From owner-freebsd-stable@freebsd.org Thu Nov 26 18:52:10 2015 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5A965A3AA45 for ; Thu, 26 Nov 2015 18:52:10 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 153511886 for ; Thu, 26 Nov 2015 18:52:09 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id B637328471; Thu, 26 Nov 2015 19:44:53 +0100 (CET) Received: from illbsd.quip.test (ip-86-49-16-209.net.upcbroadband.cz [86.49.16.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id BB8D628470; Thu, 26 Nov 2015 19:44:52 +0100 (CET) Message-ID: <56575324.9070400@quip.cz> Date: Thu, 26 Nov 2015 19:44:52 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:35.0) Gecko/20100101 Firefox/35.0 SeaMonkey/2.32 MIME-Version: 1.0 To: Mark Martinec , freebsd-stable@FreeBSD.org Subject: Re: A recent 10.2-STABLE no longer builds on a no-exec /usr/src file system References: <636a770981c5655f3cc45f2c6aee6474@mailbox.ijs.si> In-Reply-To: <636a770981c5655f3cc45f2c6aee6474@mailbox.ijs.si> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Nov 2015 18:52:10 -0000 Mark Martinec wrote on 11/26/2015 19:31: > Up to about a week ago building world on FreeBSD 10.2-STABLE went > just fine. Today after svn update the build fails: > > > # make buildworld > [...] > > CC='cc ' mkdep -f .depend.getprotoent_test -a > -I/usr/src/lib/libc/tests/net -I/usr/src/lib/libnetbsd > -I/usr/src/contrib/netbsd-tests -std=gnu99 > /usr/src/contrib/netbsd-tests/lib/libc/net/t_getprotoent.c > echo getprotoent_test: /usr/obj/usr/src/tmp/usr/lib/libc.a > /usr/obj/usr/src/tmp/usr/lib/private/libatf-c.a >> .depend.getprotoent_test > (cd /usr/src/lib/libc/tests/net && make -f > /usr/src/lib/libc/tests/net/Makefile _RECURSING_PROGS= SUBDIR= > PROG=ether_aton_test DEPENDFILE=.depend.ether_aton_test > .MAKE.DEPENDFILE=.depend.ether_aton_test depend) > /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr > /usr/src/sys/net/if_ethersubr.c aton_ether_subr.c > make[7]: exec(/usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr) > failed (Permission denied) > *** Error code 1 > > Stop. > make[7]: stopped in /usr/src/lib/libc/tests/net > *** Error code 1 > > > It turns out that our file system /usr/src had an "exec" flag > turned off, so now running a command: > /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr > fails with "Permission denied". > > It would be valuable if building a system on an exec-protected > src file system would continue to be possible. > > Not sure if the /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr > is the only such new command breaking the build. Anyway, a simple > workaround is to run shell from a command line instead of as a > shebang, i.e.: > > # /bin/sh /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr > > instead of: > > # /usr/src/contrib/netbsd-tests/lib/libc/net/gen_ether_subr I was puzzled by similar thing years ago. I was using /var/db and /tmp mounted with noexec. And then there was some changes. Ports need /var/db with exec because of some script in /var/db/pkg and /tmp must have exec too for buildworld or installworld (I don't remember it well, now I always do mount -u -o current,exec /tmp before build + install world and kernel) Anyway - it would be better to not have these partitions mounted with exec. Miroslav Lachman