Failing PAX mark virtualbox should not make the install phase fail: >>> Install virtualbox-5.0.2 into /tmp/portage/app-emulation/virtualbox-5.0.2/image/ category app-em ulation * /tmp/portage/app-emulation/virtualbox-5.0.2/image//usr/lib64/virtualbox/VBoxManage TYPE PAX FILE ET_EXEC --mxe- /tmp/portage/app-emulation/virtualbox-5.0.2/image//usr/lib64/virtualbox/VBoxManage * /tmp/portage/app-emulation/virtualbox-5.0.2/image//usr/lib64/virtualbox/VBoxManage * XT PaX marking -me /tmp/portage/app-emulation/virtualbox-5.0.2/image//usr/lib64/virtualbox/VBoxMa nage with setfattr setfattr: /tmp/portage/app-emulation/virtualbox-5.0.2/image//usr/lib64/virtualbox/VBoxManage: Operat ion not supported * Failed to set XATTR_PAX markings -me /tmp/portage/app-emulation/virtualbox-5.0.2/image//usr/lib64 /virtualbox/VBoxManage. * ERROR: app-emulation/virtualbox-5.0.2::gentoo failed (install phase): * (no error message) Reproducible: Always tmp is mounted like so: shm on /tmp type tmpfs (rw,nodev,size=7500m)
Sorry for the garbled log excerpt: >>> Install virtualbox-5.0.2 into /tmp/portage/app-emulation/virtualbox-5.0.2/image/ category app-emulation * /tmp/portage/app-emulation/virtualbox-5.0.2/image//usr/lib64/virtualbox/VBoxManage TYPE PAX FILE ET_EXEC --mxe- /tmp/portage/app-emulation/virtualbox-5.0.2/image//usr/lib64/virtualbox/VBoxManage * /tmp/portage/app-emulation/virtualbox-5.0.2/image//usr/lib64/virtualbox/VBoxManage * XT PaX marking -me /tmp/portage/app-emulation/virtualbox-5.0.2/image//usr/lib64/virtualbox/VBoxManage with setfattr setfattr: /tmp/portage/app-emulation/virtualbox-5.0.2/image//usr/lib64/virtualbox/VBoxManage: Operation not supported * Failed to set XATTR_PAX markings -me /tmp/portage/app-emulation/virtualbox-5.0.2/image//usr/lib64/virtualbox/VBoxManage. * ERROR: app-emulation/virtualbox-5.0.2::gentoo failed (install phase): * (no error message)
Confirming same. I have a normal kernel, not hardened, so obviously the Grsecurity and XATTR_PAX options aren't available.
Same here
Advice: you should enable CONFIG_TMPFS_XATTR and CONFIG_TMPFS_POSIX_ACL in your kernel config. These kernel features are required for systemd, and this means that today, few people test that their code or ebuilds still work on a system where for unknown reasons CONFIG_TMPFS_XATTR was disabled.
(In reply to Alexandre Rostovtsev from comment #4) > Advice: you should enable CONFIG_TMPFS_XATTR and CONFIG_TMPFS_POSIX_ACL in > your kernel config. > > These kernel features are required for systemd, and this means that today, > few people test that their code or ebuilds still work on a system where for > unknown reasons CONFIG_TMPFS_XATTR was disabled. Didn't work for me: $ zcat /proc/config.gz | grep CONFIG_TMPFS CONFIG_TMPFS=y CONFIG_TMPFS_POSIX_ACL=y CONFIG_TMPFS_XATTR=y $ mount | grep /var/tmp none on /var/tmp type tmpfs (rw,noatime,size=10G)
I am having the same issue. I don't use systemd and probably never will Regardless, I have XATTR=y in all the right places: tmpfs, reiserfs (I don't use anything else) So, not sure what the problem is. I was able to istall the virtualbox-bin (4.3.28 and 5.0.2). I did get warnings afterward : * Failed to set XATTR_PAX markings -me /var/tmp/portage/app-emulation/virtualbox-bin-5.0.2.102096/image//opt/VirtualBox/VBoxManage. * Failed to set XATTR_PAX markings -me /var/tmp/portage/app-emulation/virtualbox-bin-5.0.2.102096/image//opt/VirtualBox/VBoxSVC. * Failed to set XATTR_PAX markings -me /var/tmp/portage/app-emulation/virtualbox-bin-5.0.2.102096/image//opt/VirtualBox/VBoxXPCOMIPCD. * Failed to set XATTR_PAX markings -me /var/tmp/portage/app-emulation/virtualbox-bin-5.0.2.102096/image//opt/VirtualBox/VBoxTunctl. * Failed to set XATTR_PAX markings -me /var/tmp/portage/app-emulation/virtualbox-bin-5.0.2.102096/image//opt/VirtualBox/VBoxNetAdpCtl. * Failed