Description
In emulation environments using a custom guest filesystem (sysroot), standard name-resolution lookups (e.g. calling getgrnam("messagebus") or querying grp.getgrnam in Python) fail to resolve newly added users or groups.
This occurs because elfuse intercepts all open operations on /etc/passwd and /etc/group and returns a hardcoded mock database. This shadows the guest's real user and group databases inside the sysroot, making any users or groups added during package provisioning completely invisible.
Steps to Reproduce
- Provision a full guest rootfs prefix (e.g., Ubuntu).
- Create or add a new system group (e.g.,
messagebus with GID 997) using groupadd or systemd-sysusers.
- Try to resolve the group inside the guest environment using python or
getent:
python3 -c "import grp; print(grp.getgrnam('messagebus'))"
- Expected behavior: The group resolves successfully, returning the GID.
- Actual behavior: Lookup fails with
KeyError: "getgrnam(): name not found: 'messagebus'".
Root Cause
- In path.c,
path_might_use_open_intercept intercepts /etc/passwd and /etc/group:
if (!strcmp(path, "/etc/mtab") || !strcmp(path, "/etc/passwd") ||
!strcmp(path, "/etc/group"))
return true;
- In procemu.c,
elfuse intercepts the open call and serves a hardcoded synthetic literal:
if (!strcmp(path, "/etc/group")) {
return proc_emit_literal(
"root:x:0:\n"
"staff:x:20:\n"
"user:x:1000:\n");
}
This synthetic literal completely overrides the actual /etc/group file located in the guest's sysroot prefix.
Proposed Solution
If a custom guest sysroot is configured, elfuse should bypass these synthetic intercepts and allow the guest to read the real /etc/passwd and /etc/group files inside the rootfs.
Suggested Patch:
Modify path_might_use_open_intercept in src/syscall/path.c to check if a sysroot is snapshot-active and bypass the intercept:
if (!strcmp(path, "/etc/mtab"))
return true;
if (!strcmp(path, "/etc/passwd") || !strcmp(path, "/etc/group")) {
char sr[LINUX_PATH_MAX];
if (proc_sysroot_snapshot(sr, sizeof(sr)))
return false; // Bypass synthetic intercept and read from guest sysroot
return true;
}
Description
In emulation environments using a custom guest filesystem (
sysroot), standard name-resolution lookups (e.g. callinggetgrnam("messagebus")or queryinggrp.getgrnamin Python) fail to resolve newly added users or groups.This occurs because
elfuseintercepts all open operations on/etc/passwdand/etc/groupand returns a hardcoded mock database. This shadows the guest's real user and group databases inside thesysroot, making any users or groups added during package provisioning completely invisible.Steps to Reproduce
messagebuswith GID997) usinggroupaddorsystemd-sysusers.getent:python3 -c "import grp; print(grp.getgrnam('messagebus'))"KeyError: "getgrnam(): name not found: 'messagebus'".Root Cause
path_might_use_open_interceptintercepts/etc/passwdand/etc/group:elfuseintercepts the open call and serves a hardcoded synthetic literal:This synthetic literal completely overrides the actual
/etc/groupfile located in the guest'ssysrootprefix.Proposed Solution
If a custom guest
sysrootis configured,elfuseshould bypass these synthetic intercepts and allow the guest to read the real/etc/passwdand/etc/groupfiles inside the rootfs.Suggested Patch:
Modify
path_might_use_open_interceptinsrc/syscall/path.cto check if a sysroot is snapshot-active and bypass the intercept: