Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 454058 - dev-lang/parrot-5.0.0 - ACCESS DENIED open_rd: ../src/packfile/src/packfile/api.c
Summary: dev-lang/parrot-5.0.0 - ACCESS DENIED open_rd: ../src/packfile/src/pack...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Development (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Perl team
URL:
Whiteboard:
Keywords:
: 462244 (view as bug list)
Depends on:
Blocks:
 
Reported: 2013-01-25 18:58 UTC by Tanktalus
Modified: 2013-09-03 08:57 UTC (History)
6 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
emerge --info + parrot-5.0.0 build.log (emerge --info + build.log,423.49 KB, text/plain)
2013-01-27 03:39 UTC, Alexandre Rostovtsev (RETIRED)
Details
parrot-5.3.0.ebuild.patch (parrot-5.3.0.ebuild.patch,685 bytes, patch)
2013-05-17 08:45 UTC, Kent Fredric (IRC: kent\n) (RETIRED)
Details | Diff
files/5.5.0/perldoc.patch (perldoc.patch,1.46 KB, patch)
2013-06-26 16:00 UTC, Kent Fredric (IRC: kent\n) (RETIRED)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Tanktalus 2013-01-25 18:58:25 UTC
>>> Install parrot-5.0.0 into /var/tmp/portage/dev-lang/parrot-5.0.0/image/ category dev-lang
make -j13 -l25 -j1 install-dev DESTDIR=/var/tmp/portage/dev-lang/parrot-5.0.0/image/ DOC_DIR=/usr/share/doc/parrot-5.0.0 
gmake -C docs
gmake[1]: Entering directory `/var/tmp/portage/dev-lang/parrot-5.0.0/work/parrot-5.0.0/docs'
/usr/bin/perl5.12.4 -MExtUtils::Command -e mkpath ops
/usr/bin/perl5.12.4 -MExtUtils::Command -e touch doc-prep
/usr/bin/perldoc -ud packfile-c.pod ../src/packfile/api.c
ACCESS DENIED  open_rd:      ../src/packfile/src/packfile/api.c
ISE:write_logfile unable to append logfile
ISE open_rd(../src/packfile/api.c): Permission denied
        abs_path: ../src/packfile/src/packfile/api.c
        res_path: ../src/packfile/src/packfile/api.c
/usr/lib64/libsandbox.so(+0x3967)[0x7fc572c00967]
/usr/lib64/libsandbox.so(+0x3a93)[0x7fc572c00a93]
/usr/lib64/libsandbox.so(+0x52d4)[0x7fc572c022d4]
/usr/lib64/libsandbox.so(open64+0xf3)[0x7fc572c06933]
/usr/lib64/libperl.so.5.12(PerlIOUnix_open+0xa7)[0x7fc5729a8f47]
/usr/lib64/libperl.so.5.12(PerlIOBuf_open+0xdb)[0x7fc5729a66bb]
/usr/lib64/libperl.so.5.12(PerlIO_openn+0x2ab)[0x7fc5729a7e8b]
/usr/lib64/libperl.so.5.12(Perl_do_openn+0x955)[0x7fc572980be5]
/usr/lib64/libperl.so.5.12(Perl_pp_open+0x14b)[0x7fc57296c16b]
/usr/lib64/libperl.so.5.12(Perl_runops_standard+0x20)[0x7fc572924190]
/proc/29418/cmdline: /usr/bin/perl /usr/bin/perldoc -ud packfile-c.pod ../src/packfile/api.c 


