[Whonix-devel] Bug#921163: coreutils such as /bin/mkdir are duplicated in /usr/bin/mkdir
josch at debian.org
Sat Feb 2 19:12:20 CET 2019
Control: forcemerge 914915 -1
Quoting Patrick Schleizer (2019-02-02 15:05:00)
> # How to reproduce:
> sudo mmdebstrap --mode=root
> --aptopt=/home/user/whonix_binary/aptgetopt.conf stretch
> (Could probably simplified but I hope you can reproduce this easily /
> hope you also have usr/bin/mkdir.)
> # Expected result:
> base.cow/bin/mkdir exists.
> base.cow/usr/bin/mkdir does not exist
> # Actual result:
> base.cow/bin/mkdir exists.
> base.cow/usr/bin/mkdir exists.
> base.cow/usr/bin/mkdir matches base.cow/bin/mkdir.
> diff base.cow/usr/bin/mkdir base.cow/bin/mkdir ; echo $?
> Also many (if not all) other coreutils that should only reside in /bin
> such as /bin/rm are duplicated in /usr/bin such as /usr/bin/rm.
> # Why this is a problem:
> /usr/bin is preferred over /bin with default $PATH setting.
> - When coreutils is later updated, it will only update /bin/mkdir and so
> forth but not /usr/bin/mkdir. This is because /bin/mkdir is owned by
> coreutils (dpkg -S /bin/mkdir) but /usr/bin/mkdir is owned by no package
> (dpkg -S /usr/bin/mkdir).
> - This leads to apparmor issues. In apparmor profiles one has to
> hardcode for example /bin/mkdir but since /usr/bin/mkdir exists, this
> call will be denied.
> # Misc:
> I couldn't figure out from the source code why this is happening.
> Intended or unintended behavior? If intended, can this be turned off?
> Are also other files in unusual places?
the observations you describe are due to the following symlinks (using your
paths as examples):
base.cow/bin -> usr/bin
base.cow/sbin -> usr/sbin
base.cow/lib -> usr/lib
And depending on your architecture there are even a few more of those. So you
will see that the files base.cow/bin/mkdir and base.cow/usr/bin/mkdir are
actually the same files. You can use $(stat -c '%i') to compare the inode
The idea behind creating these symlinks from foo to usr/foo is called "merged
/usr", "usr merge" or "usr move" and is a concept that has been introduced in
other distributions like Fedora:
And also Debian is doing experiments with it:
For a while, the tool debootstrap which is doing something very similar to
mmdebstrap was creating "merged /usr" systems that include these symlinks by
default. It then turned out that it was a bad idea to have this default before
other problems aren't solved yet and thus the default was changed back to the
old behaviour. Unfortunately, I wrote mmdebstrap in the timeframe when
debootstrap still defaulted to the "merged /usr" behaviour and since I just
wanted to provide the same feature as debootstrap, this became the default of
mmdebstrap as well.
Due to the discovered problems, "merged /usr" should *not* be the default for
mmdebstrap for now and that's why this bug was reported already:
As a result, "merged /usr" has been disabled in mmdebstrap since this commit:
So the only thing that is needed, is for a new mmdebstrap release and then this
bug will be fixed. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
More information about the Whonix-devel