cmd/snap: proxy stdout when running app under strace #13501
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zyga
reviewed
Jan 19, 2024
| cmd.Stdout = Stdout | ||
| // note hijacking stdout, means it is no longer a tty and programs | ||
| // expecting stdout to be on a terminal (eg. bash) may misbehave at this | ||
| // point |
There was a problem hiding this comment.
I think we should print a warning to stderr to make it clear that using --strace has this behavior, as it is a change from previous years explicitly meant to avoid a bug.
zyga
reviewed
Jan 19, 2024
cmd/snap/cmd_run.go
Outdated
| go func() { | ||
| defer func() { filterDone <- true }() | ||
| defer func() { close(filterDone) }() |
There was a problem hiding this comment.
You can drop the func and just defer close(...)
cmd/snap/cmd_run.go
Outdated
| @@ -1013,10 +1020,17 @@ func (x *cmdRun) runCmdUnderStrace(origCmd []string, envForExec envForExecFunc) | |||
| } | |||
| io.Copy(Stderr, r) | |||
| }() | |||
|
|
|||
| go func() { | |||
| defer func() { close(stdoutProxyDone) }() | |||
|
FYI filed sudo-project/sudo#349 |
Recent versions of sudo (1.9.14+) changed the terminal flags when switching to the child process which broke the output of some commands which had their output piped. This was addressed in the upstream in https://www.sudo.ws/repos/sudo/rev/faa06b1e8913 which added detection of whether a stdout is on a pipe, and thus preserved the terminal flags. In our case, when running a command under strace, we expect strace logs on stderr hence fd 2 is a pipe which isn't picked up by sudo auto detection, thus terminal flags are not being preserved and the output is garbled like so: [pid 838721] execve("/snap/hello-world/29/bin/echo", ["/snap/"...], ["DBUS_S"..., "DEBUGI"..., "DISPLA"..., "EDITOR"..., "HG=/us"..., "HOME=/"..., "INVOCA"..., "JOURNA"..., "KWIN_T"..., "LANG=e"..., "LC_MES"..., "LC_TIM"..., "LOGNAM"..., "MAIL=/"..., "MANAGE"..., "MEMORY"..., "MEMORY"..., "MOZ_EN"..., "MOZ_X1"..., "OLDPWD"..., "PAGER="..., "PATH=/"..., "PLASMA"..., "PWD=/h"..., "SHELL="..., "SHLVL="..., "SNAP=/"..., "SNAP_A"..., "SNAP_C"..., "SNAP_C"..., "SNAP_C"..., "SNAP_D"..., "SNAP_E"..., "SNAP_I"..., "SNAP_I"..., "SNAP_L"..., "SNAP_N"..., "SNAP_R"..., "SNAP_R"..., "SNAP_R"..., "SNAP_U"..., "SNAP_U"..., "SNAP_U"..., "SNAP_V"..., "SSH_AU"..., "SUDO_C"..., "SUDO_G"..., "SUDO_U"..., "SUDO_U"..., "SYSTEM"..., "TEMPDI"..., "TERM=t"..., "TERM_P"..., "TERM_P"..., "TMPDIR"..., "TMUX=/"..., "TMUX_P"..., "USER=r"..., "XAUTHO"..., "XDG_DA"..., "XDG_RU"..., "_=/usr"...] <unfinished ...> [pid 838725] <... futex resumed>) = ? [pid 838726] <... futex resumed>) = ? [pid 838727] <... futex resumed>) = ? [pid 838728] <... futex resumed>) = ? The patch makes stdout a pipe, which fixes the detection part. The obvious downside is that programs which now expect a tty on fd 1 will no longer work as expected. The issue is however limited to the cases when the app is running under strace. Signed-off-by: Maciej Borzecki <[email protected]>
…utput There are scenarios in which we are not processing the output of strace command, specifically when the user has passed `--raw`. The user can also redirect strace output to a file passing `-o` || `--output`, in which case processing is not possible either. In both scenarios it makes no sense to set up a pipe on stdout/stderr. Signed-off-by: Maciej Borzecki <[email protected]>
bboozzoo
force-pushed
the
bboozzoo/sudo-workaround-strace-bad-output
branch
from
928f128 to
f64af84
Compare
zyga
approved these changes
Jan 29, 2024
|
A bunch of unrelated failures in the tests. @pedronis @Meulengracht can you force merge? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Recent versions of sudo (1.9.14+) changed the terminal flags when switching to the child process which broke the output of some commands which had their output piped. This was addressed in the upstream in
https://www.sudo.ws/repos/sudo/rev/faa06b1e8913 which added detection of whether a stdout is on a pipe, and thus preserved the terminal flags. In our case, when running a command under strace, we expect strace logs on stderr hence fd 2 is a pipe which isn't picked up by sudo auto detection, thus terminal flags are not being preserved and the output is garbled like so:
The patch makes stdout a pipe, which fixes the detection part. The obvious downside is that programs which now expect a tty on fd 1 will no longer work as expected. The issue is however limited to the cases when the app is running under strace.