Mark Martinec
2015-Nov-26 18:31 UTC
A recent 10.2-STABLE no longer builds on a no-exec /usr/src file system
Up to about a week ago building world on FreeBSD 10.2-STABLE went just fine. Today after svn update the build fails: # make buildworld [...] CC='cc ' mkdep -f .depend.getprotoent_test -a -I/usr/src/lib/libc/tests/net -I/usr/src/lib/libnetbsd -I/usr/src/contrib/netbsd-tests -std=gnu99 /usr/src/contrib/netbsd-tests/lib/libc/net/t_getprotoent.c echo getprotoent_test: /usr/obj/usr/src/tmp/usr/lib/libc.a /usr/obj/usr/src/tmp/usr/lib/private/libatf-c.a >> .depend.getprotoent_test (cd /usr/src/lib/libc/tests/net && make -f /usr/src/lib/libc/tests/net/Makefile _RECURSING_PROGS= SUBDIR= PROG=ether_aton_test DEPENDFILE=.depend.ether_aton_test .MAKE.DEPENDFILE=.depend.ether_aton_test depend) /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr /usr/src/sys/net/if_ethersubr.c aton_ether_subr.c make[7]: exec(/usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr) failed (Permission denied) *** Error code 1 Stop. make[7]: stopped in /usr/src/lib/libc/tests/net *** Error code 1 It turns out that our file system /usr/src had an "exec" flag turned off, so now running a command: /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr fails with "Permission denied". It would be valuable if building a system on an exec-protected src file system would continue to be possible. Not sure if the /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr is the only such new command breaking the build. Anyway, a simple workaround is to run shell from a command line instead of as a shebang, i.e.: # /bin/sh /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr instead of: # /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr Mark
Miroslav Lachman
2015-Nov-26 18:44 UTC
A recent 10.2-STABLE no longer builds on a no-exec /usr/src file system
Mark Martinec wrote on 11/26/2015 19:31:> Up to about a week ago building world on FreeBSD 10.2-STABLE went > just fine. Today after svn update the build fails: > > > # make buildworld > [...] > > CC='cc ' mkdep -f .depend.getprotoent_test -a > -I/usr/src/lib/libc/tests/net -I/usr/src/lib/libnetbsd > -I/usr/src/contrib/netbsd-tests -std=gnu99 > /usr/src/contrib/netbsd-tests/lib/libc/net/t_getprotoent.c > echo getprotoent_test: /usr/obj/usr/src/tmp/usr/lib/libc.a > /usr/obj/usr/src/tmp/usr/lib/private/libatf-c.a >> .depend.getprotoent_test > (cd /usr/src/lib/libc/tests/net && make -f > /usr/src/lib/libc/tests/net/Makefile _RECURSING_PROGS= SUBDIR> PROG=ether_aton_test DEPENDFILE=.depend.ether_aton_test > .MAKE.DEPENDFILE=.depend.ether_aton_test depend) > /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr > /usr/src/sys/net/if_ethersubr.c aton_ether_subr.c > make[7]: exec(/usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr) > failed (Permission denied) > *** Error code 1 > > Stop. > make[7]: stopped in /usr/src/lib/libc/tests/net > *** Error code 1 > > > It turns out that our file system /usr/src had an "exec" flag > turned off, so now running a command: > /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr > fails with "Permission denied". > > It would be valuable if building a system on an exec-protected > src file system would continue to be possible. > > Not sure if the /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr > is the only such new command breaking the build. Anyway, a simple > workaround is to run shell from a command line instead of as a > shebang, i.e.: > > # /bin/sh /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr > > instead of: > > # /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subrI was puzzled by similar thing years ago. I was using /var/db and /tmp mounted with noexec. And then there was some changes. Ports need /var/db with exec because of some script in /var/db/pkg and /tmp must have exec too for buildworld or installworld (I don't remember it well, now I always do mount -u -o current,exec /tmp before build + install world and kernel) Anyway - it would be better to not have these partitions mounted with exec. Miroslav Lachman
Mark Martinec
2015-Dec-07 15:35 UTC
A recent 10.2-STABLE no longer builds on a no-exec /usr/src file system
So, is this a new state of affairs that /usr/src file system needs to be mounted exec in order for buildworld to succeed, or is this an unintended change and I should file a bug report? Mark On 2015-11-26 19:44, Miroslav Lachman wrote:> Mark Martinec wrote on 11/26/2015 19:31: >> Up to about a week ago building world on FreeBSD 10.2-STABLE went >> just fine. Today after svn update the build fails: >> >> >> # make buildworld >> [...] >> >> CC='cc ' mkdep -f .depend.getprotoent_test -a >> -I/usr/src/lib/libc/tests/net -I/usr/src/lib/libnetbsd >> -I/usr/src/contrib/netbsd-tests -std=gnu99 >> /usr/src/contrib/netbsd-tests/lib/libc/net/t_getprotoent.c >> echo getprotoent_test: /usr/obj/usr/src/tmp/usr/lib/libc.a >> /usr/obj/usr/src/tmp/usr/lib/private/libatf-c.a >> >> .depend.getprotoent_test >> (cd /usr/src/lib/libc/tests/net && make -f >> /usr/src/lib/libc/tests/net/Makefile _RECURSING_PROGS= SUBDIR>> PROG=ether_aton_test DEPENDFILE=.depend.ether_aton_test >> .MAKE.DEPENDFILE=.depend.ether_aton_test depend) >> /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr >> /usr/src/sys/net/if_ethersubr.c aton_ether_subr.c >> make[7]: >> exec(/usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr) >> failed (Permission denied) >> *** Error code 1 >> >> Stop. >> make[7]: stopped in /usr/src/lib/libc/tests/net >> *** Error code 1 >> >> >> It turns out that our file system /usr/src had an "exec" flag >> turned off, so now running a command: >> /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr >> fails with "Permission denied". >> >> It would be valuable if building a system on an exec-protected >> src file system would continue to be possible. >> >> Not sure if the >> /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr >> is the only such new command breaking the build. Anyway, a simple >> workaround is to run shell from a command line instead of as a >> shebang, i.e.: >> >> # /bin/sh /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr >> >> instead of: >> >> # /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr > > I was puzzled by similar thing years ago. I was using /var/db and /tmp > mounted with noexec. And then there was some changes. Ports need > /var/db with exec because of some script in /var/db/pkg and /tmp must > have exec too for buildworld or installworld (I don't remember it > well, now I always do mount -u -o current,exec /tmp before build + > install world and kernel) > > Anyway - it would be better to not have these partitions mounted with > exec. > > Miroslav Lachman