Page MenuHomePhabricator

Thumbor role breaks /etc/group
Closed, ResolvedPublic

Description

For some reason provisioning the Thumbor role (on Jessie at least) results in addgroup failing from that point on:

vagrant@mediawiki-vagrant:~$ sudo groupadd snackbar
groupadd: failure while writing changes to /etc/group

It doesn't seem to be caused by any of the other roles the thumbor one requires.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 31 2017, 4:50 PM
Gilles triaged this task as Low priority.Feb 1 2017, 8:04 PM
Gilles moved this task from Inbox to Backlog: Small & Maintenance on the Performance-Team board.
Gilles added a comment.EditedMar 29 2017, 1:09 PM

I've removed the superfluous creation attempt of the thumbor group and user from the role, which are created by the Debian package, but it hasn't helped.

stracing what groupadd does, it seems to be:

  • reading the contents from /etc/group
  • dumping said contents into /etc/group-
  • write new contents into /etc/group+
  • attempt to rename /etc/group+ to /etc/group and fail:
rename("/etc/group+", "/etc/group")     = -1 EBUSY (Device or resource busy)

Indeed, trying to do that manually fails:

vagrant@mediawiki-vagrant:~$ sudo mv /etc/group+ /etc/group
mv: cannot move ‘/etc/group+’ to ‘/etc/group’: Device or resource busy

Sigh... found the answer, it's firejail affecting things outside of what it jails on "older" kernels: https://github.com/netblue30/firejail/issues/270

Gilles changed the task status from Open to Stalled.Mar 29 2017, 1:55 PM

Change 345584 had a related patch set uploaded (by Gilles):
[mediawiki/vagrant@master] [WIP] Make Thumbor role upgrade linux kernel

https://gerrit.wikimedia.org/r/345584

Change 345584 abandoned by Gilles:
[WIP] Make Thumbor role upgrade linux kernel

https://gerrit.wikimedia.org/r/345584

Gilles closed this task as Resolved.Jan 8 2018, 9:28 AM

Fixed on the Stretch branch.