Bug 378403

Summary:	sys-apps/portage-2.1.10.10: sandbox access violation triggered by /var/tmp/portage symlink
Product:	Portage Development	Reporter:	Martin Mokrejš <mmokrejs>
Component:	Core	Assignee:	Portage team <dev-portage>
Status:	RESOLVED DUPLICATE
Severity:	normal	CC:	sandbox
Priority:	Normal	Keywords:	InVCS
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	373933, 673738

Description Martin Mokrejš 2011-08-08 21:02:42 UTC

This bug seems similar if not even identical to bug #2931. I had /var/tmp/portage on root filesystem. Due to space limitations I mounted an external drive ...

# mkdir -p /mnt/external/var/tmp
# chmod a+rwxt /mnt/external/var/tmp
# mv /var/tmp/portage to /mnt/external/var/tmp

Somehow, emerge fails. First of all I suggest emerge to check directory permissions. It is hard to find out what is wrong now. I suspect it is unhappy about some directory permission of /mnt/external/var or just because of the symlink?

Puzzling is that emerge shows that is has UID 0 so it does have 'giveaway' rights.

# DISTCC_HOSTS='' emerge -uN system --keep-going
Calculating dependencies... done!
>>> Verifying ebuild manifests
>>> Starting parallel fetch
>>> Emerging (1 of 2) sys-devel/gcc-4.5.3
 * gcc-4.5.3.tar.bz2 RMD160 SHA1 SHA256 size ;-) ...                                                                                                                                                            [ ok ]
 * gcc-4.5.3-uclibc-patches-1.0.tar.bz2 RMD160 SHA1 SHA256 size ;-) ...                                                                                                                                           [ ok ]
 * gcc-4.5.3-patches-1.0.tar.bz2 RMD160 SHA1 SHA256 size ;-) ...                                                                                                                                                  [ ok ]
 * gcc-4.5.3-piepatches-v0.4.5.tar.bz2 RMD160 SHA1 SHA256 size ;-) ...                                                                                                                                            [ ok ]
 * gcc-4.4.3-specs-0.2.0.tar.bz2 RMD160 SHA1 SHA256 size ;-) ...                                                                                                                                                  [ ok ]
 * ecj-4.5.jar RMD160 SHA1 SHA256 size ;-) ...                                                                                                                                                                    [ ok ]
ACCESS DENIED  mkdir:        /mnt/external/var/tmp/portage/sys-devel/gcc-4.5.3/work
install: cannot change permissions of `/var/tmp/portage/sys-devel/gcc-4.5.3/work': No such file or directory
ACCESS DENIED  open_wr:      /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack
/usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied
 * ERROR: sys-devel/gcc-4.5.3 failed (unpack phase):
ACCESS DENIED  open_wr:      /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack
/usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied
 *   Failed to create dir '/var/tmp/portage/sys-devel/gcc-4.5.3/work'
ACCESS DENIED  open_wr:      /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack
/usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied
 * 
ACCESS DENIED  open_wr:      /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack
/usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied
 * Call stack:
ACCESS DENIED  open_wr:      /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack
/usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied
 *   ebuild.sh, line 2402:  Called ebuild_main
ACCESS DENIED  open_wr:      /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack
/usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied
 *   ebuild.sh, line 2309:  Called dyn_unpack
ACCESS DENIED  open_wr:      /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack
/usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied
 *   ebuild.sh, line  765:  Called die
ACCESS DENIED  open_wr:      /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack
/usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied
 * The specific snippet of code:
ACCESS DENIED  open_wr:      /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack
/usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied
 *              install -m${PORTAGE_WORKDIR_MODE:-0700} -d "${WORKDIR}" || die "Failed to create dir '${WORKDIR}'"
ACCESS DENIED  open_wr:      /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack
/usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied
ACCESS DENIED  open_wr:      /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack
/usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied
 * If you need support, post the output of 'emerge --info =sys-devel/gcc-4.5.3',
ACCESS DENIED  open_wr:      /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack
/usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied
 * the complete build log and the output of 'emerge -pqv =sys-devel/gcc-4.5.3'.
ACCESS DENIED  open_wr:      /var/tmp/portage/sys-devel/gcc-4.5.3/.die_hooks
/usr/lib/portage/bin/isolated-functions.sh: line 211: /var/tmp/portage/sys-devel/gcc-4.5.3/.die_hooks: Permission denied
ACCESS DENIED  open_wr:      /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack
/usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied
 * The complete build log is located at '/var/tmp/portage/sys-devel/gcc-4.5.3/temp/build.log'.
ACCESS DENIED  open_wr:      /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack
/usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied
 * The ebuild environment file is located at '/var/tmp/portage/sys-devel/gcc-4.5.3/temp/environment'.
ACCESS DENIED  open_wr:      /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack
/usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied
 * S: '/var/tmp/portage/sys-devel/gcc-4.5.3/work/gcc-4.5.3'
ACCESS DENIED  chown:        /var/tmp/portage/sys-devel/gcc-4.5.3/.ipc_lock
[Errno 13] Permission denied: '/var/tmp/portage/sys-devel/gcc-4.5.3/.ipc_lock': chown('/var/tmp/portage/sys-devel/gcc-4.5.3/.ipc_lock', -1, 250)
Cannot chown a lockfile: '/var/tmp/portage/sys-devel/gcc-4.5.3/.ipc_lock'
Group IDs of current user: 0 1 2 3 4 6 10 11 20 26 27
ACCESS DENIED  open_wr:      /var/tmp/portage/sys-devel/gcc-4.5.3/.ipc_in
Traceback (most recent call last):
  File "/usr/lib/portage/bin/ebuild-ipc.py", line 276, in <module>
    sys.exit(ebuild_ipc_main(sys.argv[1:]))
  File "/usr/lib/portage/bin/ebuild-ipc.py", line 273, in ebuild_ipc_main
    return ebuild_ipc.communicate(args)
  File "/usr/lib/portage/bin/ebuild-ipc.py", line 66, in communicate
    return self._communicate(args)
  File "/usr/lib/portage/bin/ebuild-ipc.py", line 235, in _communicate
    output_file = open(self.ipc_in_fifo, 'wb', 0)
IOError: [Errno 13] Permission denied: '/var/tmp/portage/sys-devel/gcc-4.5.3/.ipc_in'
ebuild-ipc: during write: subprocess failure: 1
ACCESS DENIED  unlink:       /var/tmp/portage/sys-devel/gcc-4.5.3/.ipc_lock
--------------------------- ACCESS VIOLATION SUMMARY ---------------------------
LOG FILE "/var/log/sandbox/sandbox-25832.log"


I have coreutils-8.12.


# emerge --info
Portage 2.1.10.10 (default/linux/x86/10.0/desktop, gcc-4.5.2, glibc-2.13-r4, 3.0.0 i686)
=================================================================
System uname: Linux-3.0.0-i686-Mobile_Intel-R-_Pentium-R-_4_-_M_CPU_1.80GHz-with-gentoo-2.0.3
Timestamp of tree: Mon, 08 Aug 2011 07:45:01 +0000
distcc 3.1 i686-pc-linux-gnu [disabled]
app-shells/bash:          4.2_p10
dev-java/java-config:     2.1.11-r3
dev-lang/python:          2.5.4-r4, 2.6.7-r2, 2.7.2-r2, 3.1.4-r2, 3.2-r2
dev-util/cmake:           2.8.5-r2
dev-util/pkgconfig:       0.26
sys-apps/baselayout:      2.0.3
sys-apps/openrc:          0.8.3-r1
sys-apps/sandbox:         2.5
sys-devel/autoconf:       2.13::<unknown repository>, 2.68
sys-devel/automake:       1.4_p6-r1, 1.5-r1, 1.6.3-r1, 1.7.9-r2, 1.8.5-r4, 1.9.6-r3, 1.10.3, 1.11.1-r1
sys-devel/binutils:       2.21.1
sys-devel/gcc:            3.3.6-r1, 4.2.4-r1, 4.3.5, 4.4.5, 4.5.2
sys-devel/gcc-config:     1.4.1-r1
sys-devel/libtool:        2.4-r1
sys-devel/make:           3.81-r2
sys-kernel/linux-headers: 2.6.38 (virtual/os-headers)
sys-libs/glibc:           2.13-r4
Repositories: gentoo x-portage science
ACCEPT_KEYWORDS="x86 ~x86"
ACCEPT_LICENSE="* -@EULA dlj-1.1 sun-bcla-java-vm Nero-EULA-US skype-eula AdobeFlash AdobeFlash-10 AdobeFlash-10.1 PUEL"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=pentium4m -mmmx -msse -msse2 -pipe -fno-strict-aliasing -ggdb"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /usr/share/openvpn/easy-rsa /var/bind /var/lib/hsqldb /var/vpopmail/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.2/ext-active/ /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.2/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.2/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -march=pentium4m -mmmx -msse -msse2 -pipe -fno-strict-aliasing -ggdb"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests binpkg-logs distlocks ebuild-locks fixlafiles fixpackages news nostrip parallel-fetch protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
FFLAGS=""
GENTOO_MIRRORS="http://gentoo.mirror.web4u.cz"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="en cs cz"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage /home/mmokrejs/proj/sci"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="32bit 7zip R X Xaw3d a52 aac aalib ace acl acpi alsa amr amrnb amrwb apache apache2 apng audacious audiofile bash-completion bcmath berkdb blas bluetooth boost branding bzip2 cairo caps cblas cdda cddb cdparanoia cdr cgi clamav cli colordiff compress consolekit cpio cracklib crypt cscope css ctype cups curl curlwrappers cxx dbi dbus dga dhcp dia directfb djbfft dri dts dv dvb dvd dvdr dvdread emboss emf enblend encode enscript exif expat faad fam fame fat fbcon ffmpeg fftw firefox flac flash fontconfig fortran fpx ftp gcj gd gdbm gdu ggi gif gimp gimpprint glibc-compat20 glibc-omitfp glut gmp gnuplot gnutls gpgme gphoto2 gpm graphviz gs gsl gsm gtk gtkhtml hdf hdf5 hp2xx i8x0 iconv icu id3 id3tag ieee1394 imagemagick imlib inifile innodb ithreads jack java javascript jbig jce jikes jpeg jpeg2k kdtree kerberos ladspa lame lapack laptop largefile lcms leim libcaca libnotify libwww live lzo lzw mad maildir matroska mhash mikmod mime ming mjpeg mmap mmx mng mod_python modperl modplug modules motif mozilla moznoirc mp2 mp3 mp4 mpeg mplayer mudflap mule musepack mxdatetime mysql mysqli nat ncurses netcdf netpbm network nls nntp nptl nptlonly nsplugin ntfs numeric objc ogg opengl openmp openssl pam pango parport pcmcia pcntl pcre pdf perl php plotutils plugin png pnm policykit postproc postscript ppds pppd procmail pymol python qt3support qt4 quicktime rar raw readline recode reiserfs romio rpm samba sasl scanner scp sdl seamonkey server session sftp sift slp smime sndfile soap sockets spell sqlite srt sse sse2 ssl startup-notification static-libs subtitles subversion svg svgz sysfs sysvipc t1lib tcl tcpd theora threads tidy tiff tk transcode truetype udev unicode urandom usb userlocales utils uuencode v4l v4l2 vcd vhook vim-syntax vim-with-x vorbis wavpack wifi win32codecs wmf wxwindows x264 x86 xanim xcb xcf xfs xft xinerama xinetd xml xorg xpm xsl xslt xulrunner xv xvid xvmc yv12 zip zlib" ALSA_CARDS="intel-8x0m" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dbd deflate dir disk_cache env expires ext_filter file_cache filter headers icu ident imagemap include info log_config mem_cache mime mime_magic php rewrite setenvif speling status unique_id userdir usertrack vhost_alias negotiation" CALLIGRA_FEATURES="braindump flow karbon kexi kpresenter krita tables words" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en cs cz" PHP_TARGETS="php-5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="radeon vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

Comment 1 Martin Mokrejš 2011-08-08 21:07:11 UTC

Expected behavior:

/var/tmp #
/var/tmp # mv /mnt/external/var/tmp/portage .
/var/tmp # emerge -uN gcc
Calculating dependencies... done!

