su no chroot da Debian dá erro crítico (sistema embarcado)

0

Estou tentando instalar o Debian jessie dentro de um chroot em um sistema embarcado (QNAP NAS com kernel 2.6.33.2). Eu executei com sucesso o debootstrap para instalar o sistema básico e o chroot funciona corretamente porque eu posso atualizar os pacotes usando apt-get .

O problema ocorre ao adicionar um novo usuário: su sempre imprime su: Erro crítico - anulação imediata . Aqui está uma impressão:

CHROOT:/# whoami
root
CHROOT:/# id
uid=0(root) gid=0(root) groups=0(root),100(users)
CHROOT:/# su root
su: Critical error - immediate abort
CHROOT:/# adduser newuser
Adding user 'newuser' ...
Adding new group 'newuser' (1000) ...
Adding new user 'newuser' (1000) with group 'newuser' ...
Creating home directory '/home/newuser' ...
Copying files from '/etc/skel' ...
Enter new UNIX password:

Retype new UNIX password:

passwd: password updated successfully
Changing the user information for newuser
Enter the new value, or press ENTER for the default
        Full Name []:
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n] Y
CHROOT:/# su newuser
su: Critical error - immediate abort

e sempre que eu tento su esse erro aparece em dmesg :

CHROOT:/# dmesg
CHROOT:/# su root
su: Critical error - immediate abort
CHROOT:/# dmesg
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!

É algo relacionado à versão antiga do kernel? Posso fazer algo para contornar esse problema, já que não posso obviamente atualizar o kernel?

A propósito, eu tenho um chroot muito antigo lenny que foi criado dessa maneira e no mesmo sistema funciona corretamente.

strace su root dá:

### CUT ###
read(3, "#\n# /etc/login.defs - Configurat"..., 4096) = 4096
read(3, " issuing \n# the \"mesg y\" command"..., 4096) = 4096
read(3, "It supports passwords of unlimit"..., 4096) = 2286
close(3)                                = 0
munmap(0xb76e7000, 4096)                = 0
access("/var/run/utmpx", F_OK)          = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
_llseek(3, 0, [0], SEEK_SET)            = 0
alarm(0)                                = 0
rt_sigaction(SIGALRM, {0xb7666680, [], 0}, {SIG_DFL, [], 0}, 8) = 0
alarm(10)                               = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "", 384)                        = 0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0)                                = 10
rt_sigaction(SIGALRM, {SIG_DFL, [], 0}, NULL, 8) = 0
close(3)                                = 0
getuid32()                              = 0
time(NULL)                              = 1491675822
socket(PF_LOCAL, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3
connect(3, {sa_family=AF_LOCAL, sun_path="/dev/log"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0
socket(PF_NETLINK, SOCK_RAW, NETLINK_AUDIT) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
sendto(3, "p
CHROOT:/# whoami
root
CHROOT:/# id
uid=0(root) gid=0(root) groups=0(root),100(users)
CHROOT:/# su root
su: Critical error - immediate abort
CHROOT:/# adduser newuser
Adding user 'newuser' ...
Adding new group 'newuser' (1000) ...
Adding new user 'newuser' (1000) with group 'newuser' ...
Creating home directory '/home/newuser' ...
Copying files from '/etc/skel' ...
Enter new UNIX password:

Retype new UNIX password:

passwd: password updated successfully
Changing the user information for newuser
Enter the new value, or press ENTER for the default
        Full Name []:
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n] Y
CHROOT:/# su newuser
su: Critical error - immediate abort
CHROOT:/# dmesg
CHROOT:/# su root
su: Critical error - immediate abort
CHROOT:/# dmesg
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
[    0.000000] sys_set_ipsec_rules: copy_from_user failed!
### CUT ###
read(3, "#\n# /etc/login.defs - Configurat"..., 4096) = 4096
read(3, " issuing \n# the \"mesg y\" command"..., 4096) = 4096
read(3, "It supports passwords of unlimit"..., 4096) = 2286
close(3)                                = 0
munmap(0xb76e7000, 4096)                = 0
access("/var/run/utmpx", F_OK)          = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
_llseek(3, 0, [0], SEEK_SET)            = 0
alarm(0)                                = 0
rt_sigaction(SIGALRM, {0xb7666680, [], 0}, {SIG_DFL, [], 0}, 8) = 0
alarm(10)                               = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "", 384)                        = 0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0)                                = 10
rt_sigaction(SIGALRM, {SIG_DFL, [], 0}, NULL, 8) = 0
close(3)                                = 0
getuid32()                              = 0
time(NULL)                              = 1491675822
socket(PF_LOCAL, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3
connect(3, {sa_family=AF_LOCAL, sun_path="/dev/log"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0
socket(PF_NETLINK, SOCK_RAW, NETLINK_AUDIT) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
sendto(3, "p%pre%%pre%%pre%Q%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%op=PAM:session_o"..., 112, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 112
poll([{fd=3, events=POLLIN}], 1, 500)   = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, "$%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%77%pre%%pre%%pre%%pre%%pre%%pre%p%pre%%pre%%pre%Q%pre%%pre%%pre%%pre%"..., 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36
recvfrom(3, "$%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%77%pre%%pre%%pre%%pre%%pre%%pre%p%pre%%pre%%pre%Q%pre%%pre%%pre%%pre%"..., 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36
close(3)                                = 0
time(NULL)                              = 1491675822
socket(PF_LOCAL, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3
connect(3, {sa_family=AF_LOCAL, sun_path="/dev/log"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0
open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=2492, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb76e7000
read(3, "# Locale name alias data base.\n#"..., 4096) = 2492
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0xb76e7000, 4096)                = 0
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "su: Critical error - immediate a"..., 37su: Critical error - immediate abort
) = 37
socket(PF_NETLINK, SOCK_RAW, NETLINK_AUDIT) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
sendto(3, "l%pre%%pre%%pre%P%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%op=PAM:setcred a"..., 108, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 108
poll([{fd=3, events=POLLIN}], 1, 500)   = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, "$%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%04<%pre%%pre%%pre%%pre%%pre%%pre%l%pre%%pre%%pre%P%pre%%pre%%pre%%pre%"..., 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36
recvfrom(3, "$%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%04<%pre%%pre%%pre%%pre%%pre%%pre%l%pre%%pre%%pre%P%pre%%pre%%pre%%pre%"..., 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36
close(3)                                = 0
munmap(0xb73e2000, 8284)                = 0
munmap(0xb7324000, 16500)               = 0
munmap(0xb7320000, 12384)               = 0
munmap(0xb7319000, 24776)               = 0
munmap(0xb72fb000, 119488)              = 0
munmap(0xb73b7000, 163088)              = 0
munmap(0xb7344000, 467256)              = 0
munmap(0xb72ca000, 196956)              = 0
munmap(0xb73df000, 8220)                = 0
munmap(0xb72c7000, 8232)                = 0
exit_group(1)                           = ?
+++ exited with 1 +++
Q%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%op=PAM:session_o"..., 112, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 112 poll([{fd=3, events=POLLIN}], 1, 500) = 1 ([{fd=3, revents=POLLIN}]) recvfrom(3, "$%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%77%pre%%pre%%pre%%pre%%pre%%pre%p%pre%%pre%%pre%Q%pre%%pre%%pre%%pre%"..., 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36 recvfrom(3, "$%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%77%pre%%pre%%pre%%pre%%pre%%pre%p%pre%%pre%%pre%Q%pre%%pre%%pre%%pre%"..., 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36 close(3) = 0 time(NULL) = 1491675822 socket(PF_LOCAL, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3 connect(3, {sa_family=AF_LOCAL, sun_path="/dev/log"}, 110) = -1 ENOENT (No such file or directory) close(3) = 0 open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=2492, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb76e7000 read(3, "# Locale name alias data base.\n#"..., 4096) = 2492 read(3, "", 4096) = 0 close(3) = 0 munmap(0xb76e7000, 4096) = 0 open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US.utf8/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.UTF-8/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.utf8/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US.utf8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.UTF-8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.utf8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory) write(2, "su: Critical error - immediate a"..., 37su: Critical error - immediate abort ) = 37 socket(PF_NETLINK, SOCK_RAW, NETLINK_AUDIT) = 3 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 sendto(3, "l%pre%%pre%%pre%P%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%op=PAM:setcred a"..., 108, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 108 poll([{fd=3, events=POLLIN}], 1, 500) = 1 ([{fd=3, revents=POLLIN}]) recvfrom(3, "$%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%04<%pre%%pre%%pre%%pre%%pre%%pre%l%pre%%pre%%pre%P%pre%%pre%%pre%%pre%"..., 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36 recvfrom(3, "$%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%04<%pre%%pre%%pre%%pre%%pre%%pre%l%pre%%pre%%pre%P%pre%%pre%%pre%%pre%"..., 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36 close(3) = 0 munmap(0xb73e2000, 8284) = 0 munmap(0xb7324000, 16500) = 0 munmap(0xb7320000, 12384) = 0 munmap(0xb7319000, 24776) = 0 munmap(0xb72fb000, 119488) = 0 munmap(0xb73b7000, 163088) = 0 munmap(0xb7344000, 467256) = 0 munmap(0xb72ca000, 196956) = 0 munmap(0xb73df000, 8220) = 0 munmap(0xb72c7000, 8232) = 0 exit_group(1) = ? +++ exited with 1 +++
    
por virtualdj 08.04.2017 / 20:39

1 resposta

0

Depois de instalar o mesmo Debian jessie em outro NAS com um kernel mais recente e ver funcionado , consegui identificar o culpado comparando os arquivos em /etc/pam.d/ : é pam_limits.so (dentro do chroot do Debian) que eu acho que não é compatível com o kernel antigo externo.

Então, se eu inspecionar o chroot problemático, posso ver quais serviços usam pam_limits.so com:

CHROOT:/# grep -l "^session.*pam_limits.so" $(find /etc/pam.d -type f)
/etc/pam.d/runuser
/etc/pam.d/login
/etc/pam.d/su
/etc/pam.d/cron

Este comando pesquisa todos os serviços que, por padrão, estão ativando pam_limits.so para execução e você vê que su está lá (essa é a razão pela qual ele falha). Por isso, posso comentar tudo isso ao prefixar um # com sed desta forma:

CHROOT:/# sed -i "/^session.*pam_limits.so/s/^/#/" $(find /etc/pam.d -type f)
CHROOT:/# grep -l "^session.*pam_limits.so" $(find /etc/pam.d -type f)

Após a emissão de sed , não há mais pam_limits habilitados (como grep agora não imprime nada) e, de fato, o su está funcionando sem qualquer dmesg output:

CHROOT:/# whoami
root
CHROOT:/# dmesg
CHROOT:/# su root
CHROOT:/# dmesg
CHROOT:/# exit
exit
CHROOT:/# whoami
root
    
por 15.04.2017 / 14:32