OS-4716

lxbrand native system(3C) broken

Status:: Resolved
Resolution:: Fixed
Created:: 2015-09-08T13:34:19.000-0400
Updated:: 2016-08-23T13:34:13.000-0400

Description

If you try to use system from within an lx-branded zone, it fails silently:

root@b333ceed-f34d-61f5-b132-aa4a42d10994:/home/cody/src/rustc-1.2.0# dtrace -wn 'proc:::exec-success { system("/native/usr/bin/echo hello"); }'
dtrace: description 'proc:::exec-success ' matched 1 probe
dtrace: allowing destructive actions
CPU     ID                    FUNCTION:NAME
  8     71         exec_common:exec-success
 27     71         exec_common:exec-success
  1     71         exec_common:exec-success
  1     71         exec_common:exec-success
  2     71         exec_common:exec-success
 11     71         exec_common:exec-success
  3     71         exec_common:exec-success
 28     71         exec_common:exec-success
  8     71         exec_common:exec-success

Comments (4)

Former user commented on 2016-08-22T11:56:39.000-0400:

The root-cause is actually a problem in native system(3C), which
DTrace uses. The native system(3C) execs /usr/bin/sh passing its
argument as command. On Linux, or at least for CentOS, there is no
/usr/bin/sh, but instead only /bin/sh.

The simple workaround is to create a symlink in the brand. This will
cause native system(3C) to exec the branded sh, which works fine
(you could also link it to /native/usr/bin/sh).

The more appropriate fix is to treat native system(3C) like we treat
other native code: to make it aware of AT_SUN_BRAND_NROOT (see
OS-3280#icft=OS-3280). That way, if any native program calls system(3C) it will use
the /native prefix and find the native sh.

Former user commented on 2016-08-22T12:04:18.000-0400:

By the way, I was worried about this breaking chroot: i.e. if you
chroot to /native and then call native system(3C), wouldn't it
break again? Turns out we check for this scenario in
lx_native_exec and it will only prepend /native if it's not
already the root.

Former user commented on 2016-08-23T11:50:43.000-0400:

Test for lx:

[root@c66-lx ~]# /native/usr/sbin/dtrace -wqn 'tick-1s { system("date"); }'
Sat Aug 20 15:03:59 UTC 2016
Sat Aug 20 15:04:00 UTC 2016
Sat Aug 20 15:04:01 UTC 2016

Test for chroot to /native on lx:

[root@c66-lx ~]# chroot /native bash
bash-4.3# /usr/sbin/dtrace -wqn 'tick-1s { system("date"); }'
August 20, 2016 03:04:17 PM GMT
August 20, 2016 03:04:18 PM GMT
August 20, 2016 03:04:19 PM GMT

Test for native:

[root@testsos ~]# dtrace -wqn 'tick-1s { system("date"); }'
August 20, 2016 03:03:47 PM UTC
August 20, 2016 03:03:48 PM UTC
August 20, 2016 03:03:49 PM UTC

Former user commented on 2016-08-23T12:14:45.000-0400:

illumos-joyent commit 0c8abfc (branch master, by Ryan Zezeski)

OS-4716#icft=OS-4716 lxbrand native system(3C) broken
Reviewed by: jerry.jelinek@joyent.com
Reviewed by: patrick.mooney@joyent.com