Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 308933 - sys-apps/portage-2.1.7.17 /var/tmp/portage symlink triggers sandbox violation
Summary: sys-apps/portage-2.1.7.17 /var/tmp/portage symlink triggers sandbox violation
Status: RESOLVED FIXED
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Core (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Portage team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-03-11 05:23 UTC by Aaron Ten Clay
Modified: 2011-05-10 20:52 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
Build log from failed unpack (build.log,21.00 KB, text/plain)
2010-03-11 05:24 UTC, Aaron Ten Clay
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Aaron Ten Clay 2010-03-11 05:23:14 UTC
If /var/tmp/portage is a symlink any unpack stages for emerge will fail with invalid permissions. Proper permissions are set on the destination of the symlink:

Normal system, no symlinks for /var, /var/tmp, or /var/tmp/portage:

4.0K drwxrwxr-x 3 portage portage 4.0K Mar 10 21:07 /var/tmp/portage


Replacing /var/tmp/portage with a symlink to /mnt/data/portage:

0 lrwxrwxrwx 1 root root 18 Mar 10 21:14 /var/tmp/portage -> /mnt/data/portage/
0 drwxrwxr-x 2 portage portage  48 Mar 10 21:13 /mnt/data/portage


build.log will be attached.

This does NOT occur if /var/tmp itself is a symlink.

Reproducible: Always

Steps to Reproduce:
1. rmdir /var/tmp/portage
2. mkdir /some/path/portage
3. chown portage:portage /some/path/portage
4. chmod 775 /some/path/portage
5. ln -s /some/path/portage /var/tmp/portage
6. emerge anything
Actual Results:  
Emerge fails at unpack stage

Expected Results:  
Emerge would work normally

Portage 2.1.7.17 (default/linux/amd64/10.0, gcc-4.3.4, glibc-2.10.1-r1, 2.6.31-gentoo-r6 x86_64)
=================================================================
System uname: Linux-2.6.31-gentoo-r6-x86_64-Intel-R-_Core-TM-2_Quad_CPU_Q6600_@_2.40GHz-with-gentoo-1.12.13
Timestamp of tree: Wed, 10 Mar 2010 10:45:02 +0000
app-shells/bash:     4.0_p35
dev-java/java-config: 2.1.10
dev-lang/python:     2.6.4-r1
dev-util/cmake:      2.6.4-r3
sys-apps/baselayout: 1.12.13
sys-apps/sandbox:    1.6-r2
sys-devel/autoconf:  2.13, 2.63-r1
sys-devel/automake:  1.8.5-r3, 1.9.6-r2, 1.10.3
sys-devel/binutils:  2.18-r3
sys-devel/gcc:       4.3.4
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6b
virtual/os-headers:  2.6.30-r1
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=native -mtune=native"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb /usr/share/config /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -pipe -march=native -mtune=native"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms splitdebug strict unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="http://epic.aaronnet.lan/gentoo"
LDFLAGS="-Wl,-O1"
MAKEOPTS="-j10"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://epic.aaronnet.lan/gentoo-portage"
USE="X a52 aac aalib accessibility acl alsa amd64 aspell audio audiofile bash-completion berkdb bineditor bluetooth bookmarks bs2b bzip2 cairo cdda cddax cddb cdinstall cdio cgi cleartype cli consolekit cracklib crypt css cups curl cxx dbus debug dmraid dri dts dvd dvdr embedded emerald encode exif fam fastcgi fat ffmpeg flac fortran ftp fts3 gd gdbm gif git glitz gnutls gphoto2 gpm gps gtk hal hfs httpd iconv id3 id3tag imlib inotify ipod iproute2 ipv6 java jfs jpeg jpeg2k kde lame lcms libcaca libsamplerate live lzo mad matroska mbrola mercurial mjpeg mmap mmx mmxext mng modules mono mp3 mp4 mpeg mplayer mtp mudflap multilib multiuser musepack musicbrainz mysql ncurses network network-cron nls nptl nptlonly nsplugin ntfs ogg openal opengl openmp pam pcre pdf perl php png postgres ppds pppd prediction python qt3support qt4 qtscript quicktime radio rar raw rdesktop rdp readline reflection reiser4 reiserfs rss rtc ruby samba sasl scanner sdl server session shout slp smp sndfile speex spell spl sql sqlite sqlite3 sse sse2 ssl ssse3 stream subversion svg sysfs tcpd templates theora threads thumbnail tiff truetype unicode usb vcd video visualization vlm vnc vorbis wavpack webkit wmf wxwidgets x264 xattr xcb xcomposite xfs xine xinerama xml xorg xosd xscreensaver xulrunner xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="nvidia"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Comment 1 Aaron Ten Clay 2010-03-11 05:24:09 UTC
Created attachment 223111 [details]
Build log from failed unpack

build.log from failed merge when /var/tmp/portage is a symlink
Comment 2 Zac Medico gentoo-dev 2010-03-11 05:43:25 UTC
This is due to fact that sandbox does not follow symlinks. Instead of using a symlink for /var/tmp/portage, you should override PORTAGE_TMPDIR in /etc/make.conf.
Comment 4 Zac Medico gentoo-dev 2010-08-21 00:47:59 UTC
(In reply to comment #3)
> This is fixed in git:
> 
> http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=b414c49cec13202c34ea4115f79978ca7177acaf

Actually, I've just noticed that I added a duplicate realpath call there, and that portage-2.1.7.17 already had a realpath call. So, now I'm not sure what triggered the sandbox violation. Are you still able to reproduce this problem?
Comment 5 Zac Medico gentoo-dev 2011-05-10 19:33:55 UTC
Please re-open if you can still reproduce this.
Comment 6 Aaron Ten Clay 2011-05-10 20:52:49 UTC
No longer reproducible. Thanks :)