portage 2.0.51.20-r5 is badly broken with FEATURES="sandbox userpriv". I upgraded to the new portage from 2.0.51.19, and afterwards I'm getting lots of permission denied messages during the src_install phase and during the packaging phase. This happens with any ebuild, but I've used the portage ebuild as a good example. If I turned off either userpriv or sandbox, the problem goes away. x29 ~ # emerge portage Calculating dependencies ...done! >>> emerge (1 of 1) sys-apps/portage-2.0.51.20-r5 to / >>> md5 src_uri ;-) portage-2.0.51.20.tar.bz2 >>> Unpacking source... >>> Unpacking portage-2.0.51.20.tar.bz2 to /dev/shm/portage/portage-2.0.51.20-r5/work patching file bin/dispatch-conf patching file bin/ebuild.sh patching file bin/emerge patching file bin/repoman patching file pym/dispatch_conf.py patching file pym/portage.py Hunk #1 succeeded at 4 with fuzz 2. >>> Source unpacked. Listing /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/cvstree.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/dcdialog.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/dispatch_conf.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/emergehelp.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/getbinpkg.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/output.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage_checksum.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage_const.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage_contents.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage_data.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage_db_anydbm.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage_db_cpickle.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage_db_flat.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage_db_template.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage_db_test.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage_dep.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage_exception.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage_exec.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage_file.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage_gpg.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage_localization.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage_locks.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage_util.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/xpak.py ... >>> Test phase [not enabled]: sys-apps/portage-2.0.51.20-r5 rm: cannot remove `/dev/shm/portage/portage-2.0.51.20-r5/image': Permission denied >>> Install portage-2.0.51.20-r5 into /dev/shm/portage/portage-2.0.51.20-r5/image/ category sys-apps rm: cannot remove `/dev/shm/portage/portage-2.0.51.20-r5/temp/make.conf.example': Permission denied gzip: /dev/shm/portage/portage-2.0.51.20-r5/image//usr/share/man/man1/dispatch-conf.1: Permission denied gzip: /dev/shm/portage/portage-2.0.51.20-r5/image//usr/share/man/man1/ebuild.1: Permission denied gzip: /dev/shm/portage/portage-2.0.51.20-r5/image//usr/share/man/man5/ebuild.5: Permission denied gzip: /dev/shm/portage/portage-2.0.51.20-r5/image//usr/share/man/man1/emerge.1: Permission denied gzip: /dev/shm/portage/portage-2.0.51.20-r5/image//usr/share/man/man1/env-update.1: Permission denied gzip: /dev/shm/portage/portage-2.0.51.20-r5/image//usr/share/man/man1/etc-update.1: Permission denied gzip: /dev/shm/portage/portage-2.0.51.20-r5/image//usr/share/man/man1/g-cpan.pl.1: Permission denied gzip: /dev/shm/portage/portage-2.0.51.20-r5/image//usr/share/man/man5/make.conf.5: Permission denied gzip: /dev/shm/portage/portage-2.0.51.20-r5/image//usr/share/man/man5/portage.5: Permission denied gzip: /dev/shm/portage/portage-2.0.51.20-r5/image//usr/share/man/man1/quickpkg.1: Permission denied gzip: /dev/shm/portage/portage-2.0.51.20-r5/image//usr/share/man/man1/repoman.1: Permission denied gzip: /dev/shm/portage/portage-2.0.51.20-r5/image/usr/share/doc/portage-2.0.51.20-r5/ChangeLog: Permission denied man: gzipping man page: portage.5 gzip: /dev/shm/portage/portage-2.0.51.20-r5/image/usr/share/man/man5/portage.5.gz: Permission denied gzipping man page: make.conf.5 gzip: /dev/shm/portage/portage-2.0.51.20-r5/image/usr/share/man/man5/make.conf.5.gz: Permission denied gzipping man page: ebuild.5 gzip: /dev/shm/portage/portage-2.0.51.20-r5/image/usr/share/man/man5/ebuild.5.gz: Permission denied gzipping man page: repoman.1 gzip: /dev/shm/portage/portage-2.0.51.20-r5/image/usr/share/man/man1/repoman.1.gz: Permission denied gzipping man page: quickpkg.1 gzip: /dev/shm/portage/portage-2.0.51.20-r5/image/usr/share/man/man1/quickpkg.1.gz: Permission denied gzipping man page: g-cpan.pl.1 gzip: /dev/shm/portage/portage-2.0.51.20-r5/image/usr/share/man/man1/g-cpan.pl.1.gz: Permission denied gzipping man page: etc-update.1 gzip: /dev/shm/portage/portage-2.0.51.20-r5/image/usr/share/man/man1/etc-update.1.gz: Permission denied gzipping man page: env-update.1 gzip: /dev/shm/portage/portage-2.0.51.20-r5/image/usr/share/man/man1/env-update.1.gz: Permission denied gzipping man page: emerge.1 gzip: /dev/shm/portage/portage-2.0.51.20-r5/image/usr/share/man/man1/emerge.1.gz: Permission denied gzipping man page: ebuild.1 gzip: /dev/shm/portage/portage-2.0.51.20-r5/image/usr/share/man/man1/ebuild.1.gz: Permission denied gzipping man page: dispatch-conf.1 gzip: /dev/shm/portage/portage-2.0.51.20-r5/image/usr/share/man/man1/dispatch-conf.1.gz: Permission denied prepallstrip: strip: i686-pc-linux-gnu-strip --strip-unneeded strip: i686-pc-linux-gnu-strip --strip-unneeded usr/lib/portage/bin/tbz2tool >>> Completed installing portage-2.0.51.20-r5 into /dev/shm/portage/portage-2.0.51.20-r5/image/ ./ ./usr/ ./usr/sbin/ ./usr/sbin/emerge-webrsync ./usr/sbin/regenworld ./usr/sbin/fixpackages ./usr/sbin/archive-conf ./usr/sbin/dispatch-conf ./usr/sbin/etc-update ./usr/sbin/ebuild ./usr/sbin/env-update ./usr/bin/ [snip] ./etc/make.conf.example ./etc/make.globals ./etc/dispatch-conf.conf ./etc/etc-update.conf mv: cannot remove `portage-2.0.51.20-r5.tbz2': Permission denied !!! ERROR: sys-apps/portage-2.0.51.20-r5 failed. !!! Function dyn_package, Line 956, Exitcode 1 !!! Failed to move tbz2 to /usr/portage-packages/All !!! If you need support, post the topmost build error, NOT this status message. Portage 2.0.51.20-r5 (default-linux/x86/2005.0, gcc-3.4.3, glibc-2.3.4.20050125-r1, 2.6.10-gentoo-r4 i686) ================================================================= System uname: 2.6.10-gentoo-r4 i686 AMD Athlon(tm) XP 3000+ Gentoo Base System version 1.6.11 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.3 [disabled] dev-lang/python: 2.3.5 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r7 sys-devel/libtool: 1.5.14 virtual/os-headers: 2.6.8.1-r4 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O3 -march=athlon-xp -ggdb3 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O3 -march=athlon-xp -ggdb3 -pipe" DISTDIR="/usr/portage-distfiles" FEATURES="autoconfig buildpkg collision-protect cvs digest distlocks sandbox sfperms userpriv" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" LINGUAS="en_US" MAKEOPTS="-j1" PKGDIR="/usr/portage-packages" PORTAGE_TMPDIR="/dev/shm" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://yamato/gentoo-portage" USE="x86 3dnow X Xaw3d aalib acl acpi alsa amd apache2 apm arts avi berkdb bitmap-fonts caps cdr cgi clearpasswd crypt cscope cups curl divx4linux dri dts dvd dvdr emboss encode erandom escreen esd ethereal expat f77 faac faad fam flac flash foomaticdb fortran gcj gd gdbm gif glx gnome gpm gstreamer ieee1394 imagemagick imap imlib innodb ipalias ipv6 jabber jack java javascript jikes jpeg junit kde ldap libwww lm_sensors mad maildir mcal md5sum mikmod mmx motif mozcalendar mozdevelop mozsvg mozxmlterm mp3 mpeg multitarget nas ncurses nls nptl oav objc offensive ogg oggvorbis opengl pam pcap pda pdflib perl pic plotutils png pnp ppds python quicktime rdesktop readline rpc samba scanner sdl slang slp snmp socks5 speex spell sqlite sse ssl tcltk tcpd tetex theora tidy tiff truetype truetype-fonts type1 type1-fonts ungif usb userlocales v4l v4l2 vorbis wifi wmf wxwindows xinerama xml xml2 xmms xosd xrandr xscreensaver xv xvid zlib linguas_en_US" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS
some permissions data: x29 ~ # ls -l /dev/shm/ # $PORTAGE_TMPDIR total 0 drwxrwxr-x 5 portage portage 100 Apr 27 02:19 portage drwxrwxr-x 2 portage portage 40 Apr 27 02:19 portage-pkg
It breaks here regardless of userpriv in FEATURES if PORTAGE_TMPDIR="/dev/shm". Tried with /var/tmp on tmpfs and had no issues and my /dev/shm has default mount options so it must be something specifically to do with that directory. Related is bug #88589.
Same problem here... OK, may I have a suggestion? echo ">=sys-apps/portage-2.0.50.20" >> /usr/portage/profiles/package.mask Seriously - 2.0.50.20-r* is not unstable, it is strictly experimental.
No. Portage is very far from badly broken. In fact there are no regressions whatsoever in portage at all now. What you are talking about is the split out (and new version of) sandbox. However, other than the initial amd64 one, all the bugs received so far have been on broken systems or systems with not-the-norm configurations. Furthermore, this release has seen much fewer bugs than a regular "stable" release of portage has since I've been been on the team.
ok, well then please repair the sandbox to the same level of functionality that it was in as of 2.0.51.19! PORTAGE_TMPDIR is basically the only major way I diverge from the default configuration, and it's only on tmpfs as I have lots of memory, so provides a big speed improvement.
OK. I lost all my customized configs on a test box due to Bug 90148 and have had serious issues with sandbox with all subsequent versions. I call this "badly broken" for sure and I really think this should be package.masked.
File a metabug about p.masking it (which frankly is stupid, since the bugs are already shaken out for the most part). Keep on topic on this bug... SANDBOX_DEBUG="1" SANDBOX_DEBUG_LOG="/tmp/debug-sandbox" PORTAGE_DEBUG="hooha" emerge whatever-triggers-it , and attach the logs to this bug.
exact sys-apps/sandbox version you're triggering it with would be useful also.
How about not having PORTAGE_TMPDIR in /dev/ ? Does that fix it (works over here with standard dir)?
sandbox is sys-apps/sandbox-1.2.1-r2 Perhaps sandbox is a candidate for profiles/info_pkgs? ferringb: I ran: SANDBOX_DEBUG="1" SANDBOX_DEBUG_LOG="/tmp/debug-sandbox" PORTAGE_DEBUG="hooha" emerge portage and the debugging logfile wasn't even written. In fact the entire output is identical to the 'emerge portage' output I already posted here. Sandbox works perfectly with any path outside of /dev/shm. But as a test, I mounted some real disk to /dev/shm instead of using tmpfs, and found that also fails (again, identical errors to before). So it's something in how sandbox treats that path.
describing a package as 'horribly broken' when using a non-standard/uncommon setup is incorrect
/* XXX: Hack to make sure sandboxed process cannot remove * a device node, bug #79836. */ if (0 == strncmp(canonic, "/dev/", 5)) { errno = EACCES; return result; }
jstubbs: Commenting that out makes it work :-). I think that logic there should be changed to deny unlink in all parts of /dev that AREN't otherwise allowed.
jstubbs put together an initial patch for this. It works (emerge portage) now, but there is some extra output that is spewed. ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage_file.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage_gpg.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage_localization.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage_locks.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/portage_util.py ... Compiling /dev/shm/portage/portage-2.0.51.20-r5/work/portage-2.0.51.20/pym/xpak.py ... >>> Test phase [not enabled]: sys-apps/portage-2.0.51.20-r5 /usr/lib/portage/bin/ebuild.sh: line 16: /dev/null: Permission denied /usr/lib/portage/bin/ebuild.sh: line 44: /dev/null: Permission denied /usr/lib/portage/bin/ebuild.sh: line 56: /dev/null: Permission denied /usr/lib/portage/bin/ebuild.sh: line 1362: /dev/null: Permission denied /usr/lib/portage/bin/ebuild.sh: line 1362: /dev/null: Permission denied /usr/lib/portage/bin/ebuild.sh: line 1362: /dev/null: Permission denied >>> Install portage-2.0.51.20-r5 into /dev/shm/portage/portage-2.0.51.20-r5/image/ category sys-apps man: /usr/lib/portage/bin/prepman: line 46: /dev/null: Permission denied /usr/lib/portage/bin/prepall: line 39: /dev/null: Permission denied >>> Completed installing portage-2.0.51.20-r5 into /dev/shm/portage/portage-2.0.51.20-r5/image/ /usr/lib/portage/bin/ebuild.sh: line 16: /dev/null: Permission denied /usr/lib/portage/bin/ebuild.sh: line 44: /dev/null: Permission denied /usr/lib/portage/bin/ebuild.sh: line 56: /dev/null: Permission denied /usr/lib/portage/bin/ebuild.sh: line 1362: /dev/null: Permission denied /usr/lib/portage/bin/ebuild.sh: line 1362: /dev/null: Permission denied /usr/lib/portage/bin/ebuild.sh: line 1362: /dev/null: Permission denied ./ ./usr/ ./usr/sbin/ ./usr/sbin/emerge-webrsync ./usr/sbin/regenworld ...
Created attachment 57461 [details, diff] sandbox-1.2.1-dev-usage.patch Removes the hack for #79836 and moves /dev/null out of WRITE and into PREDICT.
i think /dev/zero should be moved too ? (not because we've had problems but because it's the right thing ?)
No good. Moving /dev/null to SANDBOX_PREDICT doesn't allow the writes. The only difference between SANDBOX_PREDICT and SANDBOX_DENY is that SANDBOX_PREDICT failures are not logged and thus don't cause emerge to fail the package. I wasn't aware of this until testing out the patch... As a short term fix, it'll be easiest to just remove the hack for the dodgy toolchain versions and add a block against them. Long term will probably require a new class of access control.
I still think its just plain silly to have PORTAGE_TMPDIR under /dev, and really do not go with why /dev/shm/ exists ... but that is just me.
Blocker: Blocks development and/or testing work This bug has a very easy workaround.
Fixed in sandbox-1.2.2.
