| Summary: | Sandbox violations when emerging kernel modules from /etc/kernel/postinst.d hook against a kernel built out-of-source | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Dennis Schridde <dschridde+gentoobugs> |
| Component: | [OLD] Core system | Assignee: | Gentoo Kernel Bug Wranglers and Kernel Maintainers <kernel> |
| Status: | RESOLVED TEST-REQUEST | ||
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: | build.log | ||
Created attachment 326782 [details]
build.log
This issue might be related to bug #149307. P.S: This issues goes away when running the command manually: KBUILD_OUTPUT=$PWD emerge -1 aufs3 What package owns the file you talk about (and fail to mention)? (In reply to comment #4) > What package owns the file you talk about (and fail to mention)? Which file? The .tmp files are owned by no one - they are being created by the module build process. For some reason the build log only mentions the unlinkat denials, but there are also open_wr denials in the sandbox log (which is included at the end of the build.log by portage). Regarding the change of the Summary: I also noticed this behaviour with other packages, not just aufs3. It seems to be a general problem with emerging modules from postinst.d. Probably the kernel buildsystem did not yet create (or remove) some file, since running the emerge afterwards manually works. I did not figure out what it is, so I would like someone with more expertise in kernel builds to look over it. I meant the file in /etc/kernel/postinst.d . (In reply to comment #6) > I meant the file in /etc/kernel/postinst.d . I created the file myself. I still don't see how `make install' would be triggered by kernel module ebuilds (linux-mod.eclass users?). I also don't see how your script ended up in that directory - the kernel sources scripts that use it don't supply any arguments - any script there is simply run with run-parts. (In reply to comment #8) > I still don't see how `make install' would be triggered by kernel module > ebuilds (linux-mod.eclass users?). make install *triggers* kernel module ebuilds. See comment #0. In the following, I am not sure whether I understood what the actual question is, but I try my best to answer it anyway: (In reply to comment #9) > I also don't see how your script ended up in that directory I put it there. "nano /etc/kernel/postinst.d/10_module_rebuild" > the kernel sources scripts that use it don't supply any arguments The kernel sources run installkernel, which provides the version and the kernel image as arguments to the scripts in /etc/kernel/postinst.d > any script there is simply run with run-parts. Seems correct. Maybe it helps if I try to clarify the actual problem I reported: The kernel sources appear to call installkernel at a point where the kernel build directory is in a state where external kernel modules cannot be build. I have no clue why that is or which part of the kernel buildsystem creates these .tmp files. So I hoped that someone more familiar with the thing would be able to fix it. I assume you will need to find the environment variable that causes this behaviour. (In reply to comment #11) > I assume you will need to find the environment variable that causes this > behaviour. When I change: export KERNEL_DIR="/lib/modules/${version}/source" export KBUILD_OUTPUT="/lib/modules/${version}/build" to: export KERNEL_DIR="/usr/src/linux-${version}" export KBUILD_OUTPUT="/root/build-${version}" in my /etc/kernel/postinst.d/10_module-rebuild script, "make install" succeeds. Does the kernel buildsystem include these variables somewhere and tries to re-"configure" whenever they change? P.S: grepping for the dir or KBUILD_OUTPUT in the build directory does not reveal anything that appears related. This worked for me.
I compiled a kernel source in /tmp/linux-5.10.61-gentoo
make -j14 O=$PWD
make modules_install
installed acpi_call.
I have a script in postconf.d :
#!/bin/sh
version="$1" ; shift
image="$1" ; shift
export KERNEL_DIR="/lib/modules/${version}/source"
export KBUILD_OUTPUT="/lib/modules/${version}/build"
exec emerge --usepkg=n @module-rebuild
did a make install
it emerge acpi_call successfully.
(chroot) bozeman /tmp/linux # make install
sh ./arch/x86/boot/install.sh 5.10.61-gentoo arch/x86/boot/bzImage \
System.map "/boot"
run-parts: executing /etc/kernel/postinst.d/test.sh 5.10.61-gentoo /boot/vmlinuz-5.10.61-gentoo
If this is still an issue for you , please re-open
|
I built my kernel out-of-source using O=$PWD. When I run make install in that dir, the /etc/kernel/postinst.d hooks are being executed. One of these hooks is: #!/bin/sh version="$1" ; shift image="$1" ; shift export KERNEL_DIR="/lib/modules/${version}/source" export KBUILD_OUTPUT="/lib/modules/${version}/build" exec emerge --usepkg=n @module-rebuild However, the build fails with sandbox violations: ACCESS DENIED unlinkat: /usr/src/linux-3.6.2-gentoo/.16387.tmp rm: cannot remove '.16387.tmp': Permission denied ACCESS DENIED unlinkat: /usr/src/linux-3.6.2-gentoo/.16387.o rm: cannot remove '.16387.o': Permission denied (build.log attached) Reproducible: Always