>>> Verifying ebuild manifests

>>> Starting parallel fetch

>>> Emerging (1 of 3) sys-devel/gcc-4.5.3
 * gcc-4.5.3.tar.bz2 RMD160 SHA1 SHA256 size ;-) ...                                                                                                                                                              [ ok ]
 * gcc-4.5.3-uclibc-patches-1.0.tar.bz2 RMD160 SHA1 SHA256 size ;-) ...                                                                                                                                           [ ok ]
 * gcc-4.5.3-patches-1.0.tar.bz2 RMD160 SHA1 SHA256 size ;-) ...                                                                                                                                                  [ ok ]
 * gcc-4.5.3-piepatches-v0.4.5.tar.bz2 RMD160 SHA1 SHA256 size ;-) ...                                                                                                                                            [ ok ]
 * gcc-4.4.3-specs-0.2.0.tar.bz2 RMD160 SHA1 SHA256 size ;-) ...                                                                                                                                                  [ ok ]
 * ecj-4.5.jar RMD160 SHA1 SHA256 size ;-) ...                                                                                                                                                                    [ ok ]
>>> Unpacking source...
>>> Unpacking gcc-4.5.3.tar.bz2 to /var/tmp/portage/sys-devel/gcc-4.5.3/work
>>> Unpacking gcc-4.5.3-patches-1.0.tar.bz2 to /var/tmp/portage/sys-devel/gcc-4.5.3/work
>>> Unpacking gcc-4.5.3-uclibc-patches-1.0.tar.bz2 to /var/tmp/portage/sys-devel/gcc-4.5.3/work
^Z
[1]+  Stopped                 emerge -uN gcc

Comment 2 Zac Medico gentoo-dev

2011-08-08 21:21:59 UTC

It's not a normal permission issue, it's really a sandbox violation, similar to bug 308933. Please post the output of the following commands:

   portageq envvar PORTAGE_TMPDIR
   readlink -f $(portageq envvar PORTAGE_TMPDIR)
   readlink -f $(portageq envvar PORTAGE_TMPDIR)/portage

It seems like the problem is that ${PORTAGE_TMPDIR}/portage is a symlink. If you set PORTAGE_TMPDIR="/var/tmp/portage" in make.conf, then the code from bug 308933 should work as intended to follow the symlink.

Comment 3 Martin Mokrejš 2011-08-08 21:37:22 UTC

On the working setup:

# portageq envvar PORTAGE_TMPDIR
/var/tmp
# readlink -f $(portageq envvar PORTAGE_TMPDIR)
/var/tmp
# readlink -f $(portageq envvar PORTAGE_TMPDIR)/portage
/var/tmp/portage


Now screwing up the system:

# mv /var/tmp/portage /mnt/external/var/tmp
# cd /var/tmp/
# ln -s /mnt/external/var/tmp/portage .
# portageq envvar PORTAGE_TMPDIR
/var/tmp
# readlink -f $(portageq envvar PORTAGE_TMPDIR)
/var/tmp
# readlink -f $(portageq envvar PORTAGE_TMPDIR)/portage
/mnt/external/var/tmp/portage
# 

Indeed, the below works for me:
# PORTAGE_TMPDIR="/var/tmp/portage" emerge -uN gcc


I propose that few sanity checks are introduced in emerge/sandbox, wherever the code leaks.

Back to the directory permissions, several times I had problem that I screwed perms on portage/ or its parent /var/tmp/. Be it the missing sticky or similar. Please print a useful error to the user. I believe emerge does stat() few times over all those dires so it is not that epensive to check the perms and require the intended privs. I remember the advices in bugzilla were "... open a live-dvd" and see what perms are there and fix them on you filesystem manually". That is not nice.