Reproducible: Always




Portage 2.2.0_alpha161 (default/linux/amd64/10.0, gcc-4.6.3, glibc-2.15-r3, 3.6.11-gentoo x86_64)
=================================================================
System uname: Linux-3.6.11-gentoo-x86_64-Intel-R-_Core-TM-_i7_CPU_930_@_2.80GHz-with-gentoo-2.1
KiB Mem:    12297312 total,    741788 free
KiB Swap:   25165820 total,  25160372 free
Timestamp of tree: Fri, 25 Jan 2013 08:45:01 +0000
ld GNU ld (GNU Binutils) 2.22
distcc 3.1 x86_64-pc-linux-gnu [enabled]
app-shells/bash:          4.2_p37
dev-java/java-config:     2.1.12-r1
dev-lang/python:          2.7.3-r2, 3.2.3
dev-util/cmake:           2.8.9
dev-util/pkgconfig:       0.27.1
sys-apps/baselayout:      2.1-r1
sys-apps/openrc:          0.11.8
sys-apps/sandbox:         2.5
sys-devel/autoconf:       2.13, 2.69
sys-devel/automake:       1.4_p6-r1, 1.11.6
sys-devel/binutils:       2.22-r1
sys-devel/gcc:            4.5.4, 4.6.3
sys-devel/gcc-config:     1.7.3
sys-devel/libtool:        2.4.2
sys-devel/make:           3.82-r4
sys-kernel/linux-headers: 3.6 (virtual/os-headers)
sys-libs/glibc:           2.15-r3
Repositories: gentoo private dev-jokey x11 kde
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O3 -pipe -march=core2"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /var/bind"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/init.d /etc/php/apache2-php5.4/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O3 -pipe -march=core2"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs collision-protect config-protect-if-modified distcc distlocks ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="ftp://gentoo.mirrors.tds.net/gentoo http://mirror.datapipe.net/gentoo ftp://mirror.datapipe.net/gentoo http://gentoo.arcticnetwork.ca/ ftp://gentoo.arcticnetwork.ca/pub/gentoo/ http://gentoo.llarian.net/ ftp://gentoo.llarian.net/pub/gentoo"
LANG="en_US.utf8"
LC_ALL="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j13 -l25"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/home/dmcbride/cvs/portdir-mine /usr/portage/local/layman/jokey /usr/portage/local/layman/x11 /usr/portage/local/layman/kde"
SYNC="rsync://rsync.ca.gentoo.org/gentoo-portage"
USE="X a52 aac acl acpi alsa amd64 apache2 audiofile avahi avi bash-completion berkdb branding bzip2 cairo cdda cddb cdparanoia cdr cli consolekit cracklib crypt css cups cxx dbus dri dvd dvdr dvdread enca encode exif expat ffmpeg fftw firefox fontconfig fortran gd gdbm gif gimp gmp gnutls gpm gs handbook htmlhandbook iconv imagemagick ipv6 java jbig jpeg jpeg2k kde kipi lcms libnotify lzma lzo mad mjpeg mmx mng modules mp3 mpeg mudflap multilib ncurses nls nptl nsplugin ogg opengl openmp pam pcre perl png policykit python qt4 rdesktop readline scanner sdl semantic-desktop session smp sse sse2 ssl subversion svg tcpd threads tiff truetype udev unicode vaapi vcd vde vorbis wmf x264 xcb xcomposite xinerama xml xulrunner xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en" PHP_TARGETS="php5-3" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" QEMU_SOFTMMU_TARGETS="i386 x86_64" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
Comment 1 Alexandre Rostovtsev (RETIRED) gentoo-dev 2013-01-27 03:39:14 UTC
Created attachment 336960 [details]
emerge --info + parrot-5.0.0 build.log

Same here on ~amd64.

>>> Install parrot-5.0.0 into /var/tmp/portage/dev-lang/parrot-5.0.0/image/ category dev-lang
make -j9 V=1 -j1 install-dev DESTDIR=/var/tmp/portage/dev-lang/parrot-5.0.0/image/ DOC_DIR=/usr/share/doc/parrot-5.0.0 
gmake -C docs
gmake[1]: Entering directory `/var/tmp/portage/dev-lang/parrot-5.0.0/work/parrot-5.0.0/docs'
/usr/bin/perl5.16.2 -MExtUtils::Command -e mkpath ops
/usr/bin/perl5.16.2 -MExtUtils::Command -e touch doc-prep
/usr/bin/perldoc -ud packfile-c.pod ../src/packfile/api.c
 * ACCESS DENIED:  open_rd:      ../src/packfile/src/packfile/api.c
 * ISE:write_logfile: unable to append logfile: /var/log/sandbox/sandbox-11523.log
 * ../../sandbox-2.6/libsandbox/libsandbox.c:check_syscall():879: failure (Bad file descriptor):
 * ISE:
	abs_path: ../src/packfile/src/packfile/api.c
	res_path: ../src/packfile/src/packfile/api.c
/usr/lib64/libsandbox.so(+0xb4e1)[0x7f01380324e1]
/usr/lib64/libsandbox.so(+0xb5e0)[0x7f01380325e0]
/usr/lib64/libsandbox.so(+0x517a)[0x7f013802c17a]
/usr/lib64/libsandbox.so(open64+0x6c)[0x7f01380302bc]
/usr/lib64/libperl.so.5.16(PerlIOUnix_open+0xb1)[0x7f0137e27551]
/usr/lib64/libperl.so.5.16(PerlIOBuf_open+0x1e5)[0x7f0137e25115]
/usr/lib64/libperl.so.5.16(PerlIO_openn+0x299)[0x7f0137e26409]
/usr/lib64/libperl.so.5.16(Perl_do_openn+0x99c)[0x7f0137dff03c]
/usr/lib64/libperl.so.5.16(Perl_pp_open+0x18d)[0x7f0137ded74d]
/usr/lib64/libperl.so.5.16(Perl_runops_standard+0x16)[0x7f0137da3d56]
/proc/11523/cmdline: /usr/bin/perl /usr/bin/perldoc -ud packfile-c.pod ../src/packfile/api.c 

gmake[1]: *** [packfile-c.pod] Aborted
gmake[1]: Leaving directory `/var/tmp/portage/dev-lang/parrot-5.0.0/work/parrot-5.0.0/docs'
make: *** [docs.dummy] Error 2
emake failed
Comment 2 Patrick Lauer gentoo-dev 2013-02-04 05:31:57 UTC
 * ../../sandbox-2.6/libsandbox/libsandbox.c:check_syscall():879: failure (Bad file descriptor):

^^ what ?! :)

I can't reproduce, what versions of portage and sandbox are involved?
(perl 5.12 suggests y'all are using stable?)
Comment 3 Alexandre Rostovtsev (RETIRED) gentoo-dev 2013-02-04 05:47:30 UTC
(In reply to comment #2)
> I can't reproduce, what versions of portage and sandbox are involved?
> (perl 5.12 suggests y'all are using stable?)

Please read the attachment in comment #1. I am seeing this on an ~amd64 system; perl-5.16.2, sandbox-2.6, portage-2.2.0_alpha161. The system currently has parrot-4.11.0 installed, and the update to 5.0.0 is failing with the described symptoms. Reproducible 100% of the time.

If you can't reproduce this problem, feel free to give me any instructions for debugging it :)
Comment 4 Tanktalus 2013-02-04 05:52:09 UTC
(In reply to comment #2)
>  * ../../sandbox-2.6/libsandbox/libsandbox.c:check_syscall():879: failure
> (Bad file descriptor):
> 
> ^^ what ?! :)
> 
> I can't reproduce, what versions of portage and sandbox are involved?
> (perl 5.12 suggests y'all are using stable?)

Yes, I'm using stable.  (I have a dozen levels of perl installed elsewhere, so I may as well leave the system perl on stable :D )

As for the other levels...

[IP-] [  ] sys-apps/portage-2.2.0_alpha161:0
[IP-] [  ] sys-apps/sandbox-2.5:0

So it looks like I'm nearly entirely dissimilar to Alexandre's system (different perl, different sandbox) and yet getting the same symptoms.
Comment 5 Enne Eziarc 2013-02-05 15:07:24 UTC
Same thing happening here, ~amd64; you can rule out portage being the issue:

=================================================================

Package Manager Information:
    Package Name              paludis
    Package Version           0.82.0
    Build Date                2012-11-20T21:36:27+0000

