mysql55: sh: /bin/ps: Operation not permitted
Bradley Giesbrecht
pixilla at macports.org
Sat Dec 14 08:15:14 PST 2013
On Dec 14, 2013, at 2:02 AM, Rainer Müller wrote:
> On 2013-12-14 10:04, Joshua Root wrote:
>> On 2013-12-14 11:03 , Bradley Giesbrecht wrote:
>>> Is this a problem or a red herring?
>>>
>>> Is sandboxing possibly preventing access to /bin/ps?
>>>
>>> CMakeLists.txt:
>>> ...
>>> IF(NOT FIND_PROC)
>>> # SysV style
>>> EXECUTE_PROCESS(COMMAND ps -ef OUTPUT_QUIET ERROR_QUIET RESULT_VARIABLE result)
>>> MESSAGE(FATAL_ERROR "MACPORTS: SysV style result='${result}'")
>>> ...
>>>
>>>
>>> Result:
>>> ...
>>> sh: /bin/ps: Operation not permitted
>>> sh: /bin/ps: Operation not permitted
>>> CMake Error at scripts/CMakeLists.txt:126 (MESSAGE):
>>> MACPORTS: SysV style result='Operation not permitted'
>>> ...
>>
>> Sandboxed programs cannot run setuid executables. No exceptions.
>
> Oh, I wasn't aware of that, that's good to know.
>
>> If you need to disable sandboxing, set portsandbox_active to false in
>> your Portfile. Ideally only do that for the duration of the specific
>> invocation of 'system' that needs it, and restore its previous value
>> afterwards.
>
> I think disabling sandboxing would be overkill here.
This works for me on Mac OS X 10.6:
pre-configure {
append portsandbox_profile " (allow process-exec (literal \"/bin/ps\") (with no-profile))"
}
> The cmake script
> tries to find out whether to use 'ps -uaxww' or 'ps -ef' to find a
> running process. There is already a hardcoded command for Linux some
> lines above that in the CMakeLists.txt, so that could be extended with a
> fixed command for Darwin/Mac OS X.
Setting "FIND_PROC" in the MacPorts section of our patch-cmake-install_layout.cmake.diff patch also works:
+# SUID /bin/ps is not in MacPorts sandbox causing scripts/CMakeLists.txt tests to fail so we set FIND_PROC here.
+SET(FIND_PROC "ps -ef | grep -v mysqld_safe | grep -- $MYSQLD | grep $PID > /dev/null")
The patch looks less fragile, I'll stick with that.
Regards,
Bradley Giesbrecht (pixilla)
More information about the macports-dev
mailing list