Bug 112499 - sandbox violation in net-wireless/ieee80211
|
Bug#:
112499
|
Product: Gentoo Linux
|
Version: 2005.1
|
Platform: x86
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: major
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: mobile@gentoo.org
|
Reported By: kir@sacred.ru
|
|
Component: Applications
|
|
|
URL:
|
|
Summary: sandbox violation in net-wireless/ieee80211
|
|
Keywords: InCVS
|
|
Status Whiteboard:
|
|
Opened: 2005-11-14 04:47 0000
|
I am emerging ieee80211 while having gentoo-sources-2.6.14-r2 under
/usr/src/linux.
The first problem is remove-old script sees commented out line in .config:
"""
* Preparing ieee80211 module
Checking in /usr/src/linux/ for ieee80211 components...
#undef CONFIG_IEEE80211
Above definitions found. Comment out? [y], n
"""
As it is commented out, there is no need to check for it, or comment it out
once
again.
Second problem is if I answer 'yes' (or just press enter as 'yes' is default)
to
the above question, I got sandbox violation:
"""
* Preparing ieee80211 module
Checking in /usr/src/linux/ for ieee80211 components...
#undef CONFIG_IEEE80211
Above definitions found. Comment out? [y], n
ACCESS DENIED rename: /usr/src/linux/sedyv6ATG
ACCESS DENIED unlink: /usr/src/linux/sedyv6ATG
sed: cannot remove /usr/src/linux///sedyv6ATG: Permission denied
make -C /usr/src/linux M=/var/tmp/portage/ieee80211-1.1.6/work/ieee80211-1.1.6
MODVERDIR=/var/tmp/portage/ieee80211-1.1.6/work/ieee80211-1.1.6 modules
make[1]: Entering directory `/usr/src/linux-2.6.14-gentoo-r2'
<...build messages removed for clarity...>
make[1]: Leaving directory `/usr/src/linux-2.6.14-gentoo-r2'
--------------------------- ACCESS VIOLATION SUMMARY
---------------------------LOG FILE =
"/var/log/sandbox/sandbox-net-wireless_-_ieee80211-1.1.6-11541.log"
rename: /usr/src/linux/sedyv6ATG (symlink to
/usr/src/linux-2.6.14-gentoo-r2/sedyv6ATG)
unlink: /usr/src/linux/sedyv6ATG (symlink to
/usr/src/linux-2.6.14-gentoo-r2/sedyv6ATG)
---------
"""
And the log file says:
rename: /usr/src/linux/sedyv6ATG (symlink to
/usr/src/linux-2.6.14-gentoo-r2/sedyv6ATG)
unlink: /usr/src/linux/sedyv6ATG (symlink to
/usr/src/linux-2.6.14-gentoo-r2/sedyv6ATG)
So, to sum it up
(1) remove-old script should be fixed to ignore commented-out lines in .config
(2) remove-old should not try to fix anything if run from ebuild, as it is
sandboxed, instead printing a message telling user what to do.
Reproducible: Always
Steps to Reproduce:
I'm also not sure whether ebuild should be interactive, i.e. ask any questions
waiting for respond. Looks like it should not, as I haven't seen any other
ebuild doing that.
I've just backported the work-around from ieee80211-1.1.x to ieee80211-1.0.x.
Basically, you need to run `/bin/sh
/usr/portage/net-wireless/ieee80211/remove-old /usr/sr/linux` prior to merging
net-wireless/ieee80211. Sorry for the inconvenience.
Just to make sure there is no confusion: ieee80211 version I was emerging
yesterday was 1.1.6.
Not sure if you have fixed it; will check tomorrow.
You still need to run `/bin/sh
/usr/portage/net-wireless/ieee80211/remove-old /usr/sr/linux`
I do understand that, I have already succeded in emerging ieee80211-1.1.6
yesterday.
What I do not understand is
(1) why emerge ieee80211 asks me questions like "Above (files||definitions)
found. (Remove|Comment out)?", requiring some input from me. IMHO the right
behaviour would be to bail out printing an error telling you need to run this
and that.
(2) why emerge ieee80211 tries to delete some files outside of its sandbox.
It doesn't any longer. It bails out if the ieee80211.h header file is found in
the kernel tree, instructing the user to manually run `/bin/sh
/usr/portage/net-wireless/ieee80211/remove-old /usr/src/linux`.
If the in-kernel ieee80211 subsystem is found, the package can not be compiled.
This is upstream policy.
