459754 – dev-python/twisted-{11.0.0,12.0.0} test throws MemoryError with FEATURES="userpriv"

Bug 459754 - dev-python/twisted-{11.0.0,12.0.0} test throws MemoryError with FEATURES="userpriv"

Summary: dev-python/twisted-{11.0.0,12.0.0} test throws MemoryError with FEATURES="use...

Status:	RESOLVED OBSOLETE

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Library (show other bugs)
Hardware:	AMD64 Linux

Importance:	Normal normal (vote)
Assignee:	Python Gentoo Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-02-28 17:12 UTC by Sean Santos
Modified:	2016-02-10 09:50 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
build.log (build.log,133.60 KB, text/plain) 2013-02-28 17:12 UTC, Sean Santos	Details
emerge --info (info.log,5.57 KB, text/plain) 2013-02-28 17:15 UTC, Sean Santos	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sean Santos 2013-02-28 17:12:26 UTC

This always fails on my hardened box:

FEATURES="test userpriv" emerge -av1 twisted


Reproducible: Always




Messages in grsec.log:

grsec: denied untrusted exec (due to file in world-writable directory) of /var/tmp/ffiYBMO2x by /var/tmp/portage/dev-python/twisted-12.0.0/temp/tests/usr/bin/trial[trial:13294] uid/euid:250/250 gid/egid:250/250, parent /usr/lib64/portage/bin/ebuild.sh[ebuild.sh:13246] uid/euid:250/250 gid/egid:250/250

grsec: denied untrusted exec (due to file in group-writable directory) of /var/tmp/portage/dev-python/twisted-12.0.0/homedir/ffiIpU2VC by /var/tmp/portage/dev-python/twisted-12.0.0/temp/tests/usr/bin/trial[trial:13294] uid/euid:250/250 gid/egid:250/250, parent /usr/lib64/portage/bin/ebuild.sh[ebuild.sh:13246] uid/euid:250/250 gid/egid:250/250

Comment 1 Sean Santos 2013-02-28 17:12:57 UTC

Created attachment 340522 [details]
build.log

Comment 2 Sean Santos 2013-02-28 17:15:04 UTC

Created attachment 340524 [details]
emerge --info

Comment 3 Ian Delaney (RETIRED) gentoo-dev

2013-03-02 08:14:31 UTC

well, userpriv does have a counterpart. Try 

FEATURES="userpriv test usersandbox ...

Comment 4 Mike Gilbert gentoo-dev

2013-03-02 16:43:29 UTC

(In reply to comment #3)

Enabling usersandbox is not going to fix anything here. It's a grsec issue.

@hardened: What needs to happen here?

Comment 5 Sean Santos 2013-03-02 21:56:16 UTC

It's worth pointing out that I had usersandbox on anyway.

Actually, there are several packages that do not behave well with "userpriv" on this box. CONFIG_GRKERNSEC_TPE_ALL may be the culprit, although if I understand correctly how it works, any tests failing due to this option are due to a package not being careful about the permissions of directories it executes from.

Comment 6 Justin Lecher (RETIRED) gentoo-dev

2016-02-10 09:50:30 UTC

not present in gentoo.git anymore