ports/144264: installing misc/compat5x (or other compats) is broken when kernel security level is > 0

Youssef Ghorbal djo at pasteur.fr
Wed Feb 24 13:20:03 UTC 2010 

>Number:         144264
>Category:       ports
>Synopsis:       installing misc/compat5x (or other compats) is broken when kernel security level is > 0
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Feb 24 13:20:02 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Youssef Ghorbal
>Release:        FreeBSD 8.0
>Organization:
Institut Pasteur
>Environment:
FreeBSD 8.0-STABLE FreeBSD 8.0-STABLE #0: Fri Jan  8 16:59:10 CET 2010     root at XXXXXXXXXXXXX:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
compat5x libraries files delivered by the port have the schg flag set.
In the post-extract phase a chflags -R noschg ${WRKSRC} is executed in order to remove this flag. 
This works fine when kernel security level is 0 but chflags are not permitted if the security level is >= 1 (FreeBSD disallows changing system flags at security levels greater than 0) So the chflags is ignored.

In the do-install section if the OSVERSION is higher then 800105 (which is my case) the file libpthread.so.1 has to be removed. This action fails since the libpthread.so.1 has the schg set and the install fails.
The make clean fails too, since it's not able to remove work directory for the same reasons. 

Is there any reason why the compat lib files delivered by the port have the schg flag set ? especially when the first action taken after the extract is to remove it ? It's not even reset after the install phase.

>How-To-Repeat:
0 - FreeBSD 8.0 >= 800105 (on other FreeBSDs only the clean will fail)
1 - rise the kernel security level to a value higher or equal to 1.
2 - cd to the misc/compat5x ports directory and run make install clean.
>Fix:
- Deliver the compat files without the schg flag set.

Or (if the above is not possible)

- In the Makefile, test the kernel security level and abort the whole process at the beginning when this value is >=1

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list