Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 837362 - dev-util/ccache-4.6 tries to write outside sandbox
Summary: dev-util/ccache-4.6 tries to write outside sandbox
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Toolchain Maintainers
URL:
Whiteboard: If hitting this: run FEATURES="-ccach...
Keywords:
: 837380 837509 837524 (view as bug list)
Depends on:
Blocks:
 
Reported: 2022-04-09 10:32 UTC by Matthew Smith
Modified: 2022-12-01 02:30 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
log (dev-util:ccache-4.6-r1:20220409-171656.log,45.42 KB, text/x-log)
2022-04-09 17:30 UTC, ArchFeh(Yu Gu) 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthew Smith gentoo-dev 2022-04-09 10:32:27 UTC 
After updating to ccache-4.6, there are many sandbox violations when it tries to create /run/user/portageuid/ccache-tmp.

    F: mkdir
    S: deny
    P: /run/user/250
    A: /run/user/250
    R: /run/user/250
    C: x86_64-pc-linux-gnu-g++ -xc++ -E -v -

The upstream commit that caused the issue (in 4.6) a0edd4294f6a5a2d3f0c7b01273736f975f250e1. Issue is fixed in commit ef2e922f9642f943199138447b29ec53fa63ea68 but has not made it into a new release yet.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-04-09 10:43:31 UTC 
Please apply the patch, cheers! I'd missed one didn't make it into the release.
Comment 2 Matthew Smith gentoo-dev 2022-04-09 11:07:04 UTC 
Sorry, I was testing with the wrong version.

Applying ef2e922 did not actually fix the issue, and neither did reverting a0edd42. From looking at the git log these seem to be the only two relevant commits.
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-04-09 11:11:23 UTC 
(In reply to Matthew Smith from comment #2)
> Sorry, I was testing with the wrong version.
> 
> Applying ef2e922 did not actually fix the issue, and neither did reverting
> a0edd42. From looking at the git log these seem to be the only two relevant
> commits.

Bleh. Please could you report upstream and rebase our old patch for it then? (Or I can do the latter later today?)
Comment 4 jospezial 2022-04-09 11:12:36 UTC 
pmask this version?
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-04-09 11:13:15 UTC 
(In reply to jospezial from comment #4)
> pmask this version?

No real need given the patch is trivial to rebase. I'm not able to commit right now but if I could, I'd do that rather than mask it.
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-04-09 11:17:36 UTC 
*** Bug 837380 has been marked as a duplicate of this bug. ***
Comment 7 Larry the Git Cow gentoo-dev 2022-04-09 11:26:52 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9767f9723c5c168a772653541283cb9065090c1e

commit 9767f9723c5c168a772653541283cb9065090c1e
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-04-09 11:26:14 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-04-09 11:26:46 +0000

    dev-util/ccache: restore /run-skip patch
    
    I still can't hit this but let's rebase the old patch
    given it makes sense for now.
    
    Closes: https://bugs.gentoo.org/837362
    Bug: https://bugs.gentoo.org/837380
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-util/ccache/ccache-4.6.ebuild                  |  1 +
 .../ccache/files/ccache-4.6-avoid-run-user.patch   | 28 ++++++++++++++++++++++
 2 files changed, 29 insertions(+)
Comment 8 Larry the Git Cow gentoo-dev 2022-04-09 11:28:04 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=035fe04cb6f6f041330ab7561bdd1dc7687343de

commit 035fe04cb6f6f041330ab7561bdd1dc7687343de
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-04-09 11:27:15 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-04-09 11:27:54 +0000

    dev-util/ccache: revbump for /run fix
    
    Thought I had!
    
    Fixes: 9767f9723c5c168a772653541283cb9065090c1e
    Bug: https://bugs.gentoo.org/837362
    Bug: https://bugs.gentoo.org/837380
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-util/ccache/{ccache-4.6.ebuild => ccache-4.6-r1.ebuild} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
Comment 9 Andrei Slavoiu 2022-04-09 13:39:12 UTC 
Perhaps this is worthy of a news article instructing how to temporarily disable ccache in order to be able to upgrade to the new revision? From the sandbox error  it's not obvious that ccache is to blame for this.
Comment 10 ArchFeh(Yu Gu) 2022-04-09 17:30:44 UTC 
Created attachment 769694 [details]
log

Unfortunately this bug still have in 4.6-r1
Comment 11 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-04-09 23:35:00 UTC 
*** Bug 837509 has been marked as a duplicate of this bug. ***
Comment 12 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-04-09 23:37:52 UTC 
*** Bug 837524 has been marked as a duplicate of this bug. ***
Comment 13 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-04-09 23:38:22 UTC 
(In reply to ArchFeh from comment #10)
> Created attachment 769694 [details]
> log
> 
> Unfortunately this bug still have in 4.6-r1

You have to disable it first to re-emerge it.
Comment 14 ArchFeh(Yu Gu) 2022-04-10 01:54:29 UTC 
(In reply to Sam James from comment #13)
> (In reply to ArchFeh from comment #10)
> > Created attachment 769694 [details]
> > log
> > 
> > Unfortunately this bug still have in 4.6-r1
> 
> You have to disable it first to re-emerge it.

Thanks. Fixed) I was stupid:D
Comment 15 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-04-12 09:02:49 UTC 
News item posted for review: https://archives.gentoo.org/gentoo-dev/message/41accef5cbb8f10ce922070e92ee253a
Comment 16 Larry the Git Cow gentoo-dev 2022-04-13 23:19:06 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=930b96b94ebad678ef11b1d8aa5fd8aa609f198f

commit 930b96b94ebad678ef11b1d8aa5fd8aa609f198f
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-04-12 08:52:57 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-04-12 08:52:57 +0000

    2022-04-12-ccache-4_6-sandbox: add news item
    
    Bug: https://bugs.gentoo.org/837362
    Signed-off-by: Sam James <sam@gentoo.org>

 .../2022-04-12-ccache-4_6-sandbox.en.txt           | 25 ++++++++++++++++++++++
 1 file changed, 25 insertions(+)