Patch to stop world killing jails via failing install -fschg libc.so.7
Ian Lepore
ian at freebsd.org
Wed Mar 4 20:48:21 UTC 2015
On Wed, 2015-03-04 at 17:00 +0100, Julian H. Stacey wrote:
> Hi Hackers,
> I have filed this patch
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198279
> via
> https://bugs.freebsd.org/bugzilla/enter_bug.cgi
> Chflags lovers (not me!) might want to write an enhanced patch.
>
> -----
> Jails are lethaly killed by make world, unless /etc/make.conf contains this:
> NO_FSCHG="yes"
> # Avoid bsd.lib.mk 'INSTALLFLAGS+= -fschg' killing FreeBSD jails,
> # deleting /lib/libc.so.7 via 'cd /usr/src/lib/csu/amd64 ; make install'
>
> Killing:
> uname -a
> FreeBSD land.berklix.org 10.1-RELEASE-p6 FreeBSD 10.1-RELEASE-p6 #0: Tue Feb 24 19:00:21 UTC 2015 root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
>
> cd /usr/src; make install
> ===> lib/libc (install)
> install -s -o root -g wheel -m 444 -fschg -S libc.so.7 /lib
> install: /lib/libc.so.7: chflags: Operation not permitted
> *** Error code 71
>
> Recovery:
> /rescue/cp /usr/obj/usr/src/lib/libc/libc.so.7 /lib/
>
> man install falsely claims: -S Safe copy, But is broken by -fschg !
>
> Solutions:
> - Disable chflags in bsd.lib.mk & bsd.lib.mk. Patches appended.
> - Or Extend bsd.lib.mk & bsd.lib.mk to be conditional on jail detection. (**)
> - Or Fix install to not break with chflags (**)
> (**) Last 2 should be done by those who want to keep Chflags in FreeBSD,
> not me, I've used Unix since 1978, but find chflags a Wart best removed.
>
> I discovered this on 8.2-RELEASE 18 Jun 2013, & just got bitten again on
> 10.1-RELEASE-p6, (as my jail's make.conf lost its NO_FSCHG="yes").
>
> *** 10.1-RELEASE-p6/src/share/mk/bsd.lib.mk Wed Mar 4 14:27:16 2015
> --- new-generic/src/share/mk/bsd.lib.mk Wed Mar 4 14:33:48 2015
> ***************
> *** 284,291 ****
>
> .if defined(PRECIOUSLIB)
> .if !defined(NO_FSCHG)
> ! SHLINSTALLFLAGS+= -fschg
> .endif
> SHLINSTALLFLAGS+= -S
> .endif
> --- 284,290 ----
>
> .if defined(PRECIOUSLIB)
> .if !defined(NO_FSCHG)
> ! # SHLINSTALLFLAGS+= -fschg
> ! # Explanation: http://berklix.com/~jhs/src/bsd/fixes/freebsd/src/gen/share/mk/bsd.lib.mk.chflags.REL=ALL.diff
> .endif
> SHLINSTALLFLAGS+= -S
> .endif
> ***************
> *** 356,362 ****
> ${INSTALL_SYMLINK} ${_SHLIBDIRPREFIX}${_SHLIBDIR}/${SHLIB_NAME} \
> ${DESTDIR}${_LIBDIR}/${SHLIB_LINK}
> .if exists(${DESTDIR}${_LIBDIR}/${SHLIB_NAME})
> ! -chflags noschg ${DESTDIR}${_LIBDIR}/${SHLIB_NAME}
> rm -f ${DESTDIR}${_LIBDIR}/${SHLIB_NAME}
> .endif
> .endif
> --- 356,364 ----
> ${INSTALL_SYMLINK} ${_SHLIBDIRPREFIX}${_SHLIBDIR}/${SHLIB_NAME} \
> ${DESTDIR}${_LIBDIR}/${SHLIB_LINK}
> .if exists(${DESTDIR}${_LIBDIR}/${SHLIB_NAME})
> ! # -chflags noschg ${DESTDIR}${_LIBDIR}/${SHLIB_NAME}
> ! # Chflags wont actually kill the system here, but chflags is dirty.
> ! @echo "Skipping -chflags noschg ${DESTDIR}${_LIBDIR}/${SHLIB_NAME}"
> rm -f ${DESTDIR}${_LIBDIR}/${SHLIB_NAME}
> .endif
> .endif
>
> *** 10.1-RELEASE-p6/src/share/mk/bsd.prog.mk Wed Mar 4 14:27:16 2015
> --- new-generic/src/share/mk/bsd.prog.mk Wed Mar 4 14:34:50 2015
> ***************
> *** 185,192 ****
>
> .if defined(PRECIOUSPROG)
> .if !defined(NO_FSCHG)
> ! INSTALLFLAGS+= -fschg
> ! # Explanation: http://berklix.com/~jhs/src/bsd/fixes/freebsd/src/gen/share/mk/bsd.lib.mk.chflags.REL=ALL.diff
> .endif
> INSTALLFLAGS+= -S
> .endif
> --- 185,192 ----
>
> .if defined(PRECIOUSPROG)
> .if !defined(NO_FSCHG)
> ! # INSTALLFLAGS+= -fschg
> ! # See similar change in bsd.lib.mk
> .endif
> INSTALLFLAGS+= -S
> .endif
>
> Cheers,
> Julian
The most straightforward solution is to add "allow.chflags" to the
parameters of a jail you intend to do builds in. (You seem to have
rather religious feelings about chflags, but I don't think they're ever
going away.)
-- Ian
More information about the freebsd-hackers
mailing list