112499 2005-11-14 04:47 0000 sandbox violation in net-wireless/ieee80211 2006-01-18 01:59:22 0000 1 1 1 Unclassified Gentoo Linux Applications 2005.1 x86 Linux RESOLVED FIXED InCVS P2 major --- 1 kir@sacred.ru mobile@gentoo.org mcco3684@uidaho.edu kir@sacred.ru 2005-11-14 04:47:39 0000 I am emerging ieee80211 while having gentoo-sources-2.6.14-r2 under /usr/src/linux. The first problem is remove-old script sees commented out line in .config: """ * Preparing ieee80211 module Checking in /usr/src/linux/ for ieee80211 components... #undef CONFIG_IEEE80211 Above definitions found. Comment out? [y], n """ As it is commented out, there is no need to check for it, or comment it out once again. Second problem is if I answer 'yes' (or just press enter as 'yes' is default) to the above question, I got sandbox violation: """ * Preparing ieee80211 module Checking in /usr/src/linux/ for ieee80211 components... #undef CONFIG_IEEE80211 Above definitions found. Comment out? [y], n ACCESS DENIED rename: /usr/src/linux/sedyv6ATG ACCESS DENIED unlink: /usr/src/linux/sedyv6ATG sed: cannot remove /usr/src/linux///sedyv6ATG: Permission denied make -C /usr/src/linux M=/var/tmp/portage/ieee80211-1.1.6/work/ieee80211-1.1.6 MODVERDIR=/var/tmp/portage/ieee80211-1.1.6/work/ieee80211-1.1.6 modules make[1]: Entering directory `/usr/src/linux-2.6.14-gentoo-r2' <...build messages removed for clarity...> make[1]: Leaving directory `/usr/src/linux-2.6.14-gentoo-r2' --------------------------- ACCESS VIOLATION SUMMARY ---------------------------LOG FILE = "/var/log/sandbox/sandbox-net-wireless_-_ieee80211-1.1.6-11541.log" rename: /usr/src/linux/sedyv6ATG (symlink to /usr/src/linux-2.6.14-gentoo-r2/sedyv6ATG) unlink: /usr/src/linux/sedyv6ATG (symlink to /usr/src/linux-2.6.14-gentoo-r2/sedyv6ATG) --------- """ And the log file says: rename: /usr/src/linux/sedyv6ATG (symlink to /usr/src/linux-2.6.14-gentoo-r2/sedyv6ATG) unlink: /usr/src/linux/sedyv6ATG (symlink to /usr/src/linux-2.6.14-gentoo-r2/sedyv6ATG) So, to sum it up (1) remove-old script should be fixed to ignore commented-out lines in .config (2) remove-old should not try to fix anything if run from ebuild, as it is sandboxed, instead printing a message telling user what to do. Reproducible: Always Steps to Reproduce: kir@sacred.ru 2005-11-14 04:49:28 0000 I'm also not sure whether ebuild should be interactive, i.e. ask any questions waiting for respond. Looks like it should not, as I haven't seen any other ebuild doing that. henrik@brixandersen.dk 2005-11-15 04:30:05 0000 I've just backported the work-around from ieee80211-1.1.x to ieee80211-1.0.x. Basically, you need to run `/bin/sh /usr/portage/net-wireless/ieee80211/remove-old /usr/sr/linux` prior to merging net-wireless/ieee80211. Sorry for the inconvenience. kir@sacred.ru 2005-11-15 04:52:26 0000 Just to make sure there is no confusion: ieee80211 version I was emerging yesterday was 1.1.6. Not sure if you have fixed it; will check tomorrow. henrik@brixandersen.dk 2005-11-15 04:55:23 0000 You still need to run `/bin/sh /usr/portage/net-wireless/ieee80211/remove-old /usr/sr/linux` kir@sacred.ru 2005-11-15 05:04:33 0000 I do understand that, I have already succeded in emerging ieee80211-1.1.6 yesterday. What I do not understand is (1) why emerge ieee80211 asks me questions like "Above (files||definitions) found. (Remove|Comment out)?", requiring some input from me. IMHO the right behaviour would be to bail out printing an error telling you need to run this and that. (2) why emerge ieee80211 tries to delete some files outside of its sandbox. henrik@brixandersen.dk 2005-11-15 05:09:51 0000 It doesn't any longer. It bails out if the ieee80211.h header file is found in the kernel tree, instructing the user to manually run `/bin/sh /usr/portage/net-wireless/ieee80211/remove-old /usr/src/linux`. If the in-kernel ieee80211 subsystem is found, the package can not be compiled. This is upstream policy. jakub@gentoo.org 2005-11-18 01:36:20 0000 *** Bug 112878 has been marked as a duplicate of this bug. *** ribosome@gentoo.org 2005-11-18 07:57:14 0000 This is not fixed. I tried to install 1.1.6 against gentoo-sources-2.6.14-r2 today and got the