Ubuntu
qemu package

Qemu fails with daemonize and enabled elevateprivileges

Bug #1964488 reported by Raphael Pour
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
qemu (Ubuntu)
Won't Fix
Low
Unassigned
Impish
Won't Fix
Low
Unassigned
Jammy
Won't Fix
Low
Unassigned

Bug Description

Qemu fails silently with exit code 1 when using daemonize and the sandbox option elevateprivileges=deny. This behavior got introduced by 0546c0609cb5a8d90c1cbac8e0d64b5a048bbb19 where the sandbox options gets parsed and enforced *before* daemonizing. Since the os_daemonize libc-call uses the syscall setsid, qemu gets killed by the signal 13 (SIGSYS).

The documentation (https://qemu.readthedocs.io/en/latest/system/security.html#isolation-mechanisms) states that sanboxing "[...] disables system calls that are not needed by QEMU[...]", but setsid obviously is needed.

What I expected:
- a hint in the documentation of the flags that elevateprivileges AND daemonize contradict -or-
- working combination

Reproducer:
$ qemu-system-x86_64 -sandbox on,elevateprivileges=deny -daemonize

Package: 1:6.2+dfsg-2ubuntu5
Ubuntu Version: 22.04 (Jammy Jellyfish)
dmesg:
[ 181.064898] audit: type=1326 audit(1646924855.830:13): auid=0 uid=0 gid=0 ses=1 subj=? pid=3622 comm="qemu-system-x86" exe="/usr/bin/qemu-system-x86_64" sig=31 arch=c000003e syscall=112 compat=0 ip=0x7f725964f40b code=0x80000000
Coredump:

           PID: 4402 (qemu-system-x86)
           UID: 0 (root)
           GID: 0 (root)
        Signal: 31 (SYS)
     Timestamp: Thu 2022-03-10 15:10:37 UTC (37s ago)
  Command Line: qemu-system-x86_64 -sandbox on,elevateprivileges=deny -daemonize
    Executable: /usr/bin/qemu-system-x86_64
 Control Group: /user.slice/user-0.slice/session-1.scope
          Unit: session-1.scope
         Slice: user-0.slice
       Session: 1
     Owner UID: 0 (root)
       Boot ID: 3cdf72ff261640e3a3f9e887d159bb2a
    Machine ID: 72874f2d047d4c87887abbc727924413
      Hostname: raphael-20220310-145731
       Storage: /var/lib/systemd/coredump/core.qemu-system-x86.0.3cdf72ff261640e3a3f9e887d159bb2a.4402.1646925037000000.zst (present)
     Disk Size: 405.6K
       Message: Process 4402 (qemu-system-x86) of user 0 dumped core.

