This bug seems similar if not even identical to bug #2931. I had /var/tmp/portage on root filesystem. Due to space limitations I mounted an external drive ... # mkdir -p /mnt/external/var/tmp # chmod a+rwxt /mnt/external/var/tmp # mv /var/tmp/portage to /mnt/external/var/tmp Somehow, emerge fails. First of all I suggest emerge to check directory permissions. It is hard to find out what is wrong now. I suspect it is unhappy about some directory permission of /mnt/external/var or just because of the symlink? Puzzling is that emerge shows that is has UID 0 so it does have 'giveaway' rights. # DISTCC_HOSTS='' emerge -uN system --keep-going Calculating dependencies... done! >>> Verifying ebuild manifests >>> Starting parallel fetch >>> Emerging (1 of 2) sys-devel/gcc-4.5.3 * gcc-4.5.3.tar.bz2 RMD160 SHA1 SHA256 size ;-) ... [ ok ] * gcc-4.5.3-uclibc-patches-1.0.tar.bz2 RMD160 SHA1 SHA256 size ;-) ... [ ok ] * gcc-4.5.3-patches-1.0.tar.bz2 RMD160 SHA1 SHA256 size ;-) ... [ ok ] * gcc-4.5.3-piepatches-v0.4.5.tar.bz2 RMD160 SHA1 SHA256 size ;-) ... [ ok ] * gcc-4.4.3-specs-0.2.0.tar.bz2 RMD160 SHA1 SHA256 size ;-) ... [ ok ] * ecj-4.5.jar RMD160 SHA1 SHA256 size ;-) ... [ ok ] ACCESS DENIED mkdir: /mnt/external/var/tmp/portage/sys-devel/gcc-4.5.3/work install: cannot change permissions of `/var/tmp/portage/sys-devel/gcc-4.5.3/work': No such file or directory ACCESS DENIED open_wr: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack /usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied * ERROR: sys-devel/gcc-4.5.3 failed (unpack phase): ACCESS DENIED open_wr: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack /usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied * Failed to create dir '/var/tmp/portage/sys-devel/gcc-4.5.3/work' ACCESS DENIED open_wr: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack /usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied * ACCESS DENIED open_wr: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack /usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied * Call stack: ACCESS DENIED open_wr: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack /usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied * ebuild.sh, line 2402: Called ebuild_main ACCESS DENIED open_wr: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack /usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied * ebuild.sh, line 2309: Called dyn_unpack ACCESS DENIED open_wr: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack /usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied * ebuild.sh, line 765: Called die ACCESS DENIED open_wr: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack /usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied * The specific snippet of code: ACCESS DENIED open_wr: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack /usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied * install -m${PORTAGE_WORKDIR_MODE:-0700} -d "${WORKDIR}" || die "Failed to create dir '${WORKDIR}'" ACCESS DENIED open_wr: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack /usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied ACCESS DENIED open_wr: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack /usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied * If you need support, post the output of 'emerge --info =sys-devel/gcc-4.5.3', ACCESS DENIED open_wr: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack /usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied * the complete build log and the output of 'emerge -pqv =sys-devel/gcc-4.5.3'. ACCESS DENIED open_wr: /var/tmp/portage/sys-devel/gcc-4.5.3/.die_hooks /usr/lib/portage/bin/isolated-functions.sh: line 211: /var/tmp/portage/sys-devel/gcc-4.5.3/.die_hooks: Permission denied ACCESS DENIED open_wr: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack /usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied * The complete build log is located at '/var/tmp/portage/sys-devel/gcc-4.5.3/temp/build.log'. ACCESS DENIED open_wr: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack /usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied * The ebuild environment file is located at '/var/tmp/portage/sys-devel/gcc-4.5.3/temp/environment'. ACCESS DENIED open_wr: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack /usr/lib/portage/bin/isolated-functions.sh: line 264: /var/tmp/portage/sys-devel/gcc-4.5.3/temp/logging/unpack: Permission denied * S: '/var/tmp/portage/sys-devel/gcc-4.5.3/work/gcc-4.5.3' ACCESS DENIED chown: /var/tmp/portage/sys-devel/gcc-4.5.3/.ipc_lock [Errno 13] Permission denied: '/var/tmp/portage/sys-devel/gcc-4.5.3/.ipc_lock': chown('/var/tmp/portage/sys-devel/gcc-4.5.3/.ipc_lock', -1, 250) Cannot chown a lockfile: '/var/tmp/portage/sys-devel/gcc-4.5.3/.ipc_lock' Group IDs of current user: 0 1 2 3 4 6 10 11 20 26 27 ACCESS DENIED open_wr: /var/tmp/portage/sys-devel/gcc-4.5.3/.ipc_in Traceback (most recent call last): File "/usr/lib/portage/bin/ebuild-ipc.py", line 276, in <module> sys.exit(ebuild_ipc_main(sys.argv[1:])) File "/usr/lib/portage/bin/ebuild-ipc.py", line 273, in ebuild_ipc_main return ebuild_ipc.communicate(args) File "/usr/lib/portage/bin/ebuild-ipc.py", line 66, in communicate return self._communicate(args) File "/usr/lib/portage/bin/ebuild-ipc.py", line 235, in _communicate output_file = open(self.ipc_in_fifo, 'wb', 0) IOError: [Errno 13] Permission denied: '/var/tmp/portage/sys-devel/gcc-4.5.3/.ipc_in' ebuild-ipc: during write: subprocess failure: 1 ACCESS DENIED unlink: /var/tmp/portage/sys-devel/gcc-4.5.3/.ipc_lock --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE "/var/log/sandbox/sandbox-25832.log" I have coreutils-8.12. # emerge --info Portage 2.1.10.10 (default/linux/x86/10.0/desktop, gcc-4.5.2, glibc-2.13-r4, 3.0.0 i686) ================================================================= System uname: Linux-3.0.0-i686-Mobile_Intel-R-_Pentium-R-_4_-_M_CPU_1.80GHz-with-gentoo-2.0.3 Timestamp of tree: Mon, 08 Aug 2011 07:45:01 +0000 distcc 3.1 i686-pc-linux-gnu [disabled] app-shells/bash: 4.2_p10 dev-java/java-config: 2.1.11-r3 dev-lang/python: 2.5.4-r4, 2.6.7-r2, 2.7.2-r2, 3.1.4-r2, 3.2-r2 dev-util/cmake: 2.8.5-r2 dev-util/pkgconfig: 0.26 sys-apps/baselayout: 2.0.3 sys-apps/openrc: 0.8.3-r1 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.13::<unknown repository>, 2.68 sys-devel/automake: 1.4_p6-r1, 1.5-r1, 1.6.3-r1, 1.7.9-r2, 1.8.5-r4, 1.9.6-r3, 1.10.3, 1.11.1-r1 sys-devel/binutils: 2.21.1 sys-devel/gcc: 3.3.6-r1, 4.2.4-r1, 4.3.5, 4.4.5, 4.5.2 sys-devel/gcc-config: 1.4.1-r1 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.81-r2 sys-kernel/linux-headers: 2.6.38 (virtual/os-headers) sys-libs/glibc: 2.13-r4 Repositories: gentoo x-portage science ACCEPT_KEYWORDS="x86 ~x86" ACCEPT_LICENSE="* -@EULA dlj-1.1 sun-bcla-java-vm Nero-EULA-US skype-eula AdobeFlash AdobeFlash-10 AdobeFlash-10.1 PUEL" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium4m -mmmx -msse -msse2 -pipe -fno-strict-aliasing -ggdb" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /usr/share/openvpn/easy-rsa /var/bind /var/lib/hsqldb /var/vpopmail/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.2/ext-active/ /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.2/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.2/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-O2 -march=pentium4m -mmmx -msse -msse2 -pipe -fno-strict-aliasing -ggdb" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests binpkg-logs distlocks ebuild-locks fixlafiles fixpackages news nostrip parallel-fetch protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" FFLAGS="" GENTOO_MIRRORS="http://gentoo.mirror.web4u.cz" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="en cs cz" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage /home/mmokrejs/proj/sci" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="32bit 7zip R X Xaw3d a52 aac aalib ace acl acpi alsa amr amrnb amrwb apache apache2 apng audacious audiofile bash-completion bcmath berkdb blas bluetooth boost branding bzip2 cairo caps cblas cdda cddb cdparanoia cdr cgi clamav cli colordiff compress consolekit cpio cracklib crypt cscope css ctype cups curl curlwrappers cxx dbi dbus dga dhcp dia directfb djbfft dri dts dv dvb dvd dvdr dvdread emboss emf enblend encode enscript exif expat faad fam fame fat fbcon ffmpeg fftw firefox flac flash fontconfig fortran fpx ftp gcj gd gdbm gdu ggi gif gimp gimpprint glibc-compat20 glibc-omitfp glut gmp gnuplot gnutls gpgme gphoto2 gpm graphviz gs gsl gsm gtk gtkhtml hdf hdf5 hp2xx i8x0 iconv icu id3 id3tag ieee1394 imagemagick imlib inifile innodb ithreads jack java javascript jbig jce jikes jpeg jpeg2k kdtree kerberos ladspa lame lapack laptop largefile lcms leim libcaca libnotify libwww live lzo lzw mad maildir matroska mhash mikmod mime ming mjpeg mmap mmx mng mod_python modperl modplug modules motif mozilla moznoirc mp2 mp3 mp4 mpeg mplayer mudflap mule musepack mxdatetime mysql mysqli nat ncurses netcdf netpbm network nls nntp nptl nptlonly nsplugin ntfs numeric objc ogg opengl openmp openssl pam pango parport pcmcia pcntl pcre pdf perl php plotutils plugin png pnm policykit postproc postscript ppds pppd procmail pymol python qt3support qt4 quicktime rar raw readline recode reiserfs romio rpm samba sasl scanner scp sdl seamonkey server session sftp sift slp smime sndfile soap sockets spell sqlite srt sse sse2 ssl startup-notification static-libs subtitles subversion svg svgz sysfs sysvipc t1lib tcl tcpd theora threads tidy tiff tk transcode truetype udev unicode urandom usb userlocales utils uuencode v4l v4l2 vcd vhook vim-syntax vim-with-x vorbis wavpack wifi win32codecs wmf wxwindows x264 x86 xanim xcb xcf xfs xft xinerama xinetd xml xorg xpm xsl xslt xulrunner xv xvid xvmc yv12 zip zlib" ALSA_CARDS="intel-8x0m" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dbd deflate dir disk_cache env expires ext_filter file_cache filter headers icu ident imagemap include info log_config mem_cache mime mime_magic php rewrite setenvif speling status unique_id userdir usertrack vhost_alias negotiation" CALLIGRA_FEATURES="braindump flow karbon kexi kpresenter krita tables words" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en cs cz" PHP_TARGETS="php-5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="radeon vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Expected behavior: /var/tmp # /var/tmp # mv /mnt/external/var/tmp/portage . /var/tmp # emerge -uN gcc Calculating dependencies... done! >>> Verifying ebuild manifests >>> Starting parallel fetch >>> Emerging (1 of 3) sys-devel/gcc-4.5.3 * gcc-4.5.3.tar.bz2 RMD160 SHA1 SHA256 size ;-) ... [ ok ] * gcc-4.5.3-uclibc-patches-1.0.tar.bz2 RMD160 SHA1 SHA256 size ;-) ... [ ok ] * gcc-4.5.3-patches-1.0.tar.bz2 RMD160 SHA1 SHA256 size ;-) ... [ ok ] * gcc-4.5.3-piepatches-v0.4.5.tar.bz2 RMD160 SHA1 SHA256 size ;-) ... [ ok ] * gcc-4.4.3-specs-0.2.0.tar.bz2 RMD160 SHA1 SHA256 size ;-) ... [ ok ] * ecj-4.5.jar RMD160 SHA1 SHA256 size ;-) ... [ ok ] >>> Unpacking source... >>> Unpacking gcc-4.5.3.tar.bz2 to /var/tmp/portage/sys-devel/gcc-4.5.3/work >>> Unpacking gcc-4.5.3-patches-1.0.tar.bz2 to /var/tmp/portage/sys-devel/gcc-4.5.3/work >>> Unpacking gcc-4.5.3-uclibc-patches-1.0.tar.bz2 to /var/tmp/portage/sys-devel/gcc-4.5.3/work ^Z [1]+ Stopped emerge -uN gcc
It's not a normal permission issue, it's really a sandbox violation, similar to bug 308933. Please post the output of the following commands: portageq envvar PORTAGE_TMPDIR readlink -f $(portageq envvar PORTAGE_TMPDIR) readlink -f $(portageq envvar PORTAGE_TMPDIR)/portage It seems like the problem is that ${PORTAGE_TMPDIR}/portage is a symlink. If you set PORTAGE_TMPDIR="/var/tmp/portage" in make.conf, then the code from bug 308933 should work as intended to follow the symlink.
On the working setup: # portageq envvar PORTAGE_TMPDIR /var/tmp # readlink -f $(portageq envvar PORTAGE_TMPDIR) /var/tmp # readlink -f $(portageq envvar PORTAGE_TMPDIR)/portage /var/tmp/portage Now screwing up the system: # mv /var/tmp/portage /mnt/external/var/tmp # cd /var/tmp/ # ln -s /mnt/external/var/tmp/portage . # portageq envvar PORTAGE_TMPDIR /var/tmp # readlink -f $(portageq envvar PORTAGE_TMPDIR) /var/tmp # readlink -f $(portageq envvar PORTAGE_TMPDIR)/portage /mnt/external/var/tmp/portage # Indeed, the below works for me: # PORTAGE_TMPDIR="/var/tmp/portage" emerge -uN gcc I propose that few sanity checks are introduced in emerge/sandbox, wherever the code leaks. Back to the directory permissions, several times I had problem that I screwed perms on portage/ or its parent /var/tmp/. Be it the missing sticky or similar. Please print a useful error to the user. I believe emerge does stat() few times over all those dires so it is not that epensive to check the perms and require the intended privs. I remember the advices in bugzilla were "... open a live-dvd" and see what perms are there and fix them on you filesystem manually". That is not nice.
We have a _check_temp_dir() function that would could extend to check for a ${PORTAGE_TMPDIR}/portage symlink and then bail out with a suggestion for an appropriate PORTAGE_TMPDIR setting.
I do not understand why I have to change anything as a user as long as I keep the directory tree structure. In my eyes introducing a symlink to be traversed should not break the system. It is perfectly legal to place some directory on a different device/filesystem and introduce a symlink to that place from the original location. I ma probably missing something ...
(In reply to comment #5) > I do not understand why I have to change anything as a user as long as I keep > the directory tree structure. In my eyes introducing a symlink to be traversed > should not break the system. It's due to the implementation details of sys-apps/sandbox. It uses canonical paths, so that the sandbox won't be accidentally escaped via symlinks. > It is perfectly legal to place some directory on a different device/filesystem > and introduce a symlink to that place from the original location. I ma probably > missing something ... I'm not sure if it's feasible for sandbox to support symlinks like this. If it can, it would be a feature request for sys-apps/sandbox. Anyway, it's beyond the scope of sys-apps/portage unless sys-apps/sandbox provides a way to alter the way that it uses canonical paths, and I suspect that it does not at this time.
(In reply to comment #4) > We have a _check_temp_dir() function that would could extend to check for a > ${PORTAGE_TMPDIR}/portage symlink and then bail out with a suggestion for an > appropriate PORTAGE_TMPDIR setting. This is implemented in git: http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=8a85160f4833e3f02470961fc2e05ec93f466566
Why don't you use os.path.islink()? Actually, if I got you right why don't you traverse the whole path from '/' down to ${PORTAGE_TMPDIR}/portage and check that none of the nodes is a symlink (if they are not supported by sanbox)? And if so, an error should be raised. Am a bit lazy now at 3AM here to check myself but does that mean one may place whole /var/tmp onto the different device/filesystem? And/or does that means that FEATURES=-usersandbox emerge blah or FEATURES=-sandbox? (did not get their difference from the too brief description in make.conf) will obey the issue and /var/tmp/portage could be a symlink? Then include that note in the text message printed to the user in your patch, that will help people. ;) Thanks. :))
(In reply to comment #8) > Why don't you use os.path.islink()? I suppose that would work, but I'd prefer to implement it so that it matches the implementation of sandbox a close as possible. Since sandbox would do the equivalent of realpath(), that's what I used. > Actually, if I got you right why don't you > traverse the whole path from '/' down to ${PORTAGE_TMPDIR}/portage and check > that none of the nodes is a symlink (if they are not supported by sanbox)? And > if so, an error should be raised. Well, it's not a problem if any of the PORTAGE_TMPDIR parents is a symlink, because we already realpath that anyway: http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=b414c49cec13202c34ea4115f79978ca7177acaf > Am a bit lazy now at 3AM here to check myself but does that mean one may place > whole /var/tmp onto the different device/filesystem? The default PORTAGE_TMPDIR is /var/tmp, but you can use any directory you want. > And/or does that means > that > > FEATURES=-usersandbox emerge blah > or > FEATURES=-sandbox? > > (did not get their difference from the too brief description in make.conf) The error only applies to people who have sandbox enabled, so there's no point in triggering the error otherwise. > will obey the issue and /var/tmp/portage could be a symlink? Then include that > note in the text message printed to the user in your patch, that will help > people. ;) Thanks. :)) Generally, we advise people to have sandbox enabled. So, if it's enabled, it's better to suggest a solution that doesn't involve disabling sandbox.
simply change your PORTAGE_TMPDIR. it's really not that hard. *** This bug has been marked as a duplicate of bug 80085 ***
(In reply to comment #6) > (In reply to comment #5) > > I do not understand why I have to change anything as a user as long as I keep > > the directory tree structure. In my eyes introducing a symlink to be traversed > > should not break the system. > > It's due to the implementation details of sys-apps/sandbox. It uses canonical > paths, so that the sandbox won't be accidentally escaped via symlinks. > > > It is perfectly legal to place some directory on a different device/filesystem > > and introduce a symlink to that place from the original location. I am > > probably missing something ... > > I'm not sure if it's feasible for sandbox to support symlinks like this. If it > can, it would be a feature request for sys-apps/sandbox. Anyway, it's beyond > the scope of sys-apps/portage unless sys-apps/sandbox provides a way to alter > the way that it uses canonical paths, and I suspect that it does not at this > time. Thinking of it more I wouldn't move whole /var/tmp to a different location because the connection to the external USB-drive is shaky, some files are already opened after a boot up ... I see portage/sanbox expand the symlink to its target automagically if it is the very top node of the tree because this worked for me: PORTAGE_TMPDIR="/var/tmp/portage" while it was a symlink to /mnt/external/var/tmp/portage. Actually, I could have done also either of PORTAGE_TMPDIR="/mnt/external/var/tmp" or PORTAGE_TMPDIR="/mnt/external/var/tmp/portage", right?
Yes, you can set PORTAGE_TMPDIR to anything you want. It's the portage directory underneath it that can't be a symlink.
(In reply to comment #7) > (In reply to comment #4) > > We have a _check_temp_dir() function that would could extend to check for a > > ${PORTAGE_TMPDIR}/portage symlink and then bail out with a suggestion for an > > appropriate PORTAGE_TMPDIR setting. > > This is implemented in git: > > http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=8a85160f4833e3f02470961fc2e05ec93f466566 This is in 2.1.10.11 and 2.2.0_alpha51.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=464a65b848eb1344cd1eff3545bed311c01d97ea commit 464a65b848eb1344cd1eff3545bed311c01d97ea Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2019-01-01 20:55:41 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2019-01-01 20:57:54 +0000 _check_temp_dir: fix message to refer to correct bug 378403 Bug: https://bugs.gentoo.org/378403 Fixes: 8a85160f4833 ("_check_temp_dir: check for 'portage' symlink") Signed-off-by: Zac Medico <zmedico@gentoo.org> lib/portage/package/ebuild/doebuild.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=be2312f4f9bf854897431440734a765f5279c7d1 commit be2312f4f9bf854897431440734a765f5279c7d1 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2019-01-02 23:40:57 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2019-01-03 08:24:40 +0000 ebuild.sh: sandbox write to ${PORTAGE_TMPDIR}/portage (bug 673738) In ebuild.sh, grant sandbox write access directly to ${PORTAGE_TMPDIR}/portage, since write access to ${PORTAGE_TMPDIR} itself is not needed. Also, remove the _check_temp_dir symlink check from bug 378403, since a symlink is permissible if write access is granted directly to ${PORTAGE_TMPDIR}/portage. Bug: https://bugs.gentoo.org/673738 Bug: https://bugs.gentoo.org/378403 Signed-off-by: Zac Medico <zmedico@gentoo.org> bin/ebuild.sh | 4 ++-- lib/portage/package/ebuild/doebuild.py | 27 ++------------------------- 2 files changed, 4 insertions(+), 27 deletions(-)
