Summary: | sys-apps/file-5.05 doesn't build on x86 hardened | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Andrej Kacian <andrej> |
Component: | New packages | Assignee: | The Gentoo Linux Hardened Team <hardened> |
Status: | RESOLVED INVALID | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | complete build log |
Description
Andrej Kacian
2011-02-27 13:01:34 UTC
Created attachment 264039 [details]
complete build log
Make sure you have the same toolchain when you use distcc on hardened profile with a hardened toolchain. Magnus, that was the first thing that came to my mind, but I have no reason to believe my hardened toolchain is broken on other distcc nodes. And anyway, same error happens with FEATURES=-distcc file-5.05 compile fine for me on may x86 chroot I think some thing is broken on your part. Portage 2.1.9.35 (hardened/linux/x86, gcc-4.4.4, glibc-2.11.2-r0, 2.6.34-hardened-r1 i686) ================================================================= System uname: Linux-2.6.34-hardened-r1-i686-Intel-R-_Xeon-R-_CPU_E5420_@_2.50GHz-with-gentoo-2.0.1 Timestamp of tree: Mon, 28 Feb 2011 10:45:01 +0000 app-shells/bash: 4.1_p7 dev-lang/python: 2.6.5-r3 dev-util/cmake: 2.8.1-r2 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.6.1-r1 sys-apps/sandbox: 2.2 sys-devel/autoconf: 2.65-r1 sys-devel/automake: 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.4.4-r1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.10 sys-devel/make: 3.81-r2 virtual/os-headers: 2.6.34 (sys-kernel/linux-headers) ACCEPT_KEYWORDS="x86 ~x86" ACCEPT_LICENSE="*" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -pipe -march=i686" CHOST="i686-pc-linux-gnu" Or perhaps mine and your grsecurity configuration is just different. BTW, I forgot to mention that grsec logs following message: Feb 28 13:08:59 vala kernel: grsec: From 192.168.113.5: denied RWX mprotect of /var/tmp/portage/sys-apps/file-5.05/work/file-5.05/src/.libs/file by /var/tmp/portage/sys-apps/file-5.05/work/file-5.05/src/.libs/file[file:17978] uid/euid:250/250 gid/egid:250/250, parent /usr/bin/gmake[make:17973] uid/euid:250/250 gid/egid:250/250 (In reply to comment #5) > Or perhaps mine and your grsecurity configuration is just different. > > BTW, I forgot to mention that grsec logs following message: > > Feb 28 13:08:59 vala kernel: grsec: From 192.168.113.5: denied RWX mprotect of > /var/tmp/portage/sys-apps/file-5.05/work/file-5.05/src/.libs/file by > /var/tmp/portage/sys-apps/file-5.05/work/file-5.05/src/.libs/file[file:17978] > uid/euid:250/250 gid/egid:250/250, parent /usr/bin/gmake[make:17973] > uid/euid:250/250 gid/egid:250/250 > I am sorry to say that that does not mean much. The RWX problem may as well come from something in glibc or gcc or other system compinents shared library being wrong. I remember having distcc where all nodes where hardened, but started to get a lot of these problems. Turning off distcc, and "emerge -e <problem-program>" helped. I *think* that it may have happened because of the toolchain versionwise where not exactly the same on the different nodes (at one time one of the computers where following stable, while the other was following ~arch) but that is also the only difference I can think of... (In reply to comment #5) > Or perhaps mine and your grsecurity configuration is just different. > > BTW, I forgot to mention that grsec logs following message: > > Feb 28 13:08:59 vala kernel: grsec: From 192.168.113.5: denied RWX mprotect of > /var/tmp/portage/sys-apps/file-5.05/work/file-5.05/src/.libs/file by > /var/tmp/portage/sys-apps/file-5.05/work/file-5.05/src/.libs/file[file:17978] > uid/euid:250/250 gid/egid:250/250, parent /usr/bin/gmake[make:17973] > uid/euid:250/250 gid/egid:250/250 Yes it get killed for you have some thing wrong in you setup or toolchain or deps on that package. for you are geting textrel and that is geting killed by the kernel. Dictcc in know to have problems with hardened when nods don't have the same setup. So recompile any depende for that package and the package with out dictcc. You're right - remerging glibc helped here, and file-5.05 merged succesfully as well afterwards. Weird stuff. |