diff options
author | Mike Gilbert <floppym@gentoo.org> | 2022-09-17 19:37:46 -0400 |
---|---|---|
committer | Mike Gilbert <floppym@gentoo.org> | 2022-09-18 14:33:19 -0400 |
commit | 47ac5aff464d414bcaa2d04e9eeff06aceec868c (patch) | |
tree | 19d2d983cb3ee970a48074f2ee8352657e69dba3 | |
parent | Add test to cover portage.checksum._apply_hash_filter (diff) | |
download | portage-47ac5aff464d414bcaa2d04e9eeff06aceec868c.tar.gz portage-47ac5aff464d414bcaa2d04e9eeff06aceec868c.tar.bz2 portage-47ac5aff464d414bcaa2d04e9eeff06aceec868c.zip |
Move pty setup from AbstractEbuildProcess to SpawnProcess
This ensures that bash is always executed with a controlling terminal,
which prevents it from triggering sandbox failures on startup.
When merging a package, the 'instprep' phase is executed by a
MergeProcess task. The MergeProcess class derives from SpawnProcess
directly (not through AbstractEbuildProcess).
The SpawnProcess class calls portage.process.spawn() to execute a task.
When pid-sandbox is enabled, this creates a new PID namespaces, and
starts pid-ns-init to act as PID 1 in the new namespace.
pid-ns-init calls setsid(), which creates a new session and
disconnects the process from its controlling terminal.
Later, it calls ioctl(sys.stdout, termios.TIOCSCTTY) to associate the
process with the terminal attached to stdout. This only works if stdout
is a tty (not a pipe).
If pid-ns-init fails to associate the process with a controlling
terminal, bash will fail to open /dev/tty on startup. As a fallback,
bash will attempt to dereference /proc/self/fd/0 (stdin), and opens the
resulting path with O_RDWR.
If the ebuild sets PROPERTIES="interactive", stdin will be inherited
from the parent emerge process, and may be attached to a terminal device
(/dev/tty1, etc). Attempting to open this device is likely to trigger a
sandbox failure.
Bug: https://bugs.gentoo.org/870310
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
-rw-r--r-- | lib/_emerge/AbstractEbuildProcess.py | 8 | ||||
-rw-r--r-- | lib/_emerge/SpawnProcess.py | 7 |
2 files changed, 6 insertions, 9 deletions
diff --git a/lib/_emerge/AbstractEbuildProcess.py b/lib/_emerge/AbstractEbuildProcess.py index 6d89d40f0..8712b8ea1 100644 --- a/lib/_emerge/AbstractEbuildProcess.py +++ b/lib/_emerge/AbstractEbuildProcess.py @@ -18,7 +18,6 @@ from portage.package.ebuild._ipc.ExitCommand import ExitCommand from portage.package.ebuild._ipc.QueryCommand import QueryCommand from portage import os from portage.util.futures import asyncio -from portage.util._pty import _create_pty_or_pipe from portage.util import apply_secpass_permissions portage.proxy.lazyimport.lazyimport( @@ -336,13 +335,6 @@ class AbstractEbuildProcess(SpawnProcess): self._eerror(textwrap.wrap(msg, 72)) - def _pipe(self, fd_pipes): - stdout_pipe = None - if not self.background: - stdout_pipe = fd_pipes.get(1) - got_pty, master_fd, slave_fd = _create_pty_or_pipe(copy_term_size=stdout_pipe) - return (master_fd, slave_fd) - def _can_log(self, slave_fd): # With sesandbox, logging works through a pty but not through a # normal pipe. So, disable logging if ptys are broken. diff --git a/lib/_emerge/SpawnProcess.py b/lib/_emerge/SpawnProcess.py index c43b17c12..ed5724c91 100644 --- a/lib/_emerge/SpawnProcess.py +++ b/lib/_emerge/SpawnProcess.py @@ -16,6 +16,7 @@ from portage.output import EOutput from portage.util import writemsg_level from portage.util._async.BuildLogger import BuildLogger from portage.util._async.PipeLogger import PipeLogger +from portage.util._pty import _create_pty_or_pipe from portage.util.futures import asyncio @@ -217,7 +218,11 @@ class SpawnProcess(SubProcess): @type fd_pipes: dict @param fd_pipes: pipes from which to copy terminal size if desired. """ - return os.pipe() + stdout_pipe = None + if not self.background: + stdout_pipe = fd_pipes.get(1) + got_pty, master_fd, slave_fd = _create_pty_or_pipe(copy_term_size=stdout_pipe) + return (master_fd, slave_fd) def _spawn(self, args, **kwargs): spawn_func = portage.process.spawn |