#1089155 schroot: Race condition on reading config files during multiple instances running

Package:
schroot
Source:
schroot
Description:
Execute commands in a chroot environment
Submitter:
Anton Mikanovich
Date:
2024-12-06 11:21:02 UTC
Severity:
normal
#1089155#5
Date:
2024-12-06 11:05:48 UTC
From:
To:
Hello!

I have multiple schroot instances running in parallel. Some of them are started
by sbuild, others have been started manually by scripts. All those schroot
instances are sharing the same chroot and session config directories
(/etc/schroot/chroot.d and /var/lib/schroot/session). When any single schroot
is running, it starts with parsing all the files in config directories.
As reading file list and opening every config file are separate operations with
no locking or any way to make it atomic, other schroot instance can stop
session and remove corresponding config file between this operations.
It makes the first instance fail with:

E: /var/lib/schroot/session/<session2_id>: Failed to stat file: No such file or directory

or

E: /var/lib/schroot/session/<session2_id>: Failed to open file: No such file or directory

depends on which stage it was deleted (before stat or between stat and open
operations).
The only locking currently done is on config file content parsing which is not
enough for such a case.

The same issue is observed on chroot config files when deleting any chroot
config externally.

There are two ways of fixing this issue:

1. Do not fail on file operations if file not exists.
Don't look like the correct way, but easy to implement.

2. Cover both file list obtaining and files opening with a lock.
Locking in chroot_config::add_config_directory() calls can be shared, while
sbuild::chroot::setup_session_info should use exclusive mode.
This lockfile can be accessible by external applications to allow safe chroot
config files removing.

Solution proposed upstream:
https://codeberg.org/shelter/reschroot/pulls/11