Re: Potential regression in -git15: can't resume stopped root shell?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Theodore Tso <tytso@mit.edu>
To: linux-kernel@vger.kernel.org
Cc: "Serge E. Hallyn" <serue@us.ibm.com>
Subject: Re: Potential regression in -git15: can't resume stopped root shell?
Date: Sun, 21 Oct 2007 20:58:23 -0400	[thread overview]
Message-ID: <20071022005823.GA13901@thunk.org> (raw)
In-Reply-To: <20071020185806.GA6575@thunk.org>

On Sat, Oct 20, 2007 at 02:58:06PM -0400, Theodore Tso wrote:
> I was testing 2.6.23-git15, and I'm noticing that if I su to root, then
> suspend the root shell, and try continue it via "fg", it hangs.  The ps
> command reports:
> 
> 15806  6386  19   0  4012 wait                 Ss   pts/0    00:00:00 bash
>     0  6444  19   0  1232 finish_stop          T+   pts/0    00:00:00 /bin/su -p
>     0  6445  19   0  3696 finish_stop          T    pts/0    00:00:00 bash
> 15806  6571  19   0   776 pipe_wait            S+   pts/1    00:00:00 grep pts/0
> 
> This works under 2.6.23.  I am running Ubuntu Gutsy running in a
> gnome-terminal, with bash as my login shell.  I can suspend a zsh or
> bash shell where I haven't su'ed to root.  But if the shell is started
> using either su or sudo, when I try to resume it after suspending
> using the "suspend" command via "fg", I get a hung shell.
> 
> I haven't had time to bisect it yet, but I thought I'd throw it out
> there in case this rings a bell with anybody...

OK, I bisected, and it turns out to be a bug, but not a regression.
Turns out the responsible commit is:

commit b53767719b6cd8789392ea3e7e2eb7b8906898f0
Author: Serge E. Hallyn <serue@us.ibm.com>
Date:   Tue Oct 16 23:31:36 2007 -0700

    Implement file posix capabilities

    Implement file posix capabilities.  This allows programs to be given a
    subset of root's powers regardless of who runs them, without having to use
    setuid and giving the binary all of root's powers.....

Once I turned this up, I turned went back to -git15, and turned off
CONFIG_SECURITY_FILE_CAPABILITIES, and the problem went away.  Oh,
well, I had wanted to try out file capabilities, which is why I had
turned the option on, but being able to resume suspended root shells
is more important.  :-)

Serge, can you take a look at this, please?  Thanks!!

						- Ted

     prev parent reply	other threads:[~2007-10-22  0:58 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-10-20 18:58 Potential regression in -git15: can't resume stopped root shell? Theodore Tso
2007-10-22  0:58 ` Theodore Tso [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20071022005823.GA13901@thunk.org \
    --to=tytso@mit.edu \
    --cc=linux-kernel@vger.kernel.org \
    --cc=serue@us.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.