Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 356687 - sys-apps/file-5.05 doesn't build on x86 hardened
Summary: sys-apps/file-5.05 doesn't build on x86 hardened
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: x86 Linux
: High normal (vote)
Assignee: The Gentoo Linux Hardened Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-02-27 13:01 UTC by Andrej Kacian
Modified: 2011-03-06 00:13 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
complete build log (sys-apps:file-5.05:20110227-125802.log,37.59 KB, text/plain)
2011-02-27 13:02 UTC, Andrej Kacian 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrej Kacian 2011-02-27 13:01:34 UTC 
During src_compile phase, the build errors out after following error:

/var/tmp/portage/sys-apps/file-5.05/work/file-5.05/src/.libs/file: error while loading shared libraries: cannot make segment writable for relocation: Permission denied




Compiling file-5.04 works just fine without any changes.

# emerge --info =sys-apps/file-5.05
Portage 2.1.9.25 (hardened/linux/x86, gcc-4.4.5, glibc-2.11.2-r3, 2.6.36-hardened-r9 i686)
=================================================================
                        System Settings
=================================================================
System uname: Linux-2.6.36-hardened-r9-i686-Intel-R-_Atom-TM-_CPU_230_@_1.60GHz-with-gentoo-1.12.14
Timestamp of tree: Sun, 27 Feb 2011 01:40:01 +0000
distcc 3.1 i686-pc-linux-gnu [enabled]
app-shells/bash:     4.1_p9
dev-lang/python:     2.6.5-r3, 3.1.2-r4
dev-util/cmake:      2.8.1-r2
sys-apps/baselayout: 1.12.14-r1
sys-apps/sandbox:    1.6-r2
sys-devel/autoconf:  2.65-r1
sys-devel/automake:  1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.4.5
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.10
sys-devel/make:      3.81-r2
virtual/os-headers:  2.6.36.1 (sys-kernel/linux-headers)
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE="* -@EULA"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=core2 -mtune=pentium -O2 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/openvpn/easy-rsa"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=core2 -mtune=pentium -O2 -pipe"
DISTDIR="/usr/gentoo/distfiles"
FEATURES="assume-digests binpkg-logs collision-protect distcc distlocks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv"
GENTOO_MIRRORS="http://mirror.gentoo.sk/pub ftp://ftp.sh.cvut.cz/MIRRORS/gentoo/gentoo http://ftp.easynet.nl/mirror/gentoo"
LC_ALL="en_US.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="en sk"
MAKEOPTS="-j6"
PKGDIR="/usr/gentoo/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/gentoo/portage"
PORTDIR_OVERLAY="/usr/gentoo/overlay"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="acl bash-completion berkdb bzip2 cli cracklib crypt cups curl cxx dri gdbm gmp gnutls gpm hardened icecastflac iconv idn imap ipv6 lm_sensors logrotate mmx modules mp3 mudflap ncurses nls nntp nptl nptlonly ntp oggvorbis openmp openssl pam pcre perl pic pppd python readline session sieve smp sse sse2 ssl sslog ssse3 sysfs tcpd type1 unicode urandom usb vim-syntax x86 xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en sk" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 intel mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa via vmware nouveau" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Andrej Kacian 2011-02-27 13:02:42 UTC 
Created attachment 264039 [details]
complete build log
Comment 2 Magnus Granberg gentoo-dev 2011-02-28 02:24:04 UTC 
Make sure you have the same toolchain when you use distcc on hardened profile with a hardened toolchain.
Comment 3 Andrej Kacian 2011-02-28 12:11:14 UTC 
Magnus, that was the first thing that came to my mind, but I have no reason to believe my hardened toolchain is broken on other distcc nodes.
And anyway, same error happens with FEATURES=-distcc
Comment 4 Magnus Granberg gentoo-dev 2011-02-28 12:44:40 UTC 
file-5.05 compile fine for me on may x86 chroot
I think some thing is broken on your part.
Portage 2.1.9.35 (hardened/linux/x86, gcc-4.4.4, glibc-2.11.2-r0, 2.6.34-hardened-r1 i686)
=================================================================
System uname: Linux-2.6.34-hardened-r1-i686-Intel-R-_Xeon-R-_CPU_E5420_@_2.50GHz-with-gentoo-2.0.1
Timestamp of tree: Mon, 28 Feb 2011 10:45:01 +0000
app-shells/bash:     4.1_p7
dev-lang/python:     2.6.5-r3
dev-util/cmake:      2.8.1-r2
sys-apps/baselayout: 2.0.1
sys-apps/openrc:     0.6.1-r1
sys-apps/sandbox:    2.2
sys-devel/autoconf:  2.65-r1
sys-devel/automake:  1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.4.4-r1
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.10
sys-devel/make:      3.81-r2
virtual/os-headers:  2.6.34 (sys-kernel/linux-headers)
ACCEPT_KEYWORDS="x86 ~x86"
ACCEPT_LICENSE="*"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=i686"
CHOST="i686-pc-linux-gnu"
Comment 5 Andrej Kacian 2011-02-28 12:50:35 UTC 
Or perhaps mine and your grsecurity configuration is just different.

