guix system roll-back doesn't roll setuid-programs back

OpenSubmitted by Jakub Kądziołka.
Details
3 participants
  • Brice Waegeneireviaweb
  • Jakub Kądziołka
  • Ludovic Courtès
Owner
Somebody
Severity
important
J
J
Jakub Kądziołka wrote on 3 Jan 2020 01:48
Download
(address . bug-guix@gnu.org)
20200103004803.7xmz2dfz6hvs5oak@zdrowyportier.kadziolka.net
Download
Steps to reproduce:
1. Add a setuid program to your config:
(setuid-programs (cons* (file-append hello "/bin/hello") %setuid-programs))
2. guix system reconfigure3. Observe that /run/setuid-programs/hello got created4. Undo the configuration change5. guix system reconfigure6. Observe that /run/setuid-programs/hello no longer exists7. guix system roll-back
Expected behavior:/run/setuid-programs/hello appears again
Actual behavior:/run/setuid-programs/hello still doesn't exist
Similarly, when roll-back is supposed to remove a file, it doesn't.
Previously mentioned in https://debbugs.gnu.org/38800.
Regards,Jakub Kądziołka
J
J
Jakub Kądziołka wrote on 14 Jan 2020 01:02
Download
Assigning bugs I will soon send patches for to myself (where soon = a few days)
(address . control@debbugs.gnu.org)
20200114000245.4q7mv7y6mqgpbxz4@zdrowyportier.kadziolka.net
Download
owner 38884 !owner 32054 !thanks
L
L
Ludovic Courtès wrote on 29 Jun 2020 22:07
Download
control message for bug #38884
(address . control@debbugs.gnu.org)
877dvpbpq9.fsf@gnu.org
Download
severity 38884 importantquit
L
L
Ludovic Courtès wrote on 29 Jun 2020 22:07
Download
(address . control@debbugs.gnu.org)
875zb9bpq4.fsf@gnu.org
Download
tags 38884 + securityquit
B
B
Brice Waegeneireviaweb wrote on 20 Sep 2020 22:43
Download
guix system roll-back doesn't roll setuid-programs back
(address . 38884@debbugs.gnu.org)
7f8ff855af90.4ca1a3edb126540@guile.gnu.org
Download
Hello Guix,
"setuid-programs-service" extend the activation script which isn't loaded when rolling-back.
A difference between "reconfigure" and "switch-generation" (of which "roll-back" is just an useful alias) is that the former load the activation script (guix scripts system reconfigure switch-system-program) after switching the profile's symlinks and before installing the bootloader while the latter install the bootloader (guix scripts system switch-to-system-generation) then switch the symlinks (guix profiles switch-to-generation). Fixing that could be done by loading the activation script after switching profiles, as "reconfigure" does.I guess that loading the activation script again, on a already running running system, can have side effect but it shouldn't be an issue as it's already done by "reconfigure".
Cheers,- Brice
?
Your may also send email to 38884@debbugs.gnu.org to comment.