Changing permissions inside a chroot

[necrophcodr]

Setup:

mkdir -p ~/tmp/brw
cd ~/tmp/brw
wget http://cdimage.ubuntu.com/ubuntu-base/releases/trusty/release/ubuntu-base-14.04.5-base-amd64.tar.gz
tar xf ubuntu-base-14.04.5-base-amd64.tar.gz
bwrap --unshare-all --share-net --bind $(pwd) / \
	--gid 0 --uid 0 --chdir / --dir /fs --dev /dev --proc /proc \
	/bin/bash

Then execute the following:

chown root:adm ubuntu-base-14.04.5-base-amd64.tar.gz

Expected result: Permissions were changed, no output

Result:

chown: changing ownership of 'ubuntu-base-14.04.5-base-amd64.tar.gz': Invalid argument

This issue does not occur when using proot, and is specific to bubblewrap. It may not be bubblewrap that's at fault, but that does appear to be the case.

[necrophcodr]

A real-world example would be the following:

Setup:

mkdir -p ~/tmp/brw
cd ~/tmp/brw
wget http://cdimage.ubuntu.com/ubuntu-base/releases/trusty/release/ubuntu-base-14.04.5-base-amd64.tar.gz
tar xf ubuntu-base-14.04.5-base-amd64.tar.gz
bwrap --unshare-all --share-net --bind $(pwd) / \
	--gid 0 --uid 0 --chdir / --dir /fs --dev /dev --proc /proc \
	/bin/bash

Then upgrade bsdutils via apt-get:

apt-get update
apt-get upgrade -y

Expected result: No errors

Result:

Errors were encountered while processing: /var/cache/apt/archives/bsdutils_1%3a2.20.1-5.1ubuntu20.9_amd64.deb W: chown to root:adm of file /var/log/apt/term.log failed - OpenLog (22: Invalid argument) E: Sub-process /usr/bin/dpkg returned an error code (1)

[cgwalters]

I think this requires the adm group to be mapped in the namespace.

[necrophcodr]

Is that something that's doable from the users (my) side? I'll note that the adm group is of course the same in terms of id and location, in both the real /etc/group and the mount-binded /etc/group file, even though the files differ on other areas.

[rofl0r]

you can get that specific case to work by removing the _apt user from /etc/passwd. that prevents apt from doing its own (rather dumb) sandbox shenanigans.