    Package information
        app-shells/bash       4.2_p42
        dev-java/java-config  (none)
        dev-lang/python       2.7.3-r3 3.2.3-r2
        dev-util/ccache       (none)
        dev-util/cmake        2.8.10.2-r1
        dev-util/pkgconfig    0.28
        sys-apps/baselayout   2.2
        sys-apps/openrc       0.11.8
        sys-apps/sandbox      2.6
        sys-devel/autoconf    2.69
        sys-devel/automake    1.11.6 1.12.6 1.13.1
        sys-devel/binutils    2.23.1
        sys-devel/gcc         4.6.3
        sys-devel/gcc-config  1.8
        sys-devel/libtool     2.4.2
        sys-devel/make        3.82-r4
        sys-freebsd/freebsd-lib (none)
        sys-kernel/linux-headers 3.7
        sys-libs/glibc        2.16.0
        sys-libs/uclibc       (none)
Comment 6 Patrick Lauer gentoo-dev 2013-02-18 04:49:50 UTC
auto::snprintf -      Test snprintf......................................done.
auto::perldoc -       Is perldoc installed.................................no.
auto::coverage -      Are coverage analysis tools installed...lacking cover gcov2perl.

Hmm, for some reason it avoids finding perldoc on my system. I'll have to see what it fails to do :)
Comment 7 Tanktalus 2013-02-20 13:04:51 UTC
parrot-5.1.0 has the same issue:


>>> Install parrot-5.1.0 into /var/tmp/portage/dev-lang/parrot-5.1.0/image/ category dev-lang
make -j13 -l25 -j1 install-dev DESTDIR=/var/tmp/portage/dev-lang/parrot-5.1.0/image/ DOC_DIR=/usr/share/doc/parrot-5.1.0 
gmake -C docs
gmake[1]: Entering directory `/var/tmp/portage/dev-lang/parrot-5.1.0/work/parrot-5.1.0/docs'
/usr/bin/perl5.12.4 -MExtUtils::Command -e mkpath ops
/usr/bin/perl5.12.4 -MExtUtils::Command -e touch doc-prep
/usr/bin/perldoc -ud packfile-c.pod ../src/packfile/api.c
ACCESS DENIED  open_rd:      ../src/packfile/src/packfile/api.c
ISE:write_logfile unable to append logfile
ISE open_rd(../src/packfile/api.c): Permission denied
        abs_path: ../src/packfile/src/packfile/api.c
        res_path: ../src/packfile/src/packfile/api.c
/usr/lib64/libsandbox.so(+0x3967)[0x7f79b5531967]
/usr/lib64/libsandbox.so(+0x3a93)[0x7f79b5531a93]
/usr/lib64/libsandbox.so(+0x52d4)[0x7f79b55332d4]
/usr/lib64/libsandbox.so(open64+0xf3)[0x7f79b5537933]
/usr/lib64/libperl.so.5.12(PerlIOUnix_open+0xa7)[0x7f79b52d9f47]
/usr/lib64/libperl.so.5.12(PerlIOBuf_open+0xdb)[0x7f79b52d76bb]
/usr/lib64/libperl.so.5.12(PerlIO_openn+0x2ab)[0x7f79b52d8e8b]
/usr/lib64/libperl.so.5.12(Perl_do_openn+0x955)[0x7f79b52b1be5]
/usr/lib64/libperl.so.5.12(Perl_pp_open+0x14b)[0x7f79b529d16b]
/usr/lib64/libperl.so.5.12(Perl_runops_standard+0x20)[0x7f79b5255190]
/proc/15891/cmdline: /usr/bin/perl /usr/bin/perldoc -ud packfile-c.pod ../src/packfile/api.c
Comment 8 Chris Hall 2013-02-22 10:50:54 UTC
I've been seeing a slightly different variant of this, which I suspect might be another manifestation of the same problem:

...
/usr/bin/perl5.16.2 -MExtUtils::Command -e touch doc-prep
/usr/bin/perldoc -ud packfile-c.pod ../src/packfile/api.c
Can't write-open packfile-c.pod: Permission denied
 at /usr/bin/perldoc line 10.
gmake[1]: *** [packfile-c.pod] Error 13
gmake[1]: Leaving directory `/var/tmp/portage/dev-lang/parrot-5.1.0/work/parrot-5.1.0/docs'
make: *** [docs.dummy] Error 2
emake failed
 * ERROR: dev-lang/parrot-5.1.0 failed (install phase):
 *   (no error message)
...