to set XATTR_PAX markings -me /var/tmp/portage/app-emulation/virtualbox-bin-5.0.2.102096/image//opt/VirtualBox/VBoxNetDHCP. * Failed to set XATTR_PAX markings -me /var/tmp/portage/app-emulation/virtualbox-bin-5.0.2.102096/image//opt/VirtualBox/VBoxNetNAT. * Failed to set XATTR_PAX markings -me /var/tmp/portage/app-emulation/virtualbox-bin-5.0.2.102096/image//opt/VirtualBox/VBoxTestOGL. * Failed to set XATTR_PAX markings -me /var/tmp/portage/app-emulation/virtualbox-bin-5.0.2.102096/image//opt/VirtualBox/VBoxExtPackHelperApp. * Failed to set XATTR_PAX markings -me /var/tmp/portage/app-emulation/virtualbox-bin-5.0.2.102096/image//opt/VirtualBox/VBoxSDL. * Failed to set XATTR_PAX markings -me /var/tmp/portage/app-emulation/virtualbox-bin-5.0.2.102096/image//opt/VirtualBox/VBoxHeadless. * Failed to set XATTR_PAX markings -me /var/tmp/portage/app-emulation/virtualbox-bin-5.0.2.102096/image//opt/VirtualBox/VirtualBox. VirtualBox runs, and extensions are loaded. I haven't built a vm yet, but I can 'run' a sysreccd iso, so all appears well, but I cannot install from source because of the install-phase failures due to pax marking errors
(In reply to Alexandre Rostovtsev from comment #4) > Advice: you should enable CONFIG_TMPFS_XATTR and CONFIG_TMPFS_POSIX_ACL in > your kernel config. > > These kernel features are required for systemd, and this means that today, > few people test that their code or ebuilds still work on a system where for > unknown reasons CONFIG_TMPFS_XATTR was disabled. why should anybody who is not using systemd, which up until now was not forced on us, turn on those arcane kernel options not used by non-systemd systems? And even if they are turned on, the ebuild is failing because pax-mark is missing. So... which magical package contains this ethereal application? It is not part of pax-utils.
Interesting enough, this is a regression: i built virtualbox 5.0.2 on Aug 20th on another machine (also without CONFIG_TMPFS_xxx set) and it worked just fine.
I tried 5.0.2 today on two different machines. They both have the kernel settings being asked for in this bug report. Neither made it past the install phase. All versions of the virtualbox-bin work, but cmoplain as in my comment above. Seems like this bug has been around in various forms for a while. Maybe virtualbox is just the next piece of software that will require systemd, in which case i am moving to vmware. systemd is probably the single biggest threat to linux there is, bugs like this are why.
The wiki documentation on PaX [1] redirects to their homepage here [2]. Is this still correct? If so, this project is <°))))>< with the documentation being the last thing that was updated in 2013. Can anyone confirm this? [1]: https://wiki.gentoo.org/wiki/Hardened/PaX_flag_migration_from_PT_PAX_to_XATTR_PAX [2]: http://pax.grsecurity.net/
Wikipedia [de|en] isn't much more informative on the state of the project. Except for "PaX is maintained by The PaX Team, whose principal coder is anonymous". This might be taken into consideration as well. I guess not everybody of us is happy to include kernel security patches with that amount of obscurity around them.
commit 0c47a8b7329b0c71443d382b203bd96c67b84764 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Sun Aug 30 13:32:10 2015 app-emulation/virtualbox: Warn on pax-mark failure (bug #558510) instead of failing. Added subslot dependencies to the virtual/jre dep. Package-Manager: portage-2.2.20.1 https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0c47a8b7329b0c71443d382b203bd96c67b84764
Great, it builds now :) Thanks!
WFM now too, many thanks
Could this please be back ported to the *stable* ebuild virtualbox-4.3.28? Indeed I just hit this bug while recompiling today...