                Found module linux-vdso.so.1 with build-id: aea445f382fbc134b3bc979d61dd291e78bea882
                Found module libcrypto.so.3 with build-id: 16bbb788a98f53a5cd5ce19936946a279603f77a
                Found module liblzma.so.5 with build-id: 3eeacec54c1e109d7486961e9b56c01023dd492e
                Found module libpcre2-8.so.0 with build-id: 730c613f1746c1ddfca8a4420385ac363e86e2a2
                Found module libblkid.so.1 with build-id: cdf95a964e3302bb356fefc4b801fae8c4340b31
                Found module libkmod.so.2 with build-id: c8ac4bc8d0fe03ceb8cad8d24484c5cbad9daf5a
                Found module libuuid.so.1 with build-id: 64c0d0cb22fa2bdeca075a0c0418ba5ff314b220
                Found module libnl-route-3.so.200 with build-id: 0d1ec15c789fe7cc860df8d8d2004a6c7b03c2a3
                Found module libnl-3.so.200 with build-id: 63256316bd1135d4745d740781b42ca55f77a24f
                Found module libpcre.so.3 with build-id: 56ddb828685e501f1498130d1cc7f51c242554c1
                Found module libffi.so.8 with build-id: 59c2a6b204f74f358ca7711d2dfd349d88711f6a
                Found module libselinux.so.1 with build-id: 2195967b677f320e35e0cdafe08a4713bc2a95e8
                Found module libmount.so.1 with build-id: eeb33f2b4b9c3eb0a29575eb9932ef08663bd836
                Found module libdaxctl.so.1 with build-id: f7dfbca3d72bc7ba36d6b60a28119269f2504db2
                Found module libndctl.so.6 with build-id: 22fb97cc03c9bc2e81c12c5e1f82973cfea86338
                Found module libgmp.so.10 with build-id: f110719303ddbea25a5e89ff730fec520eed67b0
                Found module libhogweed.so.6 with build-id: 01a0b20878b525a7a33197fc23b738654682f3c4
                Found module libtasn1.so.6 with build-id: efacd0b1b8ccb481fcb501cf76cf07cb2c444d45
                Found module libunistring.so.2 with build-id: ca5149da8d5a298b8f286ffca3d6e2402ec0fe01
                Found module libidn2.so.0 with build-id: f477d28cad4d54daee0070cd4949f0487ac93afc
                Found module libp11-kit.so.0 with build-id: 6e579cbca24932056e99bb54557cd5a1234811ea
                Found module ld-linux-x86-64.so.2 with build-id: c83a452679d23179c2ddd07c5c25d182e54908df
                Found module libc.so.6 with build-id: 094a2d85f72e893d0c15a66812d51d5493e30860
                Found module libgcc_s.so.1 with build-id: 443a1e5dd16a55fd142e5e5fcdc544ba2052dda0
                Found module libm.so.6 with build-id: a9832e9d3a777fc99a89d92e359eec6395deca29
                Found module libaio.so.1 with build-id: a21eb19f17dd68947804f035aa6c27cd73a70439
                Found module libfuse3.so.3 with build-id: d45830188e873e270f28ab91f11e6fc7d7b2159c
                Found module libnettle.so.8 with build-id: 89ee6d2af3edfaf90640d96b94afcef1e43d74a2
                Found module libgmodule-2.0.so.0 with build-id: d64002b7a12e58f579eecf952daeb61435f8f343
                Found module liburing.so.2 with build-id: 976771a582fd2e5c62faff76c026b09eaf3335a0
                Found module libudev.so.1 with build-id: ffd1278cf71c4c9c09bac7cdefac3d58b9e1d1f8
                Found module libslirp.so.0 with build-id: ccb8518051352845e15c5702d534bfb703b683d3
                Found module libzstd.so.1 with build-id: b5600f7bc62e7915ed7199c8c486e3ff3af0ce16
                Found module libibverbs.so.1 with build-id: b562c2bac28667351afdd7bd49ac534d118c4f6e
                Found module librdmacm.so.1 with build-id: 72f988fe1f74a0241f65f4cd16ed26df6279920c
                Found module libglib-2.0.so.0 with build-id: fb79c175ac99bf40796a1e2c66c4e2bd24aaeeaa
                Found module libgobject-2.0.so.0 with build-id: bb28703f64aac29648fdf9ee790291dc2e8f309d
                Found module libgio-2.0.so.0 with build-id: 8061f2c2287fdb8e35f0dcd0d8cd37f1628478f8
                Found module libnuma.so.1 with build-id: 0bc332b68b3900db9579c7e29fd534de7250b43e
                Found module libfdt.so.1 with build-id: 6f636bd87d7fabc7e33e0bb5f813e9c457f65095
                Found module libseccomp.so.2 with build-id: 50e714eb138a4a1a38f41f084aefb51d6a9ebf1c
                Found module libpmem.so.1 with build-id: dee04fd8f01a6c80d81a2e9eec986a30c459ab32
                Found module libsasl2.so.2 with build-id: 562c038e4a5a2196c9c085cd1f9276e3641399a6
                Found module libgnutls.so.30 with build-id: 843b60988232157225bc1f0a293321992abd107b
                Found module libjpeg.so.8 with build-id: c54abff9294357e28532a76a049a4cb2542fc15b
                Found module libpng16.so.16 with build-id: 44f16132c2457c1289f64093e541ed4036be19ec
                Found module libz.so.1 with build-id: ef650611451904165e9caf6080ecbaad50b84d3f
                Found module libpixman-1.so.0 with build-id: da7de7a61faeedaec7d25546ac1b0a9d4f141651
                Found module qemu-system-x86_64 with build-id: 5cb2521c24e8f3bd7d22a87f13fafc0ba539a8b4
                Stack trace of thread 4402:
                #0 0x00007faf4337d40b setsid (libc.so.6 + 0xf040b)
                #1 0x000055afe3467128 os_daemonize (qemu-system-x86_64 + 0x848128)
                #2 0x000055afe3314fe3 qemu_init (qemu-system-x86_64 + 0x6f5fe3)
                #3 0x000055afe3008fdd main (qemu-system-x86_64 + 0x3e9fdd)
                #4 0x00007faf432bad90 n/a (libc.so.6 + 0x2dd90)
                #5 0x00007faf432bae40 __libc_start_main (libc.so.6 + 0x2de40)
                #6 0x000055afe300b955 _start (qemu-system-x86_64 + 0x3ec955)

                Stack trace of thread 4403:
                #0 0x00007faf433b7b6d n/a (libc.so.6 + 0x12ab6d)

See original description
Revision history for this message
Raphael Pour (raphaelpour) wrote :
description: updated
Raphael Pour (raphaelpour)
description: updated
Revision history for this message
Christian Ehrhardt  (paelzer) wrote (last edit ):

Hi Raphael,
Thank you for your report - I can confirm your finding and agree that it would be nicer to either work or be better documented.

The change introducing it was first in v6.0.0 and thereby Impish and later are affected (I updated the bug tasks to reflect hat).

This case isn't Ubuntu only and IMHO not severe enough to add patches on top of just our builds. The best path forward I'd think is to report the very same upstream [1] and report the opened issue here. We can then track an upstream fix to this and apply it to Ubuntu as well from there.

[1]: https://gitlab.com/qemu-project/qemu/-/issues?sort=created_date&state=opened

Changed in qemu (Ubuntu Impish):
status: New → Confirmed
Changed in qemu (Ubuntu Jammy):
status: New → Confirmed
Changed in qemu (Ubuntu Impish):
importance: Undecided → Low
Changed in qemu (Ubuntu Jammy):
importance: Undecided → Low
tags: added: need-upstream-report
Revision history for this message
Raphael Pour (raphaelpour) wrote (last edit ):

Thanks Christian for your quick answer!

I just stumbled across a similar issue (https://gitlab.com/qemu-project/qemu/-/issues/798) which got closed with 'intended behavior'.

This issue can be closed, I guess.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Given upstream's reply, I am closing this as Won't Fix.

Changed in qemu (Ubuntu Impish):
status: Confirmed → Won't Fix
Changed in qemu (Ubuntu Jammy):
status: Confirmed → Won't Fix
Revision history for this message
Robie Basak (racb) wrote :

Also Won't Fix for the development release for the same reason.

Changed in qemu (Ubuntu):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.