Ubuntu
at package

atd fails to start on new kernel 2.6.35-6

Bug #598824 reported by Tobias Wolf on 2010-06-26

This bug affects 6 people

	Status	Importance	Assigned to
at (Ubuntu)	Fix Released	High	Kees Cook
Lucid	Fix Released	Medium	Kees Cook
Maverick	Fix Released	High	Kees Cook

Bug Description

Binary package hint: at

When I start atd I get the following in my syslog:

atd[3840]: Can't link execution file: Operation not permitted
kernel: [ 9095.373990] deprecated non-accessible hardlink creation was attempted by: atd

and it fails to start. I looked at the Debian changelog for the kernel and there was a change regarding apparmor and hardlinks. Do I need to have apparmor installed? I removed it because I saw no need for it.

TEST CASE: boot a Lucid system with the linux-lts-backports-maverick kernel. The above error should go away with the at in lucid-proposed.

See original description

Tags:

Related branches

lp:ubuntu/maverick/at

lp:ubuntu/lucid/at

lp:ubuntu/lucid-proposed/at

Revision history for this message

Ansgar Burchardt (aburch) wrote on 2010-06-27: Re: [Bug 598824] [NEW] atd fails to start on new kernel 2.6.35-6

> When I start atd I get the following in my syslog:
>
> atd[3840]: Can't link execution file: Operation not permitted
> kernel: [ 9095.373990] deprecated non-accessible hardlink creation was attempted by: atd
>
> and it fails to start. I looked at the Debian changelog for the kernel
> and there was a change regarding apparmor and hardlinks. Do I need to
> have apparmor installed? I removed it because I saw no need for it.

This seems to be caused by [1]. Try

sysctl -w fs.weak-nonaccess-hardlinks=1

to revert to the old behavior as a workaround.

I wonder if the check for hardlink creation should be relaxed to also
allow linking when the user could delete the file in question.

Regards,
Ansgar

[1] <http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-maverick.git;a=commit;h=069cb89e17c6dc5b2a1de2469746bc42935850fb>

status triaged
importance high

Changed in at (Ubuntu):
importance:	Undecided → High
status:	New → Triaged

Kees Cook (kees) on 2010-06-27

Changed in at (Ubuntu):
assignee:	nobody → Kees Cook (kees)

Revision history for this message

Kees Cook (kees) wrote on 2010-06-27:

Gentoo has seen this too: http://bugs.gentoo.org/4268
A possible work-around:
http://shaddack.twibright.com/patches/atd/at-3.1.8-symlinkhack.patch

Revision history for this message

Kees Cook (kees) wrote on 2010-06-27:

at_3.1.12-1ubuntu2.debdiff Edit (825 bytes, text/plain)

The work-around isn't valid. The lock file must be a hardlink due to how enqueue/dequeue works, and the nlinks tests. As a result, the simple solution is to just wrap link() in PRIV_START/PRIV_END.

Changed in at (Ubuntu):
status:	Triaged → In Progress

Kees Cook (kees) on 2010-06-27

Changed in at (Ubuntu):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-06-27:

This bug was fixed in the package at - 3.1.12-1ubuntu2

---------------
at (3.1.12-1ubuntu2) maverick; urgency=low

* Perform queue hardlinks with full privileges (LP: #598824).
-- Kees Cook <email address hidden> Sun, 27 Jun 2010 12:13:43 -0700

Changed in at (Ubuntu):
status:	Fix Committed → Fix Released

Revision history for this message

Kees Cook (kees) wrote on 2010-06-27:

@Tobias, BTW, I would strongly recommend putting AppArmor back -- it protects a number of services including cups, which runs as root still.

Revision history for this message

Tobias Wolf (towolf) wrote on 2010-06-27: Re: [Bug 598824] Re: atd fails to start on new kernel 2.6.35-6

On So, 2010-06-27 at 19:36 +0000, Kees Cook wrote:
> @Tobias, BTW, I would strongly recommend putting AppArmor back -- it
> protects a number of services including cups, which runs as root still.

