Ubuntu
linux-aws package

sudo localedef from docker does not work anymore after upgrade from 4.4.0-1088-aws to 4.4.0-1090-aws

Bug #1842364 reported by Simon Allan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-aws (Ubuntu)
New
Undecided
Unassigned

Bug Description

step to reproduce

take an AMI: ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20190816
(it runs by default the version 4.4.0-1090-aws of the kernel)

install docker on it and launch a debian:stretch instance (can reproduce with ubuntu:latest)

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get update
sudo apt-get install -y docker-ce
sudo docker run -it debian:stretch bash

from within the docker , install sudo and create a user "admin" part of the sudo group
install the package 'locales', and then try to activate the locale fr_FR.UTF-8:

apt-get install -y sudo locales
adduser admin
usermod -aG sudo admin
su admin
sudo localedef -i fr_FR -c -f UTF-8 -A /usr/share/locale/locale.alias fr_FR.UTF-8
locale -a

it displays :

C
C.UTF-8
POSIX

now if you run the same command as root, from within the very same docker container:

localedef -i fr_FR -c -f UTF-8 -A /usr/share/locale/locale.alias fr_FR.UTF-8
locale -a

it displays correctly:

C
C.UTF-8
POSIX
fr_FR.utf8

I've been able to track down that with the AMI ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20190807(ami-0e253b69fb96577d1) the problem does not appear
if you apt-get upgrade , it still does not appear,
BUT if you dist-upgrade, it then upgrades linux-aws from 4.4.0-1088-aws to 4.4.0-1092-aws, and if you reboot, then the bugs appears too , which to me proves that there's an issue between docker and version of the linux kernel

Revision history for this message
Simon Allan (sysko-supinfo) wrote :

some precision,

actually in the "buggy" container, the file /usr/lib/locale/locale-archive is created in all case with the permission (regardless with sudo or directly as root user):

-rw-r--r-- 1 root root 1.7M Sep 2 23:17 locale-archive

however

1. if the file was generated as root, (not with sudo) , the admin user can only get "fr_FR.utf-8" when doing sudo locale -a
2. if I chmod 777 the file /usr/lib/locale/locale-archive then the normal user can see -it

I need to check tomorrow the permission the file had when running with the previous linux-aws version

Revision history for this message
Simon Allan (sysko-supinfo) wrote :

with the previous linux-aws version i got also

-rw-r--r-- 1 root root 1.7M Sep 3 08:38 locale-archive

but for some reason I can't read it

admin@8597d5502142:/$ head /usr/lib/locale/locale-archive
head: cannot open '/usr/lib/locale/locale-archive' for reading: Permission denied

(normally I should , because of the `r` permission on the other group ?)

Revision history for this message
Simon Allan (sysko-supinfo) wrote :

however if it touch a file as root

root@8597d5502142:/# touch /tmp/toto
root@8597d5502142:/# ls -lh /tmp
total 0
-rw-r--r-- 1 root root 0 Sep 3 08:42 toto
root@8597d5502142:/# su admin
admin@8597d5502142:/$ head /tmp/toto

(no permission denied)

Revision history for this message
Simon Allan (sysko-supinfo) wrote :

ok I think I have pinpointed a bit more precisely the issue ,

on the kernel with the bug , if from the container I do

localedef -i fr_FR -c -f UTF-8 -A /usr/share/locale/locale.alias fr_FR.UTF-8
stat /usr/lib/locale/locale-archive

I got

  File: /usr/lib/locale/locale-archive
  Size: 1679760 Blocks: 3144 IO Block: 4096 regular file
Device: 10301h/66305d Inode: 521785 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2019-09-03 08:57:16.661569167 +0000
Modify: 2019-09-03 08:57:16.661569167 +0000
Change: 2019-09-03 08:57:16.661569167 +0000

if i switch to the non admin user and I do head, I can't read it (but I can list /stat it)

now if I do

chmod o+r /usr/lib/locale/locale-archive
stat /usr/lib/locale/locale-archive

I got exactly the same thing

  File: /usr/lib/locale/locale-archive
  Size: 1679760 Blocks: 3144 IO Block: 4096 regular file
Device: 10301h/66305d Inode: 521785 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2019-09-03 08:57:16.661569167 +0000
Modify: 2019-09-03 08:57:16.661569167 +0000
Change: 2019-09-03 09:00:39.418079016 +0000

(except the change date that has changed)

but now if i go as an admin again and i do head.... it works !

so in the first stat, the permission reported were wrong ahd somewhat, redoing chmod o+r corrected it.....

Note that if as root I touch a file, I don't have this issue, so the file created by localedef is created a bit differently that what "touch" does

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.