Comment 4 Zac Medico gentoo-dev

2011-08-08 22:10:07 UTC

We have a _check_temp_dir() function that would could extend to check for a ${PORTAGE_TMPDIR}/portage symlink and then bail out with a suggestion for an appropriate PORTAGE_TMPDIR setting.

Comment 5 Martin Mokrejš 2011-08-08 22:31:30 UTC

I do not understand why I have to change anything as a user as long as I keep the directory tree structure. In my eyes introducing a symlink to be traversed should not break the system.

It is perfectly legal to place some directory on a different device/filesystem and introduce a symlink to that place from the original location. I ma probably missing something ...

Comment 6 Zac Medico gentoo-dev

2011-08-08 22:54:49 UTC

(In reply to comment #5)
> I do not understand why I have to change anything as a user as long as I keep
> the directory tree structure. In my eyes introducing a symlink to be traversed
> should not break the system.

It's due to the implementation details of sys-apps/sandbox. It uses canonical paths, so that the sandbox won't be accidentally escaped via symlinks.

> It is perfectly legal to place some directory on a different device/filesystem
> and introduce a symlink to that place from the original location. I ma probably
> missing something ...

I'm not sure if it's feasible for sandbox to support symlinks like this. If it can, it would be a feature request for sys-apps/sandbox. Anyway, it's beyond the scope of sys-apps/portage unless sys-apps/sandbox provides a way to alter the way that it uses canonical paths, and I suspect that it does not at this time.

Comment 7 Zac Medico gentoo-dev

2011-08-09 00:24:03 UTC

(In reply to comment #4)
> We have a _check_temp_dir() function that would could extend to check for a
> ${PORTAGE_TMPDIR}/portage symlink and then bail out with a suggestion for an
> appropriate PORTAGE_TMPDIR setting.

This is implemented in git:

http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=8a85160f4833e3f02470961fc2e05ec93f466566

Comment 8 Martin Mokrejš 2011-08-09 01:16:12 UTC

Why don't you use os.path.islink()? Actually, if I got you right why don't you traverse the whole path from '/' down to ${PORTAGE_TMPDIR}/portage and check that none of the nodes is a symlink (if they are not supported by sanbox)? And if so, an error should be raised.

Am a bit lazy now at 3AM here to check myself but does that mean one may place whole /var/tmp onto the different device/filesystem? And/or does that means that

FEATURES=-usersandbox emerge blah
or
FEATURES=-sandbox?

(did not get their difference from the too brief description in make.conf)

will obey the issue and /var/tmp/portage could be a symlink? Then include that note in the text message printed to the user in your patch, that will help people. ;) Thanks. :))

Comment 9 Zac Medico gentoo-dev

2011-08-09 01:29:45 UTC

(In reply to comment #8)
> Why don't you use os.path.islink()?

I suppose that would work, but I'd prefer to implement it so that it matches the implementation of sandbox a close as possible. Since sandbox would do the equivalent of realpath(), that's what I used.

> Actually, if I got you right why don't you
> traverse the whole path from '/' down to ${PORTAGE_TMPDIR}/portage and check
> that none of the nodes is a symlink (if they are not supported by sanbox)? And
> if so, an error should be raised.

Well, it's not a problem if any of the PORTAGE_TMPDIR parents is a symlink, because we already realpath that anyway:

http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=b414c49cec13202c34ea4115f79978ca7177acaf

> Am a bit lazy now at 3AM here to check myself but does that mean one may place
> whole /var/tmp onto the different device/filesystem?

The default PORTAGE_TMPDIR is /var/tmp, but you can use any directory you want.

> And/or does that means
> that
> 
> FEATURES=-usersandbox emerge blah
> or
> FEATURES=-sandbox?
> 
> (did not get their difference from the too brief description in make.conf)

The error only applies to people who have sandbox enabled, so there's no point in triggering the error otherwise.

> will obey the issue and /var/tmp/portage could be a symlink? Then include that
> note in the text message printed to the user in your patch, that will help
> people. ;) Thanks. :))

Generally, we advise people to have sandbox enabled. So, if it's enabled, it's better to suggest a solution that doesn't involve disabling sandbox.