*** Bug 112878 has been marked as a duplicate of this bug. ***
This is not fixed. I tried to install 1.1.6 against gentoo-sources-2.6.14-r2
today and got the following:
* Preparing ieee80211 module
Checking in /usr/src/linux/ for ieee80211 components...
make -C /usr/src/linux M=/var/tmp/portage/ieee80211-1.1.6/work/ieee80211-1.1.6
MODVERDIR=/var/tmp/portage/ieee80211-1.1.6/work/ieee80211-1.1.6 modules
#undef CONFIG_IEEE80211
Above definitions found. Comment out? [y], n make[1]: Entering directory
`/usr/src/linux-2.6.14-gentoo-r2'
[...]
make[1]: Leaving directory `/usr/src/linux-2.6.14-gentoo-r2'
ACCESS DENIED rename: /usr/src/linux/sedaOHm0x
ACCESS DENIED unlink: /usr/src/linux/sedaOHm0x
sed: cannot remove /usr/src/linux///sedaOHm0x: Permission denied
--------------------------- ACCESS VIOLATION SUMMARY--------------------------
LOG FILE = "/var/log/sandbox/sandbox-net-wireless_-_ieee80211-1.1.6-15266.log"
rename: /usr/src/linux/sedaOHm0x (symlink
to /usr/src/linux-2.6.14-gentoo-r2/sedaOHm0x)
unlink: /usr/src/linux/sedaOHm0x (symlink
to /usr/src/linux-2.6.14-gentoo-r2/sedaOHm0x)
------------------------------------------------------------------------------
So the ebuild still tries to touch the live filesystem in some circumstances.
I had run remove-old prior, but I answered no when it asked me whether to
comment out CONFIG_IEEE80211 (it was "undefined" in my config so did not need
commenting). After running remove-old again and asking it to comment out
CONFIG_IEEE80211, I was able to merge the package.
*** Bug 112878 has been marked as a duplicate of this bug. ***
The script resides at /usr/portage/net-wireless/ieee80211/files/remove-old not
at /usr/portage/net-wireless/ieee80211/remove-old.
(In reply to comment #8)
> I had run remove-old prior, but I answered no when it asked me whether to
> comment out CONFIG_IEEE80211
So you failed to follow the instructions in the ebuild. Do I really need to add
"You must answer yes too all questions asked by this script." to the ebuild?
anwsering yes to the questions in the script results in a sandbox violation.
(In reply to comment #12)
> anwsering yes to the questions in the script results in a sandbox violation.
Would you kindly emerge sync and try with *current* (!!!) ebuild? Or would you
perhaps have a magic explanation for the fact that a script run manually outside
of emerge process breaks sandbox (yes, the ebuild eerrors and instructs user to
run that script)?
make[1]: Leaving directory `/usr/src/linux-2.6.15-suspend2-r2'
ACCESS DENIED rename: /usr/src/linux/sedCbbu82
ACCESS DENIED unlink: /usr/src/linux/sedCbbu82
sed: cannot remove /usr/src/linux///sedCbbu82: Permission denied
--------------------------- ACCESS VIOLATION SUMMARY
---------------------------
LOG FILE = "/var/log/sandbox/sandbox-net-wireless_-_ieee80211-1.1.6-22006.log"
rename: /usr/src/linux/sedCbbu82 (symlink to
/usr/src/linux-2.6.15-suspend2-r2/sedCbbu82)
unlink: /usr/src/linux/sedCbbu82 (symlink to
/usr/src/linux-2.6.15-suspend2-r2/sedCbbu82)
--------------------------------------------------------------------------------
Still violates sandbox permissions (Yes, I ran remove-old script befre trying
to emerge). In fact I tried to emerge "~x86" ieee80211 (which is 1.1.9) hoping
it will be fixed there - before it was at least installing after failing to
remove sed temoporary files, which has no business to appear in /usr/src/linux
source tree in the first place.
Found the problem in the ebuild - what happens is that Makefile is still trying
to run remove_old before compiling - and running that from within sandbox
creates the problem.
Here is the patch for the ieee80211 ebuilds that remedies this problem:
--- /usr/portage/net-wireless/ieee80211/ieee80211-1.1.6.ebuild 2005-11-24
06:36:10.000000000 -0800
+++ /usr/local/portage/net-wireless/ieee80211/ieee80211-1.1.6.ebuild
2006-01-18 05:44:33.000000000 -0800
@@ -74,9 +74,11 @@
use debug && debug="y"
sed -i -e "s:^\(CONFIG_IEEE80211_DEBUG\)=.*:\1=${debug}:" ${S}/Makefile
+ sed -i -e "s/^all: check_old modules/all: modules/" ${S}/Makefile
}
