guix system roll-back doesn't roll setuid-programs back

Jakub Kądziołka wrote on 3 Jan 2020 01:48

Recipients:(address . bug-guix@gnu.org)

Message-ID:20200103004803.7xmz2dfz6hvs5oak@zdrowyportier.kadziolka.net

Steps to reproduce:
1. Add a setuid program to your config:
(setuid-programs (cons* (file-append hello "/bin/hello") %setuid-programs))
2. guix system reconfigure3. Observe that /run/setuid-programs/hello got created4. Undo the configuration change5. guix system reconfigure6. Observe that /run/setuid-programs/hello no longer exists7. guix system roll-back
Expected behavior:/run/setuid-programs/hello appears again
Actual behavior:/run/setuid-programs/hello still doesn't exist
Similarly, when roll-back is supposed to remove a file, it doesn't.
Previously mentioned in https://debbugs.gnu.org/38800.
Regards,Jakub Kądziołka

Jakub Kądziołka wrote on 14 Jan 2020 01:02

Assigning bugs I will soon send patches for to myself (where soon = a few days)

Recipients:(address . control@debbugs.gnu.org)

Message-ID:20200114000245.4q7mv7y6mqgpbxz4@zdrowyportier.kadziolka.net

owner 38884 !owner 32054 !thanks

Ludovic Courtès wrote on 29 Jun 2020 22:07

control message for bug #38884

Recipients:(address . control@debbugs.gnu.org)

Message-ID:877dvpbpq9.fsf@gnu.org

severity 38884 importantquit

Ludovic Courtès wrote on 29 Jun 2020 22:07

Recipients:(address . control@debbugs.gnu.org)

Message-ID:875zb9bpq4.fsf@gnu.org

tags 38884 + securityquit

Brice Waegeneire via web wrote on 20 Sep 2020 22:43

guix system roll-back doesn't roll setuid-programs back

Recipients:(address . 38884@debbugs.gnu.org)

Message-ID:7f8ff855af90.4ca1a3edb126540@guile.gnu.org

Hello Guix,
"setuid-programs-service" extend the activation script which isn't loaded when rolling-back.
A difference between "reconfigure" and "switch-generation" (of which "roll-back" is just an useful alias) is that the former load the activation script (guix scripts system reconfigure switch-system-program) after switching the profile's symlinks and before installing the bootloader while the latter install the bootloader (guix scripts system switch-to-system-generation) then switch the symlinks (guix profiles switch-to-generation). Fixing that could be done by loading the activation script after switching profiles, as "reconfigure" does.I guess that loading the activation script again, on a already running running system, can have side effect but it shouldn't be an issue as it's already done by "reconfigure".
Cheers,- Brice

Brice Waegeneire wrote on 9 Mar 07:17 +0100

control message for bug #38884

Recipients:(address . control@debbugs.gnu.org)

Message-ID:87im60zw9a.fsf@waegenei.re

close 38884 quit
Fixed in df138dc20858725b90ed77be85f3318cbe1be73a and later, see #46560.

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date