'port build' is getting EPERM from access(2) on "/var/tmp"

Quentin Barnes qbarnes at gmail.com
Fri May 23 10:19:18 PDT 2014 

On Tue, May 13, 2014 at 05:34:31AM +1000, Joshua Root wrote:
> On 2014-5-13 05:01 , Clemens Lang wrote:
> > Hi,
> > 
> > Please keep the conversation on the list so others with the same problem
> > can follow.
> > 
> >> Yes!  The `sandbox_enable no' hack worked around the problem.
> >>
> >> Can you reproduce the problem by creating a fake package and trying the
> >> "test -w /var/tmp"?
> > 
> > Yes, I can reproduce this with a minimal example:
> > 
> >   PortSystem          1.0
> >   name                test
> >   version             1.0
> >   maintainers         cal
> >   categories          test
> >   description         Description
> >   long_description    LongDescription
> >   platforms           darwin
> >   homepage            Homepage
> >   distfiles
> >   configure {
> >       system "test -w /var/tmp"
> >       system "test -w /var/tmp/"
> >       system "test -w /var/tmp/foo"
> >   }
> > 
> > I'm not sure why it fails for /var/tmp/foo, though – my understanding is it
> > should work.
> 
> You would have to create foo first.
> 
> >> What else would you like me to try?
> > 
> > I've CC'd somebody more knowledgeable on sandboxing than I am. Joshua, any
> > idea what's wrong here or is this expected behavior?
> 
> We do exclude /var/tmp itself with the regex we use. We certainly don't
> want to allow file-write* on it, but possibly one of the subsets could
> be added safely.

Obviously, in the sandbox /var/tmp can be written to since I can
touch a file underneath it, so I'm not sure I follow your last point.
Could you explain what you meant by the "*"?

The configure script is searching a potential list for a valid
directory on the system that it has write access to for its scratch
files.  It iterates using a "if test -d $i -a -w $i; then ..." test.

What should be the most appropriate, long-term fix?  Change the
sandbox config in some way?  Patch the configure script?

Can the sandbox config be changed so it creates a writable scratch
tmp directory and then transforms /var/tmp paths to point to it?

> - Josh

Quentin

More information about the macports-users mailing list