Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 04 Mar 2015 13:48:11 -0700
From:      Ian Lepore <ian@freebsd.org>
To:        "Julian H. Stacey" <jhs@berklix.com>
Cc:        freebsd-hackers@freebsd.org, np@bsn.com
Subject:   Re: Patch to stop world killing jails via failing install -fschg libc.so.7
Message-ID:  <1425502091.65214.15.camel@freebsd.org>
In-Reply-To: <201503041600.t24G0QV1048766@fire.js.berklix.net>
References:  <201503041600.t24G0QV1048766@fire.js.berklix.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 2015-03-04 at 17:00 +0100, Julian H. Stacey wrote:
> Hi Hackers,
> I have filed this patch
> 	https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198279
> via 
> 	https://bugs.freebsd.org/bugzilla/enter_bug.cgi
> Chflags lovers (not me!) might want to write an enhanced patch.
> 	
> -----
> Jails are lethaly killed by make world, unless /etc/make.conf contains this:
> 	NO_FSCHG="yes"
> 	#       Avoid bsd.lib.mk 'INSTALLFLAGS+= -fschg' killing FreeBSD jails,
> 	#       deleting /lib/libc.so.7 via 'cd /usr/src/lib/csu/amd64 ; make install'
> 
> Killing:
> 	uname -a
> 	FreeBSD land.berklix.org 10.1-RELEASE-p6 FreeBSD 10.1-RELEASE-p6 #0: Tue Feb 24 19:00:21 UTC 2015     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
> 	
> 	cd /usr/src; make install
> 	===> lib/libc (install)
> 	install -s -o root -g wheel -m 444   -fschg -S  libc.so.7 /lib
> 	install: /lib/libc.so.7: chflags: Operation not permitted
> 	*** Error code 71
> 
> Recovery:
> 	/rescue/cp /usr/obj/usr/src/lib/libc/libc.so.7 /lib/
> 
> man install falsely claims: -S Safe copy, But is broken by -fschg !
> 
> Solutions:
> - Disable chflags in bsd.lib.mk & bsd.lib.mk.  Patches appended.
> - Or Extend bsd.lib.mk & bsd.lib.mk to be conditional on jail detection. (**)
> - Or Fix install to not break with chflags (**)
> (**) Last 2 should be done by those who want to keep Chflags in FreeBSD,
>      not me, I've used Unix since 1978, but find chflags a Wart best removed.
> 
> I discovered this on 8.2-RELEASE 18 Jun 2013, & just got bitten again on
> 10.1-RELEASE-p6, (as my jail's make.conf lost its NO_FSCHG="yes").
> 
> *** 10.1-RELEASE-p6/src/share/mk/bsd.lib.mk	Wed Mar  4 14:27:16 2015
> --- new-generic/src/share/mk/bsd.lib.mk	Wed Mar  4 14:33:48 2015
> ***************
> *** 284,291 ****
>   
>   .if defined(PRECIOUSLIB)
>   .if !defined(NO_FSCHG)
> ! SHLINSTALLFLAGS+= -fschg
>   .endif
>   SHLINSTALLFLAGS+= -S
>   .endif
> --- 284,290 ----
>   
>   .if defined(PRECIOUSLIB)
>   .if !defined(NO_FSCHG)
> ! # SHLINSTALLFLAGS+= -fschg
> ! # Explanation: http://berklix.com/~jhs/src/bsd/fixes/freebsd/src/gen/share/mk/bsd.lib.mk.chflags.REL=ALL.diff
>   .endif
>   SHLINSTALLFLAGS+= -S
>   .endif
> ***************
> *** 356,362 ****
>   	${INSTALL_SYMLINK} ${_SHLIBDIRPREFIX}${_SHLIBDIR}/${SHLIB_NAME} \
>   	    ${DESTDIR}${_LIBDIR}/${SHLIB_LINK}
>   .if exists(${DESTDIR}${_LIBDIR}/${SHLIB_NAME})
> ! 	-chflags noschg ${DESTDIR}${_LIBDIR}/${SHLIB_NAME}
>   	rm -f ${DESTDIR}${_LIBDIR}/${SHLIB_NAME}
>   .endif
>   .endif
> --- 356,364 ----
>   	${INSTALL_SYMLINK} ${_SHLIBDIRPREFIX}${_SHLIBDIR}/${SHLIB_NAME} \
>   	    ${DESTDIR}${_LIBDIR}/${SHLIB_LINK}
>   .if exists(${DESTDIR}${_LIBDIR}/${SHLIB_NAME})
> ! #	-chflags noschg ${DESTDIR}${_LIBDIR}/${SHLIB_NAME}
> ! #	Chflags wont actually kill the system here, but chflags is dirty.
> ! 	@echo "Skipping -chflags noschg ${DESTDIR}${_LIBDIR}/${SHLIB_NAME}"
>   	rm -f ${DESTDIR}${_LIBDIR}/${SHLIB_NAME}
>   .endif
>   .endif
> 
> *** 10.1-RELEASE-p6/src/share/mk/bsd.prog.mk	Wed Mar  4 14:27:16 2015
> --- new-generic/src/share/mk/bsd.prog.mk	Wed Mar  4 14:34:50 2015
> ***************
> *** 185,192 ****
>   
>   .if defined(PRECIOUSPROG)
>   .if !defined(NO_FSCHG)
> ! INSTALLFLAGS+= -fschg
> ! # Explanation: http://berklix.com/~jhs/src/bsd/fixes/freebsd/src/gen/share/mk/bsd.lib.mk.chflags.REL=ALL.diff
>   .endif
>   INSTALLFLAGS+= -S
>   .endif
> --- 185,192 ----
>   
>   .if defined(PRECIOUSPROG)
>   .if !defined(NO_FSCHG)
> ! # INSTALLFLAGS+= -fschg
> ! #	See similar change in bsd.lib.mk
>   .endif
>   INSTALLFLAGS+= -S
>   .endif
> 
> Cheers,
> Julian

The most straightforward solution is to add "allow.chflags" to the
parameters of a jail you intend to do builds in.  (You seem to have
rather religious feelings about chflags, but I don't think they're ever
going away.)

-- Ian

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1425502091.65214.15.camel>