From: Randy MacLeod <randy.macleod@windriver.com>
To: alex.kanavin@gmail.com, Ross Burton <ross.burton@arm.com>,
"michalwsieron@gmail.com" <michalwsieron@gmail.com>
Cc: ChenQi <Qi.Chen@windriver.com>,
"openembedded-core@lists.openembedded.org"
<openembedded-core@lists.openembedded.org>
Subject: Re: [OE-core] [PATCH] sanity.bbclass: raise_sanity_error if /tmp is noexec
Date: Wed, 21 Feb 2024 16:36:58 -0500 [thread overview]
Message-ID: <b83edeb7-62c3-43af-80cf-c22f2e4041e4@windriver.com> (raw)
In-Reply-To: <CANNYZj9N5SyTPoJas+Zb5rJ9ztQRke_roNZ2cBafXo-5zhDsDQ@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2158 bytes --]
On 2024-02-21 5:08 a.m., Alexander Kanavin via lists.openembedded.org wrote:
> On Wed, 21 Feb 2024 at 10:48, Ross Burton<ross.burton@arm.com> wrote:
>> You _can_ export TMPDIR but that has to be done on a per-recipe/class basis very carefully as TMPDIR means something else to Bitbake.
>>
>> The problem is recipes that use mktemp to write files and execute them (be it shell scripts, or as a place to write C and then compile in the same directory). These will be in /tmp (again, we can’t set TMPDIR because for foolish historical reasons, TMPDIR is used by bitbake).
>>
>> We first noticed this with Meson where noexec /tmp meant the configure tests failed. We worked around it at the time by assigning TMPDIR when calling Meson, but since them Meson writes to its own build tree now. This has been seen before though, but luckily noexec /tmp is fairly unusual so I doubt this will break many builds.
> I'm actually curious where noexec /tmp can be observed. It does seem
> rare, because I think it's the first time someone came up with a
> sanity check for it. Perhaps it should be treated as a bug in that
> respective environment/OS/container?
We've been using noexec /tmp since 2019 with few if any problems
using:
meta-anaconda
meta-aws
meta-browser
meta-clang
meta-cloud-services
meta-dpdk
meta-imx
meta-intel
meta-intel-qat
meta-iot-cloud
meta-lat
meta-mingw
meta-openembedded
meta-qt6
meta-raspberrypi
meta-realtime
meta-secure-core
meta-security
meta-selinux
meta-tensorflow
meta-virtualization
meta-xilinx
meta-xilinx-tools
meta-yocto
Michal, what problem are you seeing?
../Randy
>
> Alex
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#195965):https://lists.openembedded.org/g/openembedded-core/message/195965
> Mute This Topic:https://lists.openembedded.org/mt/104258828/3616765
> Group Owner:openembedded-core+owner@lists.openembedded.org
> Unsubscribe:https://lists.openembedded.org/g/openembedded-core/unsub [randy.macleod@windriver.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
# Randy MacLeod
# Wind River Linux
[-- Attachment #2: Type: text/html, Size