Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 438250 - sys-apps/sandbox when emerging sys-fs/fuse-2.9.2: configure: checking if umount supports --fake --no-canonicalize (ACCESS DENIED open_wr: /etc/mtab)
Summary: sys-apps/sandbox when emerging sys-fs/fuse-2.9.2: configure: checking if umou...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: All Linux
: Normal normal with 5 votes (vote)
Assignee: Gentoo Kernel Miscellaneous
URL:
Whiteboard:
Keywords:
: 460022 (view as bug list)
Depends on:
Blocks:
 
Reported: 2012-10-13 17:49 UTC by Attila Tóth
Modified: 2021-08-03 23:29 UTC (History)
16 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Don't check for umount at configure time (fuse-dont-check-umount.patch,808 bytes, patch)
2012-10-15 05:08 UTC, Canek Peláez Valdés
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Attila Tóth 2012-10-13 17:49:35 UTC
checking for iconv... yes
checking for working iconv... yes
checking for iconv declaration...
         extern size_t iconv (iconv_t cd, char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft);
checking if umount supports --fake --no-canonicalize... ACCESS DENIED  open_wr:      /etc/mtab
configure: creating ./config.status
config.status: creating fuse.pc
config.status: creating Makefile
config.status: creating lib/Makefile
config.status: creating util/Makefile
config.status: creating example/Makefile
config.status: creating include/Makefile
config.status: creating doc/Makefile
config.status: creating include/config.h
config.status: executing depfiles commands
config.status: executing libtool commands
configure: WARNING:
******************************************************************
* Please install util-linux version 2.18 or later which supports *
* --fake and --no-canonicalize options in mount and umount       *
******************************************************************
>>> Source configured.
--------------------------- ACCESS VIOLATION SUMMARY ---------------------------
LOG FILE "/var/log/sandbox/sandbox-4442.log"

VERSION 1.0
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line

F: open_wr
S: deny
P: /etc/mtab
A: /etc/mtab
R: /etc/mtab
C: umount --fake --no-canonicalize

F: open_wr
S: deny
P: /run/mount/utab
A: /run/mount/utab
R: /run/mount/utab
C: umount --fake --no-canonicalize

F: open_wr
S: deny
P: /etc/mtab
A: /etc/mtab
R: /etc/mtab
C: umount --fake --no-canonicalize
--------------------------------------------------------------------------------

Reproducible: Always
Comment 1 Manuel Rüger (RETIRED) gentoo-dev 2012-10-15 00:53:34 UTC
"Please install util-linux version 2.18 or later which supports..." 

What does 'emerge -pv util-linux' output?
Comment 2 Gang ZHAO 2012-10-15 01:04:53 UTC
I have the same problem. My installed version of util-linux is 2.22, but when  I emerge sys-fs/fuse-2.9.1-r1 it also show the errors above.
Comment 3 Canek Peláez Valdés 2012-10-15 05:03:25 UTC
The problem seems to be that the configure scripts runs umount to try to determine if the command accepts the --fake --no-canonicalize arguments. Running umount --fake --no-canonicalize without arguments seems to try to open /run/mount/utab (probably because, according to the man page,  the --fake argument "can be used to remove entries from /etc/mtab that were unmounted earlier with the -n option."), and hence the access violation.
Comment 4 Canek Peláez Valdés 2012-10-15 05:08:31 UTC
Created attachment 326582 [details, diff]
Don't check for umount at configure time

(Sorry; sent report before finishing).

According to the man page, therefore, the umount command with the --fake argument can modify the filesystem, so running it at configure time seems to be unwise. Maybe a bug report should be filed in fuse upstream.

Meanwhile, and since we can guarantee that we have the required version of util-linux, we can workaround the problem with the attached patch to the ebuild.
Comment 5 Attila Tóth 2012-10-15 06:24:16 UTC
(In reply to comment #3)
> The problem seems to be that the configure scripts runs umount to try to
> determine if the command accepts the --fake --no-canonicalize arguments.
> Running umount --fake --no-canonicalize without arguments seems to try to
> open /run/mount/utab (probably because, according to the man page,  the
> --fake argument "can be used to remove entries from /etc/mtab that were
> unmounted earlier with the -n option."), and hence the access violation.

Correct, I agree.
Comment 6 Attila Tóth 2012-10-15 06:25:30 UTC
(In reply to comment #4)
> Created attachment 326582 [details, diff] [details, diff]
> Don't check for umount at configure time
> 
> (Sorry; sent report before finishing).
> 
> According to the man page, therefore, the umount command with the --fake
> argument can modify the filesystem, so running it at configure time seems to
> be unwise. Maybe a bug report should be filed in fuse upstream.
> 
> Meanwhile, and since we can guarantee that we have the required version of
> util-linux, we can workaround the problem with the attached patch to the
> ebuild.

Disabling the check making it always true correctly workarounds the problem.
The final solution should be done upstreams. Other distros will also face problems like this due to their sandboxing approach.
Comment 7 Canek Peláez Valdés 2012-10-15 16:51:16 UTC
Another workaround, probably easier, from bug #437568: just install sys-apps/sandbox-2.6, and then you can install sys-fs/fuse-2.9.1-r1 without sandbox violations. There is a warning about ACCESS DENIED, but the emerge finishes correctly.
Comment 8 Ben Kohler gentoo-dev 2012-10-17 18:21:21 UTC
It seems that this bug only exists on sys-fs/fuse-2.9.1-r1 with unstable util-linux-2.22* and stable sandbox-2.5, is this correct?
Comment 9 Canek Peláez Valdés 2012-10-17 18:34:56 UTC
I'm not able to reproduce the bug with util-linux-2.22.1 and stable sandbox-2.6.
Comment 10 Ben Kohler gentoo-dev 2012-10-17 18:37:07 UTC
sandbox-2.6 isn't stable, though.  Downgrade to the actual stable sandbox-2.5 and that is where the bug appears.
Comment 11 Canek Peláez Valdés 2012-10-17 18:52:13 UTC
(In reply to comment #10)
> sandbox-2.6 isn't stable, though.

Neither is util-linux 2.22. Can you reproduce the bug with sandbox-2.5 and util-linux-2.21*? If you can, then there is a bug. If you cannot, then it's our fault for mixing stable and unstable packages, and the bug should be closed.

> Downgrade to the actual stable sandbox-2.5 and that is where the bug appears.

I don't think there is actually a bug. If you are running unstable util-linux, there is no reason to expect for stable sandbox to work with it.
Comment 12 Ben Kohler gentoo-dev 2012-10-17 18:58:18 UTC
It is still a bug.  This will become an even bigger problem if util-linux-2.22 goes stable without sandbox-2.6 going stable also.  I just wanted to confirm that this was ONLY affecting users who are mixing util-linux-2.22 with sandbox-2.5, I still believe this is the case.
Comment 13 Drake Donahue 2012-10-20 05:14:43 UTC
have the exact problem with:
sys-apps/util-linux-2.22.1
sys-apps/sandbox-2.5
sys-fs/fuse-      available: 2.9.1-r1      installed: 2.8.6

unstable util-linux was solution to an earlier block

with:
sys-apps/util-linux-2.22.1
sys-apps/sandbox-2.6
sys-fs/fuse-      available: 2.9.1-r1      installed: 2.8.6
Comment 14 MrRockchip 2012-11-01 12:06:40 UTC
(In reply to comment #7)
> Another workaround, probably easier, from bug #437568: just install
> sys-apps/sandbox-2.6, and then you can install sys-fs/fuse-2.9.1-r1 without
> sandbox violations. There is a warning about ACCESS DENIED, but the emerge
> finishes correctly.

Unfortunately, your workaround does not work for me.
I have Linux Debian, and there is no such a thing as "sandbox-2.6".
If I am wrong, please tell me the truth.
Comment 15 Attila Tóth 2012-11-01 13:59:23 UTC
(In reply to comment #14)
> (In reply to comment #7)
> > Another workaround, probably easier, from bug #437568: just install
> > sys-apps/sandbox-2.6, and then you can install sys-fs/fuse-2.9.1-r1 without
> > sandbox violations. There is a warning about ACCESS DENIED, but the emerge
> > finishes correctly.
> 
> Unfortunately, your workaround does not work for me.
> I have Linux Debian, and there is no such a thing as "sandbox-2.6".
> If I am wrong, please tell me the truth.

This Bug Tracker system is focused on a distribution called Gentoo. You are using Debian. Each distribution has its own way of sandboxing. You should probably first try to seek a solution amongst Debian folks.
Comment 16 SpanKY gentoo-dev 2012-11-01 17:16:56 UTC
if newer sandbox issues the warning but doesn't abort, that's a bug in sandbox

would probably be better to have the configure script run `umount --help` and grep the output
Comment 17 Attila Tóth 2012-11-01 17:22:25 UTC
(In reply to comment #16)
> if newer sandbox issues the warning but doesn't abort, that's a bug in
> sandbox
> 
> would probably be better to have the configure script run `umount --help`
> and grep the output

Totally agree on both the sandbox behavior being buggy and about the configure script as well.
Comment 18 Martin Mokrejš 2012-12-07 10:54:50 UTC
Happens also with sys-fs/fuse-2.9.2 and sys-apps/util-linux-2.22.1 and sys-apps/sandbox-2.6.
Comment 19 Alexandre Rostovtsev (RETIRED) gentoo-dev 2013-01-11 14:40:05 UTC
As a workaround, fuse can be emerged with FEATURES=userpriv
Comment 20 Alexandre Rostovtsev (RETIRED) gentoo-dev 2013-01-22 01:25:57 UTC
(In reply to comment #16)
> if newer sandbox issues the warning but doesn't abort, that's a bug in
> sandbox
> 
> would probably be better to have the configure script run `umount --help`
> and grep the output

That doesn't help:

# sandbox umount --help
 * ACCESS DENIED:  open_wr:      /run/mount/utab

Basically, any attempt to execute recent versions of umount results in umount testing whether utab and mtab files are writable, and it tests whether they are writable by calling open(filename, O_RDWR) :/
Comment 21 Ben Kohler gentoo-dev 2013-03-05 22:15:32 UTC
*** Bug 460022 has been marked as a duplicate of this bug. ***
Comment 22 Ben Kohler gentoo-dev 2013-03-05 22:24:14 UTC
(In reply to comment #12)
> It is still a bug.  This will become an even bigger problem if
> util-linux-2.22 goes stable without sandbox-2.6 going stable also.

FYI this is current reality now, sys-fs/fuse will not build on stable.
Comment 23 Brian Munro 2013-03-06 08:22:35 UTC
Latest Version of Sandbox (Sandbox-2.6)

Bypasses the error

checking for iconv declaration... 
         extern size_t iconv (iconv_t cd, char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft);
checking if umount supports --fake --no-canonicalize...  * ACCESS DENIED:  open_wr:      /etc/mtab
 * ACCESS DENIED:  open_wr:      /run/mount/utab
 * ACCESS DENIED:  open_wr:      /etc/mtab
 * ACCESS DENIED:  open_wr:      /run/mount/utab
configure: creating ./config.status

Fuse-2.9.1-r1 and Fuse 2.9.2 compile successfully on Sandbox-2.6
Comment 24 Łukasz Stelmach 2013-03-06 09:50:37 UTC
(In reply to comment #22)
> (In reply to comment #12)
> > It is still a bug.  This will become an even bigger problem if
> > util-linux-2.22 goes stable without sandbox-2.6 going stable also.
> 
> FYI this is current reality now, sys-fs/fuse will not build on stable.

Then please mask fuse, mark it unstable, please. This will prevent pulling fuse into world update.
Comment 25 Attila Tóth 2013-03-06 10:05:03 UTC
(In reply to comment #23)
> Latest Version of Sandbox (Sandbox-2.6)
> 
> Bypasses the error
> 
> checking for iconv declaration... 
>          extern size_t iconv (iconv_t cd, char * *inbuf, size_t
> *inbytesleft, char * *outbuf, size_t *outbytesleft);
> checking if umount supports --fake --no-canonicalize...  * ACCESS DENIED: 
> open_wr:      /etc/mtab
>  * ACCESS DENIED:  open_wr:      /run/mount/utab
>  * ACCESS DENIED:  open_wr:      /etc/mtab
>  * ACCESS DENIED:  open_wr:      /run/mount/utab
> configure: creating ./config.status
> 
> Fuse-2.9.1-r1 and Fuse 2.9.2 compile successfully on Sandbox-2.6

That is a problem of sandbox-2.6. See comment #16:
https://bugs.gentoo.org/show_bug.cgi?id=438250#c16
Comment 26 Samuli Suominen (RETIRED) gentoo-dev 2013-03-06 17:49:05 UTC
okay, workaround for fuse is in tree but since it has been concluded this is a bug in sandbox, reassigning to sandbox maintainers
Comment 27 Moritz Kohler 2013-03-07 15:33:00 UTC
I just unmasked fuse-2.9.2 and tried to emerge it: Issue is gone, it works now. Thanks for that. But what nobody tried here: fuse-2.9.1-r1, currently marked as the latest stable version, is also (and still) affected by this issue.

echo "sys-fs/fuse" >> /etc/portage/package.keywords helped me so far but I think you should either apply your change to the current stable version, too or mark fuse-2.9.2 as stable.
Comment 28 Samuli Suominen (RETIRED) gentoo-dev 2013-03-07 15:35:44 UTC
(In reply to comment #27)
> I just unmasked fuse-2.9.2 and tried to emerge it: Issue is gone, it works
> now. Thanks for that. But what nobody tried here: fuse-2.9.1-r1, currently
> marked as the latest stable version, is also (and still) affected by this
> issue.
> 
> echo "sys-fs/fuse" >> /etc/portage/package.keywords helped me so far but I
> think you should either apply your change to the current stable version, too
> or mark fuse-2.9.2 as stable.

I propose using the Bugzilla's Search feature (to find bug 460564)
Comment 29 SpanKY gentoo-dev 2013-03-24 01:35:14 UTC
(In reply to comment #16)

the missing abort is fixed in sandbox-2.6-r1

the fact that it aborts in the first place isn't a bug in sandbox.  fuse ran a command that tried to open paths for writing that it shouldn't have.
Comment 30 Ben Kohler gentoo-dev 2014-08-08 13:44:39 UTC
Looks like affected versions of fuse are long gone.
Comment 31 Larry the Git Cow gentoo-dev 2021-08-03 22:20:01 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9

commit 8a970396fca7aca2d5a761b8e7a8242f1eef14c9
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-08-03 22:19:06 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-08-03 22:19:06 +0000

    sys-fs/fuse: fix build with glibc 2.34
    
    Backporting the same patch which is now upstream,
    converted to patches for autotools changes rather
    than sed for further changes.
    
    Bug: https://bugs.gentoo.org/438250
    Closes: https://bugs.gentoo.org/803923
    Signed-off-by: Sam James <sam@gentoo.org>

 .../files/fuse-2.9.9-avoid-calling-umount.patch    | 38 ++++++++++++++
 .../files/fuse-2.9.9-closefrom-glibc-2-34.patch    | 60 ++++++++++++++++++++++
 sys-fs/fuse/fuse-2.9.9-r1.ebuild                   | 22 ++++----
 3 files changed, 110 insertions(+), 10 deletions(-)