-
Notifications
You must be signed in to change notification settings - Fork 822
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How do I request and free a WSL interop socket? #10812
Comments
Hi I'm an AI powered bot that finds similar issues based off the issue title. Please view the issues below to see if they solve your problem, and if the issue describes your problem please consider closing this one and thumbs upping the other issue to help us prioritize it. Thank you! Open similar issues:
Closed similar issues:
|
@grepwood: WSL_INTEROP isn't required to run windows binaries.
Can you share repro instructions for your situation where windows binaries aren't executed properly ? |
I'm sorry but it doesn't look like it, at least on our end. Other team members were able to work around this by placing the Windows binary in question on a Windows drive, such that WSL would have to execute it from a location in
Of course.
Expected result: wsl-vpnkit should start without issues. Actual result: with regards to this source file https://github.com/sakai135/wsl-vpnkit/blob/dcc6b97809fb013a7bab7d03639b818c30925055/wsl-vpnkit which corresponds to what we're running, we are failing the check in line 152. Relevant code:
We have found in https://github.com/sakai135/wsl-vpnkit/tree/dcc6b97809fb013a7bab7d03639b818c30925055#wsl-gvproxyexe-is-not-executable-due-to-wsl-interop-settings-or-windows-permissions a confirmation that the Windows executable's location plays some kind of factor in this issue. We were successful in determining, that you can still run Windows binaries outside of those directories (whatever they are), if and only if your Windows binary possesses Our |
Ok thank you for the detailed explanation. I think I might know what's happening, but to be sure can you collect /logs of a repro, and share an strace of the execution of the windows executable ? ( |
I can provide that! |
I can provide that, too! |
Thank you @nealey. Looking at the logs I can see that the execution request makes it to the Windows side, but fails with access denied:
Can you make sure that your distribution's default user has read & execute access to that file ? |
Yes:
However, based on the strace I attached, it appears
|
As a reminder - this behavior started in version 2.0.5. It was not present in 2.0.4 and earlier. |
Thank you @blakeduffey. I did some digging and here's the root cause of the behavior change: In 2.0.5 we enabled the This causes execution of windows binaries stored in the linux filesystem to fail (because internally we end up executing \wsl.localhost\distro\path\to\program). This mitigation policy only applies to processes that are children of wslservice.exe (so it doesn't apply to the wsl.exe process tree), therefore if you have a valid WSL_INTEROP env variable that points to a wsl.exe process tree, the process mitigation policy is not set and the execution succeeds. If not, WSL will default to the wslhost.exe that is started with the distribution by wslservice.exe, which will fail given its process mitigation policy. |
@nealey I cannot thank you enough for providing the logs! Fantastic job! My workplace policy basically prevents me from using personal accounts on the workstation, and the security is pretty tight - as in, can't even plug a pendrive and have it work. That's why I would have to pretty much rewrite the logs by hand while reading them off the screen. @OneBlue thank you! This gives me an idea for a little hacky workaround until this issue is resolved properly. I'll let you all know if it worked. |
FYI I'm working on a fix for this. It should be in the next WSL release. |
awesome - happy to test once released. |
I am able to request and free WSL interop sockets. More soon, need to run the groceries |
And it's done https://gist.github.com/grepwood/8e42b2bd0e56cd964cbd77b6d182aff0 This could be used to work around the shortcomings of this bug. When it gets properly resolved, this could be used for something else. |
Ah ! That's a good hack. Of course I'd recommend not to use it because the behavior our interop socket isn't an API so it might change anytime. To give an update we're planning to publish an update with the fix for this bug either today or tomorrow. |
Fixed in 2.0.14 |
Indeed, just debugging a similar problem (though a different executable, my own https://github.com/puetzk/wsl-mount-helpers rather than wsl-vpnkit) that started failing with 2.0.9 (or at least started to fail after I updated to 2.0.9, I don't know what version I had before to pinpoint a specific change). but the 2.0.14 pre-release seems to fix it. Thanks! |
This is still not fixed @OneBlue |
I've been running OmniSSHAgent's What luckily led me to this GitHub issue was the
|
I'm using WSL2 in an enterprise environment. A recent "update" in WSL across the whole company has made it impossible for us to work.
We have a certain tailored systemd service that needs to run all the time. One of the child processes of that service relies on WSL interop, because it's a Windows binary. With the latest update, we found that it's not enough that we have
/init
as the interpreter for Windows binaries set up by binfmt_misc - such a process also requires an environment variableWSL_INTEROP
to be a path to a working WSL interop socket - usually located in/run/WSL
with a filename that starts with the PID of the process who owns the socket followed by_interop
, such as666_interop
.I have tried to make 3 solutions for this issue, but all are terrible.
/init
with PID 2 that never closes for the runtime of the entire WSL2 instance. Trying to parasitize this socket was even worse, because this socket is special in that it does not work at all.As such, I would like to ask how can I properly request an exclusive WSL interop socket when it's needed and free it when my process no longer needs it? Like good old fashioned
malloc
andfree
from C.The text was updated successfully, but these errors were encountered: