Created attachment 805444 [details] build.log Emerging an ebuild with PROPERTIES="interactive" on a tty fails due to sandboxing constraints: for some reason the instprep phase tries to access the tty directly through /dev/ttyn (/dev/tty2 in the attached files) which is not allowed by default sandbox configuration.
Created attachment 805447 [details] example ebuild This is the simplest ebuild I’ve come with which fails with the previously attached build.log.
I just figured the $(tty) command returns /dev/pts/n when run in a terminal emulator, and /dev/pts/ is in the list of write-allowed paths in the default sandbox configuration. So maybe the proper answer to this bug would be to add /dev/ttyn to the default list of write-allowed paths for sandbox? That would be a long list though (it goes up to /dev/tty63 on my computer).
My best guess is that bash does this implicitly, though I can't reproduce the behavior outside of emerge.
This appears to be triggered be the "pid-sandbox" FEATURE.
This seems to happen because the "instprep" phase is started without a controlling terminal. Other ebuild phases do execute with a controlling terminal; we will need to investigate why "instprep" does not. More details: The error occurs in the startup code for bash. See the check_dev_tty() function in general.c. When bash first starts, it attempts to open "/dev/tty" with read/write permission. If there is no controlling terminal, this will fail with errno = ENXIO. After that error, bash will then call "ttyname(fileno(stdin))". On Linux/glibc, the ttyname() function calls "readlink("/proc/self/fd/0") behind the scenes. This results in something like "/dev/tty2" or "/dev/pts/5". bash then tries to open this path with read/write access, and that triggers the sandbox failure.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=47ac5aff464d414bcaa2d04e9eeff06aceec868c commit 47ac5aff464d414bcaa2d04e9eeff06aceec868c Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2022-09-17 23:37:46 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2022-09-18 18:33:19 +0000 Move pty setup from AbstractEbuildProcess to SpawnProcess This ensures that bash is always executed with a controlling terminal, which prevents it from triggering sandbox failures on startup. When merging a package, the 'instprep' phase is executed by a MergeProcess task. The MergeProcess class derives from SpawnProcess directly (not through AbstractEbuildProcess). The SpawnProcess class calls portage.process.spawn() to execute a task. When pid-sandbox is enabled, this creates a new PID namespaces, and starts pid-ns-init to act as PID 1 in the new namespace. pid-ns-init calls setsid(), which creates a new session and disconnects the process from its controlling terminal. Later, it calls ioctl(sys.stdout, termios.TIOCSCTTY) to associate the process with the terminal attached to stdout. This only works if stdout is a tty (not a pipe). If pid-ns-init fails to associate the process with a controlling terminal, bash will fail to open /dev/tty on startup. As a fallback, bash will attempt to dereference /proc/self/fd/0 (stdin), and opens the resulting path with O_RDWR. If the ebuild sets PROPERTIES="interactive", stdin will be inherited from the parent emerge process, and may be attached to a terminal device (/dev/tty1, etc). Attempting to open this device is likely to trigger a sandbox failure. Bug: https://bugs.gentoo.org/870310 Signed-off-by: Mike Gilbert <floppym@gentoo.org> lib/_emerge/AbstractEbuildProcess.py | 8 -------- lib/_emerge/SpawnProcess.py | 7 ++++++- 2 files changed, 6 insertions(+), 9 deletions(-)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=041d1f125384dd935d058b555a0fcb6b260260cb commit 041d1f125384dd935d058b555a0fcb6b260260cb Author: Sam James <sam@gentoo.org> AuthorDate: 2022-09-23 03:27:14 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-09-23 03:27:14 +0000 sys-apps/portage: add 3.0.37 Closes: https://bugs.gentoo.org/866197 Closes: https://bugs.gentoo.org/869470 Closes: https://bugs.gentoo.org/870229 Closes: https://bugs.gentoo.org/870283 Closes: https://bugs.gentoo.org/870310 Closes: https://bugs.gentoo.org/871561 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/portage/Manifest | 1 + sys-apps/portage/portage-3.0.37.ebuild | 273 +++++++++++++++++++++++++++++++++ 2 files changed, 274 insertions(+)
