Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 603640 Details for
Bug 704848
Sandbox violation during emerge will cause sandbox violations for all packages being built simultaneously with FEATURES=pid-sandbox due to SANDBOX_LOG collision
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
pid-sandbox: mount private /var/log/sandbox
0001-pid-sandbox-mount-private-var-log-sandbox-bug-704848.patch (text/plain), 2.41 KB, created by
Zac Medico
on 2020-01-18 04:36:47 UTC
(
hide
)
Description:
pid-sandbox: mount private /var/log/sandbox
Filename:
MIME Type:
Creator:
Zac Medico
Created:
2020-01-18 04:36:47 UTC
Size:
2.41 KB
patch
obsolete
>From efe2c5b55f60660e9ddb2b57381d11261f59e502 Mon Sep 17 00:00:00 2001 >From: Zac Medico <zmedico@gentoo.org> >Date: Fri, 17 Jan 2020 19:23:16 -0800 >Subject: [PATCH] pid-sandbox: mount private /var/log/sandbox (bug 704848) > >Create a private /var/log/sandbox since the pid namespace triggers >log file name collision with a process in another pid namespace with >the same pid. > >TODO: Patch sandbox to allow portage to override SANDBOX_LOG, since >otherwise sandbox violation messages will output a log path located >in /var/log/sandbox instead of the true location which is in >${PORTAGE_BUILDDIR}/sandbox_log. > >Bug: https://bugs.gentoo.org/704848 >Signed-off-by: Zac Medico <zmedico@gentoo.org> >--- > lib/portage/process.py | 24 ++++++++++++++++++++++++ > 1 file changed, 24 insertions(+) > >diff --git a/lib/portage/process.py b/lib/portage/process.py >index c1fc4bcf6..7ce2b3c4d 100644 >--- a/lib/portage/process.py >+++ b/lib/portage/process.py >@@ -562,6 +562,10 @@ def _exec(binary, mycommand, opt_name, fd_pipes, > @return: Never returns (calls os.execve) > """ > >+ sandbox_enabled = binary is SANDBOX_BINARY >+ effective_uid = -1 if uid is None else uid >+ effective_gid = -1 if gid is None else gid >+ > # If the process we're creating hasn't been given a name > # assign it the name of the executable. > if not opt_name: >@@ -703,6 +707,26 @@ def _exec(binary, mycommand, opt_name, fd_pipes, > writemsg("Unable to mount new /proc: %d\n" % (mount_ret,), > noiselevel=-1) > os._exit(1) >+ >+ if sandbox_enabled: >+ # Create a private /var/log/sandbox since the pid namespace >+ # triggers log file name collision with a process in another >+ # pid namespace with the same pid. >+ portage_builddir = env.get('PORTAGE_BUILDDIR') >+ if portage_builddir is not None: >+ sandbox_log_dir = os.path.join(portage_builddir, 'sandbox_log') >+ global_log_dir = '/var/log/sandbox' >+ portage.util.ensure_dirs(global_log_dir) >+ portage.util.ensure_dirs(sandbox_log_dir, >+ uid=effective_uid, gid=effective_gid) >+ s = subprocess.Popen(['mount', >+ '--bind', sandbox_log_dir, global_log_dir]) >+ mount_ret = s.wait() >+ if mount_ret != 0: >+ writemsg("Unable to mount %s: %d\n" % (global_log_dir, mount_ret,), >+ noiselevel=-1) >+ os._exit(1) >+ > if unshare_net: > _configure_loopback_interface() > except AttributeError: >-- >2.24.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=603640">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 704848
:
603640