Adding RESTRICT="userpriv" to the ebuild was enough to fix it for me.
Comment 9 Kent Fredric (IRC: kent\n) (RETIRED) gentoo-dev 2013-05-17 05:51:41 UTC
Weird. There's no good reason for this to be failing. Still Occurring in Parrot-5.3.0.

' Leaving directory `/var/tmp/portage/dev-lang/parrot-5.3.0/work/parrot-5.3.0/docs'

Suggests that $PWD = /var/tmp/portage/dev-lang/parrot-5.3.0/work/parrot-5.3.0/docs'

And manually resolving the path relative to that should be: 

/var/tmp/portage/dev-lang/parrot-5.3.0/work/parrot-5.3.0/src/packfile/api.c

However, "abs_path: ../src/packfile/src/packfile/api.c" is weird, indicating something is getting confused and trying to resolve it as 


/var/tmp/portage/dev-lang/parrot-5.3.0/work/parrot-5.3.0/src/packfile/src/packfile/api.c 

instead.

So, hacking perldoc to report $CWD: 

 BEGIN { $^W = 1 if $ENV{'PERLDOCDEBUG'} }
+use Cwd qw(cwd);
+use Data::Dump qw(pp);
+pp({ cwd => cwd(), args => \@ARGV })
 use Pod::Perldoc;

... 
{
  args => ["-ud", "packfile-c.pod", "../src/packfile/api.c"],
  cwd  => "/var/tmp/portage/dev-lang/parrot-5.3.0/work/parrot-5.3.0/docs",
}
Proving indeed, `perldoc` is being called from where we think it is, and in the way we think it should be.

So, assuming something is wrong in the guts, I prematurely resolve paths in @ARGV


 pp({ cwd => cwd(), args => \@ARGV });
+for (@ARGV){
+	next unless $_ =~ /^..\//;
+	$_ = abs_path($_);
+}
 use Pod::Perldoc;

And a new problem arises: 

No documentation found for "/var/tmp/portage/dev-lang/parrot-5.3.0/work/parrot-5.3.0/src/packfile/api.c"

Huh? So Ripped out that code.

Futher probing:

# Works
cd '/var/tmp/portage/dev-lang/parrot-5.3.0/work/parrot-5.3.0/'
perldoc src/packfile/api.c  

# Doesn't
cd '/var/tmp/portage/dev-lang/parrot-5.3.0/work/'
perldoc parrot-5.3.0/src/packfile/api.c
# No documentation found for "parrot-5.3.0/src/packfile/api.c".

So I think its safe to say something weird is happening in PerlDoc, and that this problem may be a result of either Perldoc or one of its dependencies ( which may be provided by perl, or may be provided by perl-core/* )
Comment 10 Kent Fredric (IRC: kent\n) (RETIRED) gentoo-dev 2013-05-17 06:32:37 UTC
Aha!. I think I've nailed it.

Perldoc, when seeing its being run as root, drops privs to "nobody", because its got known security risks.

require 5;
BEGIN { $^W = 1 if $ENV{'PERLDOCDEBUG'} }
warn "UID = $< EUID = $> GID = $( EGID = $)";
use Pod::Perldoc;

^^^

/usr/bin/perldoc -ud packfile-c.pod ../src/packfile/api.c
UID = 0 EUID = 0 GID = 0 0 1 2 3 4 6 10 11 26 27 EGID = 0 0 1 2 3 4 6 10 11 26 27 at /usr/bin/perldoc line 9.

So if you modify the code in Pod/Perldoc.pm to disable this, via early return from drop privs:

sub drop_privs_maybe {
   my $self = shift;
   return; 
   # rest of drop_privs_maybe
}

Then compilation succeeds. 

