gunicorn icon indicating copy to clipboard operation
gunicorn copied to clipboard

Published 20 hours ago verified publisher icon benoitc

gunicorn on Termux

Open artynet opened this issue 3 years ago • 8 comments
trafficstars

Hello folks, I'm trying to run gunicorn on the latest Termux system for Android-based devices. The default python3 release of the packages manager is *v3.10.2....

Running this simple app:

def app(environ, start_response):
        data = b"Hello, World!\n"
        start_response("200 OK", [
            ("Content-Type", "text/plain"),
            ("Content-Length", str(len(data)))
        ])
        return iter([data])

returns me this error when launching the server with:

~ $ gunicorn -w 3 myapp:app
[2022-01-25 16:56:47 +0100] [21631] [INFO] Starting gunicorn 20.1.0
[2022-01-25 16:56:47 +0100] [21631] [INFO] Listening at: http://127.0.0.1:8000 (21631)
[2022-01-25 16:56:47 +0100] [21631] [INFO] Using worker: sync
[2022-01-25 16:56:47 +0100] [21640] [INFO] Booting worker with pid: 21640
[2022-01-25 16:56:48 +0100] [21631] [WARNING] Worker with pid 21640 was terminated due to signal 31
[2022-01-25 16:56:48 +0100] [21646] [INFO] Booting worker with pid: 21646
[2022-01-25 16:56:48 +0100] [21631] [WARNING] Worker with pid 21646 was terminated due to signal 31
[2022-01-25 16:56:48 +0100] [21656] [INFO] Booting worker with pid: 21656
[2022-01-25 16:56:48 +0100] [21660] [INFO] Booting worker with pid: 21660
[2022-01-25 16:56:48 +0100] [21631] [WARNING] Worker with pid 21656 was terminated due to signal 31
[2022-01-25 16:56:48 +0100] [21670] [INFO] Booting worker with pid: 21670
[2022-01-25 16:56:48 +0100] [21672] [INFO] Booting worker with pid: 21672

that not happens if the same command/source is run under the proot-distro environment running on the very same termux. I think it might be related to the different Termux filesystem paths, any ideas about this ? I also tried to use different worker classes (gevent, tornado) but without any result....

Thanks in advance for your help...

artynet avatar Jan 25 '22 15:01 artynet

what’s the issue?

benoitc avatar Jan 25 '22 15:01 benoitc

Sorry @benoitc, clicked too much fast (and accidentally) on the 'comment' button. The issue has been correctly edited...thank you !

artynet avatar Jan 25 '22 16:01 artynet

Maybe Termux is disallowing some system call made by Gunicorn/Python - do you have a way to see what that might be? Or open a Python interpreter on the platform and try a few out - start with os.fork() ...

javabrett avatar Jan 29 '22 12:01 javabrett

thank you @javabrett, I'll give it a try and let you know as soon as I run some tests. I the meanwhile this is the strace output when launching the above basic example:

