Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PVF: potential "could not create a temporary directory" error #2662

Closed
mrcnski opened this issue Dec 8, 2023 · 2 comments · Fixed by #2663
Closed

PVF: potential "could not create a temporary directory" error #2662

mrcnski opened this issue Dec 8, 2023 · 2 comments · Fixed by #2663
Assignees
@mrcnski
Labels
I2-bug The node fails to follow expected behavior. T0-node This PR/Issue is related to the topic “node”.

Comments

@mrcnski
Copy link
Contributor

mrcnski commented Dec 8, 2023

It is possible to run into this warning. It is caused by us doing security checks in the PVF cache directory (/tmp/.tmpIcLriO in the warning) before creating this cache directory.

WARN parachain::pvf: 🚨 Some security issues have been detected. 
Running validation of malicious PVF code has a higher risk of compromising this machine.
  - Optional: Cannot unshare user namespace and change root, which are Linux-specific kernel security features: could not create a temporary directory in "/tmp/.tmpIcLriO": No such file or directory (os error 2) at path "/tmp/.tmpIcLriO/check-can-unshare-4XnFgA"

Severity: annoyance

This should only occur if the PVF cache path (/tmp/.tmpIcLriO above) doesn't exist, i.e. the node is running for the first time.

On Linux 5.13+ it will be only a warning. On Linux 5.12- it's an error forcing shutdown of the node.

Mitigation: The validator will have to make sure the directory exists and restart the node.

This is a mild annoyance and should be mentioned in the release notes, but not worth a backport.
@mrcnski mrcnski added T0-node This PR/Issue is related to the topic “node”. I2-bug The node fails to follow expected behavior. labels Dec 8, 2023
@mrcnski mrcnski self-assigned this Dec 8, 2023
mrcnski added a commit that referenced this issue Dec 8, 2023
@mrcnski
PVF: fix unshare "could not create temporary directory"; refactor
34324e8 
Closes #2662
@mrcnski mrcnski mentioned this issue Dec 8, 2023
Merged
@github-project-automation github-project-automation bot moved this from Backlog to Completed in parachains team board Dec 13, 2023
@infrachris
Copy link

infrachris commented Dec 15, 2023
edited
Loading

  1. I found that simply restarting the node resolves the 'no such file or directory' error.
  2. My error message was slightly different than what was described. In my error, the first portion 'could not create temp directory in' references: '.../pvf-artifacts'

could not create a temporary directory in "/home/polkadot/.local/share/polkadot/chains/ksmcc3/db/full/pvf-artifacts": No such file or directory (os error 2) at path "/home/polkadot/.local/share/polkadot/chains/ksmcc3/db/full/pvf-artifacts/check-can-unshare-M7pL8f"

@mrcnski
Copy link
Contributor Author

mrcnski commented Dec 16, 2023

Good to hear. Thanks for letting us know @yayoi-k!

@alexggh alexggh mentioned this issue Dec 18, 2023
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mrcnski mrcnski

Labels
I2-bug The node fails to follow expected behavior. T0-node This PR/Issue is related to the topic “node”.
Projects
parachains team board
Status: Completed
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

PVF: fix unshare "could not create temporary directory"; refactor paritytech/polkadot-sdk
2 participants
@infrachris @mrcnski