Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 554108 - sys-apps/portage-2.2.20: FEATURES=cgroup is vulnerable interference between parallel builds of the same ${CATEGORY}:${PF}
Summary: sys-apps/portage-2.2.20: FEATURES=cgroup is vulnerable interference between p...
Status: RESOLVED FIXED
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Core - Ebuild Support (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Portage team
URL:
Whiteboard:
Keywords: InVCS
Depends on:
Blocks: 549914
  Show dependency tree
 
Reported: 2015-07-07 00:42 UTC by Zac Medico
Modified: 2023-06-14 00:04 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Zac Medico gentoo-dev 2015-07-07 00:42:09 UTC 
The vulnerable code in AbstractEbuildProcess is as follows:

    cgroup_path = os.path.join(cgroup_portage,
            '%s:%s' % (self.settings["CATEGORY"],
                self.settings["PF"]))

Instead, we should use tempfile.mkdtemp or something similar.
Comment 1 Brian Dolbec (RETIRED) gentoo-dev 2015-07-07 01:02:05 UTC 
sounds good to me :)
Comment 2 Zac Medico gentoo-dev 2015-07-07 05:09:08 UTC 
The number of temp dirs that we will create is unlimited, so we need to ensure that they are promptly destroyed. We can unshare the mount namespace and make /sys/fs/cgroup/portage a private mount which will automatically disappear when portage exits.
Comment 3 Zac Medico gentoo-dev 2015-07-07 07:31:58 UTC 
There's a patch in the following branch:

https://github.com/zmedico/portage/tree/bug_554108

I've posted it for review here:

https://archives.gentoo.org/gentoo-portage-dev/message/86f2105d445897c3690df7856371093f
Comment 5 Brian Dolbec (RETIRED) gentoo-dev 2015-09-22 01:22:39 UTC 
Released in portage-2.2.21