In essence, it appears the ACCESS DENIED violation is not so much caused by sandbox.... but caused by the privilege drop.
Comment 11 Kent Fredric (IRC: kent\n) (RETIRED) gentoo-dev 2013-05-17 08:45:59 UTC
Created attachment 348498 [details, diff]
parrot-5.3.0.ebuild.patch

This is the first solution I've found that makes parrot build and install without requiring FEATURES="userpriv"

it

a) creates ${S}/src/docs/ops prematurely, because otherwise make creates that after we fix all the permissions up

b) makes ${S}/src/docs and child directories world-writable, so that when perldoc drops to UID=nobody, it will still be able to write there

c) makes ${S}/../ world read/execute so that perldoc can enter that directory as UID=nobody 

part c is notably the most nasty part of this, but there are not may alternatives, especially not alternatives that work outside portage.

And additional note: if any other directories above ${S}/../ are not readable/accessible by UID=nobody, you have to either 

a) change that

or 

b) use FEATURES="userpriv" 

Approach B suppresses the problem entirely, because `perldoc` only tries to drop privs when UID=0.
Comment 12 Tanktalus 2013-05-20 22:55:37 UTC
(In reply to comment #11)
> b) use FEATURES="userpriv" 

If you look at the top comment where this bug is reported, the original reporter already had FEATURES=userpriv enabled.  So do I.  And yet we're getting this issue.  So what you are fixing may be a similar yet unrelated problem if setting FEATURES=userpriv fixes it for you.
Comment 13 Kent Fredric (IRC: kent\n) (RETIRED) gentoo-dev 2013-05-21 11:50:42 UTC
I just double-checked, I am also using FEATURES="userpriv" ( as well as usersandbox ). Hah. Odd.

I just didn't think I did, because the install was running as UID=0

So it would seem either my portage is silently broken not doing FEATURES="userpriv", or that userpriv doesn't apply to src_install.

Ok, so it would appear, that my approach (b) can't be expected to work either, for anyone :/
Comment 14 Kent Fredric (IRC: kent\n) (RETIRED) gentoo-dev 2013-06-16 03:57:26 UTC
Parrot 5.4.0 still has this bug.

... and this patch still resolves it for me.

> emerge --info | grep ^FEATURES | tr " " "\n"  | grep -E "priv|sandbox" | tr "\n" " "
# sandbox userpriv usersandbox


cd /usr/portage/dev-lang/parrot/
wget -O /tmp/parrot.patch "https://bugs.gentoo.org/attachment.cgi?id=348498"
patch ./parrot-5.4.0.ebuild < /tmp/parrot.patch
repoman manifest

emerge -vat1 parrot

....

>>> Completed installing parrot-5.4.0 into /var/tmp/portage/dev-lang/parrot-5.4.0/image/
>>> Original instance of package unmerged safely.
>>> dev-lang/parrot-5.4.0 merged.

Please, try it and see. It works.
Comment 15 Kent Fredric (IRC: kent\n) (RETIRED) gentoo-dev 2013-06-26 16:00:25 UTC
Created attachment 352002 [details, diff]
files/5.5.0/perldoc.patch

Alternative approach that should work with less fear inducing symptoms. 

Patches invocations of Perldoc to pipe stdout to file so privilege problems don't occur when perldoc drops privs. 

Only needs ebuild modified with :       


epatch "${FILESDIR}/${PV}/perldoc.patch"

added to src_prepare
Comment 16 Kent Fredric (IRC: kent\n) (RETIRED) gentoo-dev 2013-06-28 05:00:04 UTC
Related upstream bug: https://github.com/parrot/parrot/issues/520 

Upstream patch pull: https://github.com/parrot/parrot/pull/973

If upstream are satisfied, then this problem will hopefully be fixed sometime soon in a future release =)
Comment 17 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2013-08-29 12:59:20 UTC
*** Bug 462244 has been marked as a duplicate of this bug. ***
Comment 18 Patrick Lauer gentoo-dev 2013-09-03 08:57:40 UTC
+  03 Sep 2013; Patrick Lauer <patrick@gentoo.org> +files/perldoc.patch,
+  parrot-5.6.0.ebuild:
+  Fix for #454058, at last