From owner-freebsd-stable@freebsd.org  Thu Jan 14 22:13:51 2016
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id DC55CA8223F
 for <freebsd-stable@mailman.ysv.freebsd.org>;
 Thu, 14 Jan 2016 22:13:51 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 by mx1.freebsd.org (Postfix) with ESMTP id C9BFB1E88;
 Thu, 14 Jan 2016 22:13:51 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from mail.xzibition.com (localhost [IPv6:::1])
 by freefall.freebsd.org (Postfix) with ESMTP id BDC6C145E;
 Thu, 14 Jan 2016 22:13:51 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from mail.xzibition.com (localhost [172.31.3.2])
 by mail.xzibition.com (Postfix) with ESMTP id 7C54118634;
 Thu, 14 Jan 2016 22:13:51 +0000 (UTC)
X-Virus-Scanned: amavisd-new at mail.xzibition.com
Received: from mail.xzibition.com ([172.31.3.2])
 by mail.xzibition.com (mail.xzibition.com [172.31.3.2]) (amavisd-new,
 port 10026)
 with LMTP id mB8Krd6MCNgb; Thu, 14 Jan 2016 22:13:43 +0000 (UTC)
Subject: Re: A recent 10.2-STABLE no longer builds on a no-exec /usr/src file
 system
DKIM-Filter: OpenDKIM Filter v2.9.2 mail.xzibition.com 871C61862D
To: Mark Martinec <Mark.Martinec+freebsd@ijs.si>, freebsd-stable@freebsd.org
References: <636a770981c5655f3cc45f2c6aee6474@mailbox.ijs.si>
 <56575324.9070400@quip.cz> <484e5e28706f1d717bcd02542e7ba306@mailbox.ijs.si>
 <db623061cdf97d82bb8df4bee9fbd4ab@mailbox.ijs.si>
From: Bryan Drewery <bdrewery@FreeBSD.org>
Openpgp: id=F9173CB2C3AAEA7A5C8A1F0935D771BB6E4697CF;
 url=http://www.shatow.net/bryan/bryan2.asc
Organization: FreeBSD
Message-ID: <56981DA4.30402@FreeBSD.org>
Date: Thu, 14 Jan 2016 14:13:56 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <db623061cdf97d82bb8df4bee9fbd4ab@mailbox.ijs.si>
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="hlvmv6LDAGrtmnRUXcOOqC20edjppHAAt"
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jan 2016 22:13:52 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--hlvmv6LDAGrtmnRUXcOOqC20edjppHAAt
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Where / What is the error?

The only example here was fixed in November.


On 1/14/2016 7:42 AM, Mark Martinec wrote:
> Prompted by recent security advisories I did a 'make buildworld'
> on a fresh svn checkout, only to find out that it seems the 'exec'
> mount flag on /usr/src is still required for a successful build.
>=20
> This wasn't so for 10.2, and I hope it won't become a requirement
> in 10.3 - or at least it should be clearly documented in release notes.=

>=20
>   Mark
>=20
>=20
> On 2015-12-07 16:35, Mark Martinec wrote:
>> So, is this a new state of affairs that /usr/src file system
>> needs to be mounted exec in order for buildworld to succeed,
>> or is this an unintended change and I should file a bug report?
>>
>>   Mark
>>
>>
>> On 2015-11-26 19:44, Miroslav Lachman wrote:
>>> Mark Martinec wrote on 11/26/2015 19:31:
>>>> Up to about a week ago building world on FreeBSD 10.2-STABLE went
>>>> just fine. Today after svn update the build fails:
>>>>
>>>>
>>>> # make buildworld
>>>> [...]
>>>>
>>>> CC=3D'cc ' mkdep -f .depend.getprotoent_test -a
>>>> -I/usr/src/lib/libc/tests/net -I/usr/src/lib/libnetbsd
>>>> -I/usr/src/contrib/netbsd-tests -std=3Dgnu99
>>>> /usr/src/contrib/netbsd-tests/lib/libc/net/t_getprotoent.c
>>>> echo getprotoent_test: /usr/obj/usr/src/tmp/usr/lib/libc.a
>>>> /usr/obj/usr/src/tmp/usr/lib/private/libatf-c.a >>
>>>> .depend.getprotoent_test
>>>> (cd /usr/src/lib/libc/tests/net && make -f
>>>> /usr/src/lib/libc/tests/net/Makefile _RECURSING_PROGS=3D  SUBDIR=3D
>>>> PROG=3Dether_aton_test  DEPENDFILE=3D.depend.ether_aton_test
>>>> .MAKE.DEPENDFILE=3D.depend.ether_aton_test   depend)
>>>> /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr
>>>> /usr/src/sys/net/if_ethersubr.c aton_ether_subr.c
>>>> make[7]:
>>>> exec(/usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr)
>>>> failed (Permission denied)
>>>> *** Error code 1
>>>>
>>>> Stop.
>>>> make[7]: stopped in /usr/src/lib/libc/tests/net
>>>> *** Error code 1
>>>>
>>>>
>>>> It turns out that our file system /usr/src had an "exec" flag
>>>> turned off, so now running a command:
>>>>    /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr
>>>> fails with "Permission denied".
>>>>
>>>> It would be valuable if building a system on an exec-protected
>>>> src file system would continue to be possible.
>>>>
>>>> Not sure if the
>>>> /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr
>>>> is the only such new command breaking the build. Anyway, a simple
>>>> workaround is to run shell from a command line instead of as a
>>>> shebang, i.e.:
>>>>
>>>>    # /bin/sh /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_su=
br
>>>>
>>>> instead of:
>>>>
>>>>    # /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr
>>>
>>> I was puzzled by similar thing years ago. I was using /var/db and /tm=
p
>>> mounted with noexec. And then there was some changes. Ports need
>>> /var/db with exec because of some script in /var/db/pkg and /tmp must=

>>> have exec too for buildworld or installworld (I don't remember it
>>> well, now I always do mount -u -o current,exec /tmp before build +
>>> install world and kernel)
>>>
>>> Anyway - it would be better to not have these partitions mounted with=

>>> exec.
>>>


--=20
Regards,
Bryan Drewery


--hlvmv6LDAGrtmnRUXcOOqC20edjppHAAt
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJWmB2kAAoJEDXXcbtuRpfPfrQH/in4EVOcvPfSO9cl+4NGJfTN
3/SSbKf2QoB8EAzzuyA6Sl0VRA98uvWaPIk6EOQ5HWF3pM8ojr1nQC+eIIcLEcim
vKfsXW7xAbVsMzSZGMOqBOHnVFTU0/fVPOZz+AB5zkdaas+pWTVcVuiWqDeHozL/
549xJnDNQ+RbTgPERMtUyQdCDdn9Nz4N5aseDiJysda8hlTitx1SCzEvndOSxx28
r0M6DDh2hfIP3BhalcwAShF5LVfNhAd8r4cS4+nkh4h899j8vqr6nriGrEAj9U4a
sOKhuZ8zyoPWrpMxptkcVaI3RpejLu8q4Psm3UVY5YdHkvzxXsVq2eN2Xg1MGF8=
=rkXe
-----END PGP SIGNATURE-----

--hlvmv6LDAGrtmnRUXcOOqC20edjppHAAt--