Nor running CUPS either. Don’t have a printer. I like my system slim.
Maybe it will be worth it once I have a beefier system.
Thanks for the fix.

Brian Murray (brian-murray) on 2010-06-27

tags:

added: patch

Revision history for this message

terdegstra (inetkz) wrote on 2010-07-28:

sysctl -w fs.weak-nonaccess-hardlinks=1
error: "fs.weak-nonaccess-hardlinks" is an unknown key

Revision history for this message

Kees Cook (kees) wrote on 2010-08-04:

This sysctl was moved:

sysctl -w kernel.yama.protected_nonaccess_hardlinks=0

Are you still seeing problems? atd should be fixed already.

Revision history for this message

Tobias Wolf (towolf) wrote on 2010-08-04:

At least for me this has been fixed since the upload in Comment #4.

Revision history for this message

Thomas Antepoth (ta-ubuntu-antepoth) wrote on 2010-09-03:

#10

I did a:

root@sofa:/etc/sysctl.d# sysctl -w kernel.yama.protected_nonaccess_hardlinks=0
kernel.yama.protected_nonaccess_hardlinks = 0
root@sofa:/etc/sysctl.d#

and in fact - this workaround did it for me.

Is there any backport of 3.1.12 in Lucid available?

Revision history for this message

Kees Cook (kees) wrote on 2010-09-03:

#11

@Thomas: were you still seeing the atd bug in current Maverick? atd should be fixed for a while now.

Revision history for this message

Thomas Antepoth (ta-ubuntu-antepoth) wrote on 2010-09-04:

#12

@Kees: I don't have any Maverick installation currently.

This one came up in a from-the-scratch Lucid installation from August 16th using the 2.6.35.19 ppa.

Sep 3 18:40:16 sofa init: atd main process (16523) terminated with status 1
Sep 3 18:40:16 sofa init: atd respawning too fast, stopped
Sep 3 18:40:16 sofa kernel: [37917.532982] non-accessible hardlink creation was attempted by: atd (fsuid 1)
Sep 3 18:40:16 sofa kernel: [37917.534893] non-accessible hardlink creation was attempted by: atd (fsuid 1)

Revision history for this message

Thorsten Hesemeyer (thorsten-hesemeyer) wrote on 2010-12-20:

#13

This AT issue seems to be solved for Maverick only:

Ubuntu 10.04 "Lucid Lynx" -> AT Version: 3.1.11-1ubuntu5
Ubuntu 10.10 "Maverick" -> AT Version: 3.1.12-1ubuntu2

So Lucid still contains the older, non patched version of "at" and "atd".
I agree, this problem still exists in Ubuntu 10.04 "Lucid".

Kind regards,
Thorsten

Kees Cook (kees) on 2010-12-20

Changed in at (Ubuntu Maverick):
status:	New → Fix Released
assignee:	nobody → Kees Cook (kees)
importance:	Undecided → High
Changed in at (Ubuntu Lucid):
importance:	Undecided → Medium
status:	New → Confirmed
assignee:	nobody → Kees Cook (kees)

Kees Cook (kees) on 2011-01-11

Changed in at (Ubuntu Lucid):
status:	Confirmed → In Progress
description:	updated

Revision history for this message

Martin Pitt (pitti) wrote on 2011-01-15: Please test proposed package

#14

Accepted at into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in at (Ubuntu Lucid):
status:	In Progress → Fix Committed
tags:	added: verification-needed

Revision history for this message

LaMont Jones (lamont) wrote on 2011-01-16:

#15

Works for me on lucid-userspace+maverick kernel, i386. Which is where I first encountered the issue.

Kees Cook (kees) on 2011-01-18

tags:

added: verification-done
removed: verification-needed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-01-23:

#16

This bug was fixed in the package at - 3.1.11-1ubuntu5.1

---------------
at (3.1.11-1ubuntu5.1) lucid-proposed; urgency=low

* atd.c: perform queue hardlinks with full privileges to stay
compatible with kernels with hardlink restrictions (LP: #598824).
-- Kees Cook <email address hidden> Tue, 11 Jan 2011 14:59:16 -0800