Date: Thu, 14 Jan 2016 14:13:56 -0800 From: Bryan Drewery <bdrewery@FreeBSD.org> To: Mark Martinec <Mark.Martinec+freebsd@ijs.si>, freebsd-stable@freebsd.org Subject: Re: A recent 10.2-STABLE no longer builds on a no-exec /usr/src file system Message-ID: <56981DA4.30402@FreeBSD.org> In-Reply-To: <db623061cdf97d82bb8df4bee9fbd4ab@mailbox.ijs.si> References: <636a770981c5655f3cc45f2c6aee6474@mailbox.ijs.si> <56575324.9070400@quip.cz> <484e5e28706f1d717bcd02542e7ba306@mailbox.ijs.si> <db623061cdf97d82bb8df4bee9fbd4ab@mailbox.ijs.si>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --hlvmv6LDAGrtmnRUXcOOqC20edjppHAAt Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Where / What is the error? The only example here was fixed in November. On 1/14/2016 7:42 AM, Mark Martinec wrote: > Prompted by recent security advisories I did a 'make buildworld' > on a fresh svn checkout, only to find out that it seems the 'exec' > mount flag on /usr/src is still required for a successful build. >=20 > This wasn't so for 10.2, and I hope it won't become a requirement > in 10.3 - or at least it should be clearly documented in release notes.= >=20 > Mark >=20 >=20 > On 2015-12-07 16:35, Mark Martinec wrote: >> So, is this a new state of affairs that /usr/src file system >> needs to be mounted exec in order for buildworld to succeed, >> or is this an unintended change and I should file a bug report? >> >> Mark >> >> >> On 2015-11-26 19:44, Miroslav Lachman wrote: >>> Mark Martinec wrote on 11/26/2015 19:31: >>>> Up to about a week ago building world on FreeBSD 10.2-STABLE went >>>> just fine. Today after svn update the build fails: >>>> >>>> >>>> # make buildworld >>>> [...] >>>> >>>> CC=3D'cc ' mkdep -f .depend.getprotoent_test -a >>>> -I/usr/src/lib/libc/tests/net -I/usr/src/lib/libnetbsd >>>> -I/usr/src/contrib/netbsd-tests -std=3Dgnu99 >>>> /usr/src/contrib/netbsd-tests/lib/libc/net/t_getprotoent.c >>>> echo getprotoent_test: /usr/obj/usr/src/tmp/usr/lib/libc.a >>>> /usr/obj/usr/src/tmp/usr/lib/private/libatf-c.a >> >>>> .depend.getprotoent_test >>>> (cd /usr/src/lib/libc/tests/net && make -f >>>> /usr/src/lib/libc/tests/net/Makefile _RECURSING_PROGS=3D SUBDIR=3D >>>> PROG=3Dether_aton_test DEPENDFILE=3D.depend.ether_aton_test >>>> .MAKE.DEPENDFILE=3D.depend.ether_aton_test depend) >>>> /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr >>>> /usr/src/sys/net/if_ethersubr.c aton_ether_subr.c >>>> make[7]: >>>> exec(/usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr) >>>> failed (Permission denied) >>>> *** Error code 1 >>>> >>>> Stop. >>>> make[7]: stopped in /usr/src/lib/libc/tests/net >>>> *** Error code 1 >>>> >>>> >>>> It turns out that our file system /usr/src had an "exec" flag >>>> turned off, so now running a command: >>>> /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr >>>> fails with "Permission denied". >>>> >>>> It would be valuable if building a system on an exec-protected >>>> src file system would continue to be possible. >>>> >>>> Not sure if the >>>> /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr >>>> is the only such new command breaking the build. Anyway, a simple >>>> workaround is to run shell from a command line instead of as a >>>> shebang, i.e.: >>>> >>>> # /bin/sh /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_su= br >>>> >>>> instead of: >>>> >>>> # /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr >>> >>> I was puzzled by similar thing years ago. I was using /var/db and /tm= p >>> mounted with noexec. And then there was some changes. Ports need >>> /var/db with exec because of some script in /var/db/pkg and /tmp must= >>> have exec too for buildworld or installworld (I don't remember it >>> well, now I always do mount -u -o current,exec /tmp before build + >>> install world and kernel) >>> >>> Anyway - it would be better to not have these partitions mounted with= >>> exec. >>> --=20 Regards, Bryan Drewery --hlvmv6LDAGrtmnRUXcOOqC20edjppHAAt Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJWmB2kAAoJEDXXcbtuRpfPfrQH/in4EVOcvPfSO9cl+4NGJfTN 3/SSbKf2QoB8EAzzuyA6Sl0VRA98uvWaPIk6EOQ5HWF3pM8ojr1nQC+eIIcLEcim vKfsXW7xAbVsMzSZGMOqBOHnVFTU0/fVPOZz+AB5zkdaas+pWTVcVuiWqDeHozL/ 549xJnDNQ+RbTgPERMtUyQdCDdn9Nz4N5aseDiJysda8hlTitx1SCzEvndOSxx28 r0M6DDh2hfIP3BhalcwAShF5LVfNhAd8r4cS4+nkh4h899j8vqr6nriGrEAj9U4a sOKhuZ8zyoPWrpMxptkcVaI3RpejLu8q4Psm3UVY5YdHkvzxXsVq2eN2Xg1MGF8= =rkXe -----END PGP SIGNATURE----- --hlvmv6LDAGrtmnRUXcOOqC20edjppHAAt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56981DA4.30402>