From owner-freebsd-stable@freebsd.org Mon Dec 7 15:35:13 2015 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 20E0B9B7DE3 for ; Mon, 7 Dec 2015 15:35:13 +0000 (UTC) (envelope-from Mark.Martinec+freebsd@ijs.si) Received: from mail.ijs.si (mail.ijs.si [IPv6:2001:1470:ff80::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A1CC61266 for ; Mon, 7 Dec 2015 15:35:12 +0000 (UTC) (envelope-from Mark.Martinec+freebsd@ijs.si) Received: from amavis-ori.ijs.si (localhost [IPv6:::1]) by mail.ijs.si (Postfix) with ESMTP id 3pDpcD2qVlz155 for ; Mon, 7 Dec 2015 16:35:08 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ijs.si; h= user-agent:message-id:references:in-reply-to:organization :subject:subject:from:from:date:date:content-transfer-encoding :content-type:content-type:mime-version:received:received :received:received; s=jakla4; t=1449502505; x=1452094506; bh=qEv 3Trw2g5oMg2tlro8RIij6QbJGRsBrTiseyTO1p3U=; b=ZNmp1YKA5c+WMTtUn8P AbiXltmZW3pThrqA5319BGD2yjLCKgj4JRHdATCzdGwHQaE4fk5IPxwq8ojb8SDj W1Vd2NJU19o2YVipWSx/N6LvaCiNjEGmhMmlpSXKqZ3Ds5vgS9HNC7tD/7LLn5ds fHC9BEU9m7ww5ZMPdRajPNFo= X-Virus-Scanned: amavisd-new at ijs.si Received: from mail.ijs.si ([IPv6:::1]) by amavis-ori.ijs.si (mail.ijs.si [IPv6:::1]) (amavisd-new, port 10026) with LMTP id qjwFGOeUW9V6 for ; Mon, 7 Dec 2015 16:35:05 +0100 (CET) Received: from mildred.ijs.si (mailbox.ijs.si [IPv6:2001:1470:ff80::143:1]) by mail.ijs.si (Postfix) with ESMTP id 3pDpc94PRjz152 for ; Mon, 7 Dec 2015 16:35:05 +0100 (CET) Received: from nabiralnik.ijs.si (nabiralnik.ijs.si [IPv6:2001:1470:ff80::80:16]) by mildred.ijs.si (Postfix) with ESMTP id 3pDpc92JJ3zvt for ; Mon, 7 Dec 2015 16:35:05 +0100 (CET) Received: from neli.ijs.si (2001:1470:ff80:88:21c:c0ff:feb1:8c91) by nabiralnik.ijs.si with HTTP (HTTP/1.1 POST); Mon, 07 Dec 2015 16:35:05 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Mon, 07 Dec 2015 16:35:05 +0100 From: Mark Martinec To: freebsd-stable@freebsd.org Subject: Re: A recent 10.2-STABLE no longer builds on a no-exec /usr/src file system Organization: Jozef Stefan Institute In-Reply-To: <56575324.9070400@quip.cz> References: <636a770981c5655f3cc45f2c6aee6474@mailbox.ijs.si> <56575324.9070400@quip.cz> Message-ID: <484e5e28706f1d717bcd02542e7ba306@mailbox.ijs.si> X-Sender: Mark.Martinec+freebsd@ijs.si User-Agent: Roundcube Webmail/1.1.3 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Dec 2015 15:35:13 -0000 So, is this a new state of affairs that /usr/src file system needs to be mounted exec in order for buildworld to succeed, or is this an unintended change and I should file a bug report? Mark On 2015-11-26 19:44, Miroslav Lachman wrote: > Mark Martinec wrote on 11/26/2015 19:31: >> Up to about a week ago building world on FreeBSD 10.2-STABLE went >> just fine. Today after svn update the build fails: >> >> >> # make buildworld >> [...] >> >> CC='cc ' mkdep -f .depend.getprotoent_test -a >> -I/usr/src/lib/libc/tests/net -I/usr/src/lib/libnetbsd >> -I/usr/src/contrib/netbsd-tests -std=gnu99 >> /usr/src/contrib/netbsd-tests/lib/libc/net/t_getprotoent.c >> echo getprotoent_test: /usr/obj/usr/src/tmp/usr/lib/libc.a >> /usr/obj/usr/src/tmp/usr/lib/private/libatf-c.a >> >> .depend.getprotoent_test >> (cd /usr/src/lib/libc/tests/net && make -f >> /usr/src/lib/libc/tests/net/Makefile _RECURSING_PROGS= SUBDIR= >> PROG=ether_aton_test DEPENDFILE=.depend.ether_aton_test >> .MAKE.DEPENDFILE=.depend.ether_aton_test depend) >> /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr >> /usr/src/sys/net/if_ethersubr.c aton_ether_subr.c >> make[7]: >> exec(/usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr) >> failed (Permission denied) >> *** Error code 1 >> >> Stop. >> make[7]: stopped in /usr/src/lib/libc/tests/net >> *** Error code 1 >> >> >> It turns out that our file system /usr/src had an "exec" flag >> turned off, so now running a command: >> /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr >> fails with "Permission denied". >> >> It would be valuable if building a system on an exec-protected >> src file system would continue to be possible. >> >> Not sure if the >> /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr >> is the only such new command breaking the build. Anyway, a simple >> workaround is to run shell from a command line instead of as a >> shebang, i.e.: >> >> # /bin/sh /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr >> >> instead of: >> >> # /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr > > I was puzzled by similar thing years ago. I was using /var/db and /tmp > mounted with noexec. And then there was some changes. Ports need > /var/db with exec because of some script in /var/db/pkg and /tmp must > have exec too for buildworld or installworld (I don't remember it > well, now I always do mount -u -o current,exec /tmp before build + > install world and kernel) > > Anyway - it would be better to not have these partitions mounted with > exec. > > Miroslav Lachman