Just trying to install db-4.1.25_p1-r2 leads to the following error: --------------------------- ACCESS VIOLATION LOG FILE = "/tmp/sandbox-db-4.1.25_p1-r2... open_wr: /proc/self/maps open_wr: /proc/self/maps open_wr: /proc/self/maps open_wr: /proc/self/maps open_wr: /proc/self/maps open_wr: /proc/self/maps open_wr: /proc/self/maps ---------------------------------------- Reproducible: Always Steps to Reproduce: 1. try to emerge db-4.1.25_p1-r2. Actual Results: leads to shown error Expected Results: should just install the package. root # emerge --info Portage 2.0.49-r15 (default-x86-1.4, gcc-3.3.1, glibc-2.3.2-r6, 2.4.20-gentoo-r7) ================================================================= System uname: 2.4.20-gentoo-r7 i686 AMD Athlon(tm) Processor Gentoo Base System version 1.4.3.11 distcc 2.11.2 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.3 [enabled] ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O2 -mcpu=i686 -pipe" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /var/qmail/control /usr/kde/2/share/config /usr/kde/3/share/config /var/bind /usr/X11R6/lib/X11/xkb /usr/kde/3.1/share/config /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/config" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-O2 -mcpu=i686 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="ccache autoaddcvs sandbox fixpackages" GENTOO_MIRRORS="ftp://ftp.tu-clausthal.de/pub/linux/gentoo/ http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ http://ftp.uni-erlangen.de/pub/mirrors/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 oss apm avi crypt cups encode foomaticdb gif jpeg libg++ mad mikmod mpeg ncurses nls pdflib png quicktime spell truetype xml2 xmms xv zlib alsa gdbm berkdb slang readline arts tetex bonobo svga tcltk java guile mysql postgres sdl gpm tcpd pam libwww ssl perl python esd imlib oggvorbis gnome gtk qt kde motif opengl mozilla cdr gtk2 X"
*** Bug 31973 has been marked as a duplicate of this bug. ***
Note that this only seems to hapen with the ibm jdk. However probably a standard rule in portage is the best solution.
I have been pegged on the portage tree since this surfaced. Is there any workaround? It makes me unhappy when I fall behind with my updates ;)
next db-4.1.25_p1- release and no change on this topic. anyone working on it yet? would be really really nice to get it solved ... in whichever direction ;). thomas
I can confirm that this is only ibm jdk related. I fixed each one of the packages that was complaining about the /proc/self/maps violation by adding a line: addwrite /proc/self/maps at the beginning of src_compile(), as explained in bug 31485 comment 7. So, by using this kludge, I was able to compile postgresql, php, mod_php and db successfully. For postgresql, I also had to add that line to the beginning of src_install().
*** Bug 33692 has been marked as a duplicate of this bug. ***
I have this same problem with gettext-0.12.1 I dont know if gettext has anything to do with java, but I am using blackdown as jdk. make[3]: Leaving directory `/var/tmp/portage/gettext-0.12.1/work/gettext-0.12.1/gettext-tools/tests' make[3]: Entering directory `/var/tmp/portage/gettext-0.12.1/work/gettext-0.12.1/gettext-tools' make[3]: Nothing to be done for `all-am'. make[3]: Leaving directory `/var/tmp/portage/gettext-0.12.1/work/gettext-0.12.1/gettext-tools' make[2]: Leaving directory `/var/tmp/portage/gettext-0.12.1/work/gettext-0.12.1/gettext-tools' make[1]: Leaving directory `/var/tmp/portage/gettext-0.12.1/work/gettext-0.12.1/gettext-tools' make[1]: Entering directory `/var/tmp/portage/gettext-0.12.1/work/gettext-0.12.1' make[1]: Nothing to be done for `all-am'. make[1]: Leaving directory `/var/tmp/portage/gettext-0.12.1/work/gettext-0.12.1' --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE = "/tmp/sandbox-gettext-0.12.1-19732.log" open_wr: /proc/self/maps open_wr: /proc/self/maps open_wr: /proc/self/maps open_wr: /proc/self/maps open_wr: /proc/self/maps open_wr: /proc/self/maps open_wr: /proc/self/maps open_wr: /proc/self/maps open_wr: /proc/self/maps open_wr: /proc/self/maps open_wr: /proc/self/maps open_wr: /proc/self/maps open_wr: /proc/self/maps open_wr: /proc/self/maps open_wr: /proc/self/maps --------------------------------------------------------------------------------
Predict added to ebuild.sh as a semi-solution.
Has anybody greped the source code for this yet?
It would seem key to me to know why it's doing this before adding a +w on a read only file. Note that /proc/self/maps will appear as 00000000-00000000 on a grsecurity protected kernel so whatever data it's trying to gather from here will break in it's logic. I'm keen on patching the src to prevent this behavior if it thinks it has a valid reason for doing this. It really cant be valid however as the file is read-only.
How many of you are using a PAX/grsec enabled kernel with address space protections? I've merged gettext like crazy and texting various things. I've discovered after disabling SEGMEXEC, PAGEEXEC, RANDMMAP that everything seems to work fine. What I assume is happening here is when javac is called from these ebuilds and the PAX flags are not set, the javac jumps to it's signal handler and is what is calling the fopen("/proc/self/maps", "rt"); which causes the sandbox violation. Work Around - Please TEST chpax -zsrp /opt/blackdown-jdk-*/bin/[a-z]*
I've had problems with gettext not compiling on PAX/grsec enabled systems. I was finally able to get gettext to compile correctly when I used chpax -rsp on the java/javac/jar binaries for blackdown.
*** Bug 36735 has been marked as a duplicate of this bug. ***
*** Bug 35306 has been marked as a duplicate of this bug. ***
I keep the /etc/conf.d/chpax pretty current on known/reported pax flags. So another option is to let the etc chpax file handle the pax flags for you. emerge chpax rc-update add chpax default /etc/init.d/chpax restart
a chpax restart gives me the following lines: > /etc/init.d/chpax restart * error: chpax -p /usr/X11R6/bin/XFree86 * error: chpax -p /opt/blackdown-jdk-1.4.1/jre/bin * error: chpax -p /opt/blackdown-jdk-1.4.1/jre/javaws-1_2_0_01-linux-int.zip * error: chpax -p /opt/blackdown-jdk-1.4.1/jre/lib * error: chpax -p /opt/blackdown-jdk-1.4.1/jre/plugin * error: chpax -s /usr/X11R6/bin/XFree86 * error: chpax -s /opt/blackdown-jdk-1.4.1/jre/bin * error: chpax -s /opt/blackdown-jdk-1.4.1/jre/javaws-1_2_0_01-linux-int.zip * error: chpax -s /opt/blackdown-jdk-1.4.1/jre/lib * error: chpax -s /opt/blackdown-jdk-1.4.1/jre/plugin * error: chpax -x /opt/blackdown-jdk-1.4.1/jre/bin * error: chpax -x /opt/blackdown-jdk-1.4.1/jre/javaws-1_2_0_01-linux-int.zip * error: chpax -x /opt/blackdown-jdk-1.4.1/jre/lib * error: chpax -x /opt/blackdown-jdk-1.4.1/jre/plugin What can I do about it?
emerge -C chpax rm /etc/{init,conf}.d/chpax emerge '>=sys-apps/chpax-0.6.1' /etc/init.d/chpax restart That should get rid of most of the java errors. If a file is in use like your XFree86 was, then you can expect to see an "error" which is telling you that file is in use ie (Text File Busy)
Yes, that did the trick! Thank you!
Negative ehere: chpax didn't help to go around gettext violating the sandbox. I am now in the middle of deciding either to let gettext to violate its sandbox (scared!) or to mask gettext until it will be properly fixed. Any advise?
well, after unmerging ibm-jdk-141, I have successfully upgraded gettext to 0.12.1 without any access violation. After upgradig gettext, I've re-emerged ibm-jdk-141. Is it, what I've done, securily safe?
dev-portage I'm taking this bug.... ----------------------------------- Ax, Please post the output from the following command. epm -q -l ibm-jdk-here | xargs chpax -v 2>/dev/null| grep chpax | awk '{print $9, $8}'
*** Bug 40842 has been marked as a duplicate of this bug. ***
Everybody understand how chpax works now? I assume nobody is having a problem anymore.
Closing bug as INVALID then