Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#74591 - [qemu-system-ppc][sudo] Resource limits file prevents sudo from working in container

Attached to Project: Arch Linux
Opened by Nathan Chancellor (nathanchance) - Saturday, 30 April 2022, 00:41 GMT
Last edited by David Runge (dvzrv) - Monday, 02 May 2022, 13:34 GMT
Task Type Bug Report
Category Packages: Testing
Status Closed
Assigned To Anatol Pomozov (anatolik)
David Runge (dvzrv)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

The source limits file that is included with qemu-system-ppc 7.0.0-8 prevents sudo from working.

Steps to reproduce:

I initially noticed this in a Docker container build.

$ podman run --rm -ti docker.io/archlinux
# sed -i "/\[testing\]/,/Include/"'s/^#//' /etc/pacman.conf
# sed -i "/\[community-testing\]/,/Include/"'s/^#//' /etc/pacman.conf
# pacman -Syyu --noconfirm
...

# pacman -S --noconfirm sudo
...

# sudo echo works
works

# pacman -S --noconfirm qemu-system-ppc
...

# sudo echo works
sudo: pam_open_session: Permission denied
sudo: policy plugin failed session initialization

# sed -i 's;* ;#* ;g' /etc/security/limits.d/95-qemu-system-ppc.conf

# sudo echo works
works
This task depends upon

Closed by  David Runge (dvzrv)
Monday, 02 May 2022, 13:34 GMT
Reason for closing:  Fixed
Additional comments about closing:  Fixed with qemu-system-ppc 7.0.0-9
Comment by David Runge (dvzrv) - Saturday, 30 April 2022, 08:06 GMT
@nathanchance: Thanks for the ticket.

I can not reproduce this in a systemd-nspawn container running Arch. Could you provide some information on how this behaves for you in regards to the limits reported by the system?

E.g. please show the output of ulimit -a for before and after the installation of qemu-system-ppc (for me the reported max locked memory for root does not change)
Comment by Nathan Chancellor (nathanchance) - Saturday, 30 April 2022, 14:32 GMT
Sure. Unfortunately, I do not see a difference either.

Before:

# ulimit -a
real-time non-blocking time (microseconds, -R) unlimited
core file size (blocks, -c) unlimited
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 1030301
max locked memory (kbytes, -l) 8192
max memory size (kbytes, -m) unlimited
open files (-n) 524288
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 1030301
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited

After:

# ulimit -a
real-time non-blocking time (microseconds, -R) unlimited
core file size (blocks, -c) unlimited
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 1030301
max locked memory (kbytes, -l) 8192
max memory size (kbytes, -m) unlimited
open files (-n) 524288
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 1030301
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited

If there is any other information I can provide, please let me know. For what it's worth, I have never had any problems starting qemu-system-ppc on an Arch system before, usually with half a gigabyte or a couple gigabytes of RAM, so I wondered why the resource limits file is even necessary but I drive QEMU by itself, not through libvirt.
Comment by David Runge (dvzrv) - Monday, 02 May 2022, 12:56 GMT
@nathanchance: I guess I'll remove the limits config for now. If we indeed need it in the future, it can be grabbed from the source history.

Loading...