Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 468528 - app-backup/dar with dev-libs/libgcrypt-1.5.2[caps] - Cannot read directory contents: /home/xxxx : Error opening directory in furtive read
Summary: app-backup/dar with dev-libs/libgcrypt-1.5.2[caps] - Cannot read directory co...
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: AMD64 Linux
: Normal normal with 1 vote (vote)
Assignee: Richard Freeman
Depends on:
Blocks: 468616
  Show dependency tree
Reported: 2013-05-03 22:59 UTC by Adam Jones
Modified: 2020-06-02 18:19 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Adam Jones 2013-05-03 22:59:42 UTC
When dev-libs/libgcrypt is compiled with USE="caps" enabled, app-backup/dar (running as root) fails to back up a filesystem, producing errors of the form:

Cannot read directory contents: /home/xxxx : Error opening directory in furtive read mode: /home/xxxx : Permission denied

strace reveals that openat('/home/xxxx') with the O_NOATIME flag is returning EACCES despite the fact that the process is running as root.  It appears that some function in libgcrypt is dropping capabilities, leaving the dar process without CAP_FOWNER (required for O_NOATIME).

Rebuilding libgcrypt with USE="-caps" resolves the issue.  Tested with dar-2.4.9 and 2.4.10.  dar-2.3.8 does not use libgcrypt and is therefore unaffected.

emerge --info gives:

Portage (default/linux/amd64/13.0, gcc-4.7.2, glibc-2.17, 3.8.11 x86_64)
System uname: Linux-3.8.11-x86_64-Intel-R-_Core-TM-_i5-2390T_CPU_@_2.70GHz-with-gentoo-2.2
KiB Mem:     3818840 total,    516228 free
KiB Swap:    2097148 total,   2009304 free
Timestamp of tree: Fri, 03 May 2013 01:45:01 +0000
ld GNU ld (GNU Binutils) 2.23.1
distcc 3.1 x86_64-pc-linux-gnu [disabled]
ccache version 3.1.9 [enabled]
app-shells/bash:          4.2_p45
dev-java/java-config:     2.2.0
dev-lang/python:          2.7.4, 3.2.4
dev-util/ccache:          3.1.9
dev-util/pkgconfig:       0.28
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.11.8
sys-apps/sandbox:         2.6-r1
sys-devel/autoconf:       2.13, 2.69
sys-devel/automake:       1.4_p6-r1, 1.5-r1, 1.7.9-r2, 1.9.6-r3, 1.10.3, 1.11.6, 1.12.6, 1.13.1
sys-devel/binutils:       2.23.1
sys-devel/gcc:            4.7.2-r1
sys-devel/gcc-config:     1.8
sys-devel/libtool:        2.4.2
sys-devel/make:           3.82-r4
sys-kernel/linux-headers: 3.8 (virtual/os-headers)
sys-libs/glibc:           2.17
Repositories: gentoo x-portage squeezebox niftyrepo steam-overlay
ACCEPT_KEYWORDS="amd64 ~amd64"
CFLAGS="-O2 -mmmx -msse -msse2 -msse3 -pipe"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/polkit-1/actions /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/apache2-php5.4/ext-active/ /etc/php/apache2-php5.5/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/cgi-php5.5/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/php/cli-php5.5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -mmmx -msse -msse2 -msse3 -pipe"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs ccache config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox xattr"
FFLAGS="-O2 -pipe"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTDIR_OVERLAY="/usr/local/portage /var/lib/layman/squeezebox /var/lib/layman/niftyrepo /var/lib/layman/steam"
USE="X a52 aac aacplus aacs accessibility acl acpi aiglx aio alsa amd64 amr ao apache2 asf async audiofile avahi avi avx bash-completion berkdb bitmap-fonts bluetooth bluray bonjour bzip2 cairo caps cdda cddb cdparanoia cdr cgi cjk cleartype cli consolekit cracklib cron crypt cups curl cvs cxx dbus dcc device-mapper dga dirac directfb discard-path disk-partition dmi dmx dri dvb dvd dvdnav dvdr dvdread enca encode epoll exif exim exiscan exiscan-acl expat faac faad fam fbcon ffmpeg flac flash font-server fontconfig foomaticdb force-cgi-redirect fortran ftp fuse gallium gdbm gif git glamor gles glib glx gpg gphoto2 gpm graphviz gstreamer gtk gtk3 hdri iconv icq icu id3tag idea idn imagemagick imap imlib indicate inotify ipv6 irc jabber java javacomm javascript jpeg jpeg2k kpathsea kpoll kvm lame latex lcms ldb lensfun libass libmpd libnotify libsamplerate libv4l2 lm_sensors logrotate lua lzma lzo mad maildir matroska mbox mbx mdnsresponder-compat mercurial midi mikmod mime mmx mmxext mng mod modules mono moonlight mp2 mp3 mp4 mpeg mpg123 mplayer msn mtp mudflap multilib mysql ncurses nethack netlink nls nntp nptl nptlonly nsplugin ntp objc offensive ogg oggvorbis openal opencl openexr opengl openmp opus pam paranoia pcre pdf perl php pm-utils png policykit pop posix ppds pulseaudio python python2 python3 pyzor pyzord qt qt3support qt4 quicktime radio rar raw razor readline rtc rtmp rtsp ruby s3tc samba scanner schroedinger sdl semantic-desktop server session sip smbsharemodes smp smtp sndfile speex spell sql sqlite sqlite3 srt ssa sse sse2 sse3 sse4_1 sse4_2 ssl ssse3 startup-notification subtitles subversion svg symlink syslog system-sqlite taglib tcpd tetex theora threads threadsafe thunar tiff timidity tls transcode truetype truetype-fonts twolame type1-fonts udev udisks uk_rt unicode upnp usb v4l v4l2 vaapi vhosts vorbis vpx wavpack webdav webgl webkit wma wmf x264 xattr xcb xcomposite xext xface xft xinerama xinetd xml xml2 xorg xrandr xscreensaver xulrunner xv xvid xvmc xz yahoo zeroconf zlib" ABI_X86="32 64" ALSA_CARDS="intel-hda usb-audio" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="access_compat actions alias auth_basic auth_digest authn_alias authn_anon authn_core authn_dbm authn_default authn_file authz_core authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_http proxy_connect rewrite setenvif socache_shmcb speling status unique_id unixd userdir usertrack version vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="directory ptp2 sierra" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" DVB_CARDS="usb-dtt220u usb-wt220u" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en en_GB fr de ja" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-3" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" QEMU_SOFTMMU_TARGETS="i386 x86_64" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby18 ruby19" SANE_BACKENDS="epson genesys" USERLAND="GNU" VIDEO_CARDS="v4l intel i915 i965" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Comment 1 Adam Jones 2013-05-04 07:36:42 UTC
The same libgcrypt behaviour may also be responsible for breaking sys-fs/cryptsetup-1.6.0.  Upon rebooting my system, I found that my encrypted partitions refused to mount because cryptsetup reported an ioctl failure.

Reverting to an old, statically-linked cryptsetup-1.4.1 binary allowed the system to boot successfully.
Comment 2 J. Roeleveld 2014-06-06 18:57:18 UTC

I know this has been over a year now.
Do you know if this issue still occurs with a later version?

2.4.13 is in the tree.


Comment 3 Szymon Scholz 2020-06-02 18:12:51 UTC
Hi, i know that i am digging a hole right now, but this bug shouldn't be closed?
Comment 4 Richard Freeman gentoo-dev 2020-06-02 18:19:15 UTC
(In reply to Szymon Scholz from comment #3)
> Hi, i know that i am digging a hole right now, but this bug shouldn't be
> closed?

Not at all.

Closed for now.  Please comment if the issue still occurs and provide updated version info.