01-12 11:06:14.538 11325 11325 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
01-12 11:06:14.538 11325 11325 F DEBUG   : Build fingerprint: 'Lenovo/LenovoTB-X306F_EEA/X306F:10/QP1A.190711.020/S100152_210205_BMP:user/release-keys'
01-12 11:06:14.538 11325 11325 F DEBUG   : Revision: '0'
01-12 11:06:14.538 11325 11325 F DEBUG   : ABI: 'arm64'
01-12 11:06:14.542 11325 11325 F DEBUG   : Timestamp: 2022-01-12 11:06:14+0100
01-12 11:06:14.543 11325 11325 F DEBUG   : pid: 11322, tid: 11322, name: gunicorn  >>> /data/data/com.termux/files/usr/bin/python3 <<<
01-12 11:06:14.543 11325 11325 F DEBUG   : uid: 10187
01-12 11:06:14.543 11325 11325 F DEBUG   : signal 31 (SIGSYS), code 1 (SYS_SECCOMP), fault addr --------
01-12 11:06:14.543 11325 11325 F DEBUG   : Cause: seccomp prevented call to disallowed arm64 system call 146
01-12 11:06:14.543 11325 11325 F DEBUG   :     x0  00000000000027cb  x1  0000007fe9a1d054  x2  8000000000000001  x3  0000000000000000
01-12 11:06:14.543 11325 11325 F DEBUG   :     x4  0000000000000000  x5  0000007f25367629  x6  61642f617461642f  x7  742e6d6f632f6174
01-12 11:06:14.543 11325 11325 F DEBUG   :     x8  0000000000000092  x9  73a9c282e2c251f3  x10 0000000000000000  x11 0000007f27735130
01-12 11:06:14.543 11325 11325 F DEBUG   :     x12 0000007f26178af0  x13 0000007f26178b5c  x14 0000007f24dd0598  x15 0000000000000001
01-12 11:06:14.543 11325 11325 F DEBUG   :     x16 0000007f2772f938  x17 0000007f27174a80  x18 0000007f28790000  x19 0000007f26c2f000
01-12 11:06:14.543 11325 11325 F DEBUG   :     x20 0000007f24dd0590  x21 0000007f266bd760  x22 0000000000000001  x23 0000007f266bd760
01-12 11:06:14.543 11325 11325 F DEBUG   :     x24 0000007f24dd0590  x25 0000000000000001  x26 0000007f26c2f000  x27 0000007f27735158
01-12 11:06:14.543 11325 11325 F DEBUG   :     x28 0000007f24dd0588  x29 0000007fe9a1d0b0
01-12 11:06:14.543 11325 11325 F DEBUG   :     sp  0000007fe9a1d0a0  lr  0000007f27641a88  pc  0000007f27174a88
01-12 11:06:14.544 11325 11325 F DEBUG   : 
01-12 11:06:14.544 11325 11325 F DEBUG   : backtrace:
01-12 11:06:14.544 11325 11325 F DEBUG   :     NOTE: Function names and BuildId information is missing for some frames due
01-12 11:06:14.544 11325 11325 F DEBUG   :     NOTE: to unreadable libraries. For unwinds of apps, only shared libraries
01-12 11:06:14.544 11325 11325 F DEBUG   :     NOTE: found under the lib/ directory are readable.
01-12 11:06:14.544 11325 11325 F DEBUG   :       #00 pc 00000000000cea88  /apex/com.android.runtime/lib64/bionic/libc.so (setuid+8) (BuildId: 2a5abdc9c768b33656f7aa8d9ce5cf54)
01-12 11:06:14.544 11325 11325 F DEBUG   :       #01 pc 00000000001f4a84  /data/data/com.termux/files/usr/lib/libpython3.10.so.1.0
01-12 11:06:14.564 11325 11325 I crash_dump: crash_mini_dump_notify exit
01-12 11:06:14.581 11330 11330 F libc    : Fatal signal 31 (SIGSYS), code 1 (SYS_SECCOMP) in tid 11330 (gunicorn), pid 11330 (gunicorn)
01-12 11:06:14.612 11334 11334 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
01-12 11:06:14.615 11334 11334 I crash_dump64: performing dump of process 11330 (target tid = 11330)

artynet avatar Jan 31 '22 09:01 artynet

Nice, looks like you've confirmed it's coming from seccomp - looks like maybe setuid? Termux is known to disallow that.

I've not tested this recently, but can you try adding config to set user and group to None, to prevent this call?

javabrett avatar Jan 31 '22 12:01 javabrett

@javabrett I am using this one as reference, should do the trick:

https://github.com/benoitc/gunicorn/blob/master/examples/example_config.py#L132

then launching the command:

gunicorn -c example_config.py -w 3 myapp:app

brings me to the same issue anyway...

artynet avatar Jan 31 '22 19:01 artynet

@artynet are you seeing a call to setuid (or something else) further up your strace, before the error report?

javabrett avatar Jan 31 '22 21:01 javabrett

I have the same problem on Android 12, aarch64. But there are no such problem on Android 5.5, arm. They are different termux builds. Set user and group to None doesn't help because this value is ignored as shown by --print-config option.

vstavrinov avatar Aug 03 '22 18:08 vstavrinov

Same problem on Asus Zenfone 8, Android 13. Flask debugs mode works fine.

yoni13 avatar Nov 16 '22 10:11 yoni13

This is neither android nor termux issue. This is bug of gunicorn because it shouldn't try change user (calling setuid) if current (calling) user is not differ from configured (or default) user, but it doing so. Doing so doesn't make sense at all but in case of android this is moreover not allowed. Please, check if user differ before calling setiud.

vstavrinov avatar Nov 16 '22 14:11 vstavrinov

This is neither android nor termux issue. This is bug of gunicorn because it shouldn't try change user (calling setuid) if current (calling) user is not differ from configured (or default) user, but it doing so. Doing so doesn't make sense at all but in case of android this is moreover not allowed. Please, check if user differ before calling setiud.

This has been fixed via #2758: https://github.com/benoitc/gunicorn/blob/98653df9da1acdbf70bbccd6d1ac32eca9ac158c/gunicorn/util.py#L148C1-L149

Sorry for that late reply.

benoitc avatar May 07 '23 13:05 benoitc