following: * Preparing ieee80211 module Checking in /usr/src/linux/ for ieee80211 components... make -C /usr/src/linux M=/var/tmp/portage/ieee80211-1.1.6/work/ieee80211-1.1.6 MODVERDIR=/var/tmp/portage/ieee80211-1.1.6/work/ieee80211-1.1.6 modules #undef CONFIG_IEEE80211 Above definitions found. Comment out? [y], n make[1]: Entering directory `/usr/src/linux-2.6.14-gentoo-r2' [...] make[1]: Leaving directory `/usr/src/linux-2.6.14-gentoo-r2' ACCESS DENIED rename: /usr/src/linux/sedaOHm0x ACCESS DENIED unlink: /usr/src/linux/sedaOHm0x sed: cannot remove /usr/src/linux///sedaOHm0x: Permission denied --------------------------- ACCESS VIOLATION SUMMARY-------------------------- LOG FILE = "/var/log/sandbox/sandbox-net-wireless_-_ieee80211-1.1.6-15266.log" rename: /usr/src/linux/sedaOHm0x (symlink to /usr/src/linux-2.6.14-gentoo-r2/sedaOHm0x) unlink: /usr/src/linux/sedaOHm0x (symlink to /usr/src/linux-2.6.14-gentoo-r2/sedaOHm0x) ------------------------------------------------------------------------------ So the ebuild still tries to touch the live filesystem in some circumstances. I had run remove-old prior, but I answered no when it asked me whether to comment out CONFIG_IEEE80211 (it was "undefined" in my config so did not need commenting). After running remove-old again and asking it to comment out CONFIG_IEEE80211, I was able to merge the package. jakub@gentoo.org 2005-11-18 08:03:22 0000 *** Bug 112878 has been marked as a duplicate of this bug. *** mcco3684@uidaho.edu 2005-11-18 08:17:19 0000 The script resides at /usr/portage/net-wireless/ieee80211/files/remove-old not at /usr/portage/net-wireless/ieee80211/remove-old. henrik@brixandersen.dk 2005-11-18 08:50:04 0000 (In reply to comment #8) > I had run remove-old prior, but I answered no when it asked me whether to > comment out CONFIG_IEEE80211 So you failed to follow the instructions in the ebuild. Do I really need to add "You must answer yes too all questions asked by this script." to the ebuild? mcco3684@uidaho.edu 2005-11-18 08:51:42 0000 anwsering yes to the questions in the script results in a sandbox violation. jakub@gentoo.org 2005-11-18 10:32:19 0000 (In reply to comment #12) > anwsering yes to the questions in the script results in a sandbox violation. Would you kindly emerge sync and try with *current* (!!!) ebuild? Or would you perhaps have a magic explanation for the fact that a script run manually outside of emerge process breaks sandbox (yes, the ebuild eerrors and instructs user to run that script)? al3xxx@gmail.com 2006-01-17 02:18:25 0000 make[1]: Leaving directory `/usr/src/linux-2.6.15-suspend2-r2' ACCESS DENIED rename: /usr/src/linux/sedCbbu82 ACCESS DENIED unlink: /usr/src/linux/sedCbbu82 sed: cannot remove /usr/src/linux///sedCbbu82: Permission denied --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE = "/var/log/sandbox/sandbox-net-wireless_-_ieee80211-1.1.6-22006.log" rename: /usr/src/linux/sedCbbu82 (symlink to /usr/src/linux-2.6.15-suspend2-r2/sedCbbu82) unlink: /usr/src/linux/sedCbbu82 (symlink to /usr/src/linux-2.6.15-suspend2-r2/sedCbbu82) -------------------------------------------------------------------------------- Still violates sandbox permissions (Yes, I ran remove-old script befre trying to emerge). In fact I tried to emerge "~x86" ieee80211 (which is 1.1.9) hoping it will be fixed there - before it was at least installing after failing to remove sed temoporary files, which has no business to appear in /usr/src/linux source tree in the first place. al3xxx@gmail.com 2006-01-18 01:59:22 0000 Found the problem in the ebuild - what happens is that Makefile is still trying to run remove_old before compiling - and running that from within sandbox creates the problem. Here is the patch for the ieee80211 ebuilds that remedies this problem: --- /usr/portage/net-wireless/ieee80211/ieee80211-1.1.6.ebuild 2005-11-24 06:36:10.000000000 -0800 +++ /usr/local/portage/net-wireless/ieee80211/ieee80211-1.1.6.ebuild 2006-01-18 05:44:33.000000000 -0800 @@ -74,9 +74,11 @@ use debug && debug="y" sed -i -e "s:^\(CONFIG_IEEE80211_DEBUG\)=.*:\1=${debug}:" ${S}/Makefile + sed -i -e "s/^all: check_old modules/all: modules/" ${S}/Makefile }