BTW, I forgot to mention that grsec logs following message:

Feb 28 13:08:59 vala kernel: grsec: From 192.168.113.5: denied RWX mprotect of /var/tmp/portage/sys-apps/file-5.05/work/file-5.05/src/.libs/file by /var/tmp/portage/sys-apps/file-5.05/work/file-5.05/src/.libs/file[file:17978] uid/euid:250/250 gid/egid:250/250, parent /usr/bin/gmake[make:17973] uid/euid:250/250 gid/egid:250/250
Comment 6 Xake 2011-02-28 18:20:03 UTC 
(In reply to comment #5)
> Or perhaps mine and your grsecurity configuration is just different.
> 
> BTW, I forgot to mention that grsec logs following message:
> 
> Feb 28 13:08:59 vala kernel: grsec: From 192.168.113.5: denied RWX mprotect of
> /var/tmp/portage/sys-apps/file-5.05/work/file-5.05/src/.libs/file by
> /var/tmp/portage/sys-apps/file-5.05/work/file-5.05/src/.libs/file[file:17978]
> uid/euid:250/250 gid/egid:250/250, parent /usr/bin/gmake[make:17973]
> uid/euid:250/250 gid/egid:250/250
> 

I am sorry to say that that does not mean much. The RWX problem may as well come from something in glibc or gcc or other system compinents shared library being wrong.
I remember having distcc where all nodes where hardened, but started to get a lot of these problems. Turning off distcc, and "emerge -e <problem-program>" helped. I *think* that it may have happened because of the toolchain versionwise where not exactly the same on the different nodes (at one time one of the computers where following stable, while the other was following ~arch) but that is also the only difference I can think of...
Comment 7 Magnus Granberg gentoo-dev 2011-02-28 23:29:29 UTC 
(In reply to comment #5)
> Or perhaps mine and your grsecurity configuration is just different.
> 
> BTW, I forgot to mention that grsec logs following message:
> 
> Feb 28 13:08:59 vala kernel: grsec: From 192.168.113.5: denied RWX mprotect of
> /var/tmp/portage/sys-apps/file-5.05/work/file-5.05/src/.libs/file by
> /var/tmp/portage/sys-apps/file-5.05/work/file-5.05/src/.libs/file[file:17978]
> uid/euid:250/250 gid/egid:250/250, parent /usr/bin/gmake[make:17973]
> uid/euid:250/250 gid/egid:250/250
Yes it get killed for you have some thing wrong in you setup or toolchain or deps on that package. for you are geting textrel and that is geting killed by the kernel. Dictcc in know to have problems with hardened when nods don't have the same setup. So recompile any depende for that package and the package with out dictcc.
Comment 8 Andrej Kacian 2011-03-06 00:13:08 UTC 
You're right - remerging glibc helped here, and file-5.05 merged succesfully as well afterwards. Weird stuff.