Comment 10 SpanKY gentoo-dev

2011-08-09 01:40:09 UTC

simply change your PORTAGE_TMPDIR.  it's really not that hard.

*** This bug has been marked as a duplicate of bug 80085 ***

Comment 11 Martin Mokrejš 2011-08-09 08:13:27 UTC

(In reply to comment #6)
> (In reply to comment #5)
> > I do not understand why I have to change anything as a user as long as I keep
> > the directory tree structure. In my eyes introducing a symlink to be traversed
> > should not break the system.
> 
> It's due to the implementation details of sys-apps/sandbox. It uses canonical
> paths, so that the sandbox won't be accidentally escaped via symlinks.
> 
> > It is perfectly legal to place some directory on a different device/filesystem
> > and introduce a symlink to that place from the original location. I am 
> > probably missing something ...
> 
> I'm not sure if it's feasible for sandbox to support symlinks like this. If it
> can, it would be a feature request for sys-apps/sandbox. Anyway, it's beyond
> the scope of sys-apps/portage unless sys-apps/sandbox provides a way to alter
> the way that it uses canonical paths, and I suspect that it does not at this
> time.

Thinking of it more I wouldn't move whole /var/tmp to a different location because the connection to the external USB-drive is shaky, some files are already opened after a boot up ...

I see portage/sanbox expand the symlink to its target automagically if it is the very top node of the tree because this worked for me:
PORTAGE_TMPDIR="/var/tmp/portage" while it was a symlink to /mnt/external/var/tmp/portage.

Actually, I could have done also either of
PORTAGE_TMPDIR="/mnt/external/var/tmp"
or
PORTAGE_TMPDIR="/mnt/external/var/tmp/portage", right?

Comment 12 Zac Medico gentoo-dev

2011-08-09 08:29:28 UTC

Yes, you can set PORTAGE_TMPDIR to anything you want. It's the portage directory underneath it that can't be a symlink.

Comment 13 Zac Medico gentoo-dev

2011-08-12 12:56:07 UTC

(In reply to comment #7)
> (In reply to comment #4)
> > We have a _check_temp_dir() function that would could extend to check for a
> > ${PORTAGE_TMPDIR}/portage symlink and then bail out with a suggestion for an
> > appropriate PORTAGE_TMPDIR setting.
> 
> This is implemented in git:
> 
> http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=8a85160f4833e3f02470961fc2e05ec93f466566

This is in 2.1.10.11 and 2.2.0_alpha51.

Comment 14 Larry the Git Cow gentoo-dev

2019-01-01 20:58:07 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/portage.git/commit/?id=464a65b848eb1344cd1eff3545bed311c01d97ea

commit 464a65b848eb1344cd1eff3545bed311c01d97ea
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2019-01-01 20:55:41 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2019-01-01 20:57:54 +0000

    _check_temp_dir: fix message to refer to correct bug 378403
    
    Bug: https://bugs.gentoo.org/378403
    Fixes: 8a85160f4833 ("_check_temp_dir: check for 'portage' symlink")
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 lib/portage/package/ebuild/doebuild.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 15 Larry the Git Cow gentoo-dev

2019-01-04 03:03:32 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/portage.git/commit/?id=be2312f4f9bf854897431440734a765f5279c7d1

commit be2312f4f9bf854897431440734a765f5279c7d1
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2019-01-02 23:40:57 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2019-01-03 08:24:40 +0000

    ebuild.sh: sandbox write to ${PORTAGE_TMPDIR}/portage (bug 673738)
    
    In ebuild.sh, grant sandbox write access directly to
    ${PORTAGE_TMPDIR}/portage, since write access to ${PORTAGE_TMPDIR}
    itself is not needed. Also, remove the _check_temp_dir symlink
    check from bug 378403, since a symlink is permissible if write
    access is granted directly to ${PORTAGE_TMPDIR}/portage.
    
    Bug: https://bugs.gentoo.org/673738
    Bug: https://bugs.gentoo.org/378403
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 bin/ebuild.sh                          |  4 ++--
 lib/portage/package/ebuild/doebuild.py | 27 ++-------------------------
 2 files changed, 4 insertions(+), 27 deletions(-)