mysql55: sh: /bin/ps: Operation not permitted

[Bradley Giesbrecht]

On Dec 14, 2013, at 2:02 AM, Rainer Müller wrote:

> On 2013-12-14 10:04, Joshua Root wrote:
>> On 2013-12-14 11:03 , Bradley Giesbrecht wrote:
>>> Is this a problem or a red herring?
>>> 
>>> Is sandboxing possibly preventing access to /bin/ps?
>>> 
>>> CMakeLists.txt:
>>> ...
>>> IF(NOT FIND_PROC)
>>>  # SysV style
>>>  EXECUTE_PROCESS(COMMAND ps -ef OUTPUT_QUIET ERROR_QUIET RESULT_VARIABLE result)
>>> MESSAGE(FATAL_ERROR "MACPORTS: SysV style result='${result}'")
>>> ...
>>> 
>>> 
>>> Result:
>>> ...
>>> sh: /bin/ps: Operation not permitted
>>> sh: /bin/ps: Operation not permitted
>>> CMake Error at scripts/CMakeLists.txt:126 (MESSAGE):
>>>  MACPORTS: SysV style result='Operation not permitted'
>>> ...
>> 
>> Sandboxed programs cannot run setuid executables. No exceptions.
> 
> Oh, I wasn't aware of that, that's good to know.
> 
>> If you need to disable sandboxing, set portsandbox_active to false in
>> your Portfile. Ideally only do that for the duration of the specific
>> invocation of 'system' that needs it, and restore its previous value
>> afterwards.
> 
> I think disabling sandboxing would be overkill here.

This works for me on Mac OS X 10.6:
    pre-configure {
        append portsandbox_profile " (allow process-exec (literal \"/bin/ps\") (with no-profile))"
    }

> The cmake script
> tries to find out whether to use 'ps -uaxww' or 'ps -ef' to find a
> running process. There is already a hardcoded command for Linux some
> lines above that in the CMakeLists.txt, so that could be extended with a
> fixed command for Darwin/Mac OS X.


Setting "FIND_PROC" in the MacPorts section of our patch-cmake-install_layout.cmake.diff patch also works:
+# SUID /bin/ps is not in MacPorts sandbox causing scripts/CMakeLists.txt tests to fail so we set FIND_PROC here.
+SET(FIND_PROC "ps -ef | grep -v mysqld_safe | grep -- $MYSQLD | grep $PID > /dev/null")


The patch looks less fragile, I'll stick with that.


Regards,
Bradley Giesbrecht (pixilla)