, the mode of the PEBBLE dir was only set to 0777 if there
were services or checks specified in the rockcraft.yaml. Otherwise, it
used to be 0755 with user=root group=root. This meant that if pebble was
being run as some user other than root, using the `run-user` directive
or some other way, the pebble run would fail. It would fail because
pebble could not create the necessary files (socket) inside that
directory. This bug is reported in issue canonical#461.

Fixes canonical#461
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tigarmo tigarmo tigarmo approved these changes

@cjdcordeiro cjdcordeiro cjdcordeiro approved these changes

@lengau lengau lengau approved these changes

Assignees

@tigarmo tigarmo

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

run-user does not work properly without services

4 participants

@rebornplusplus @cjdcordeiro @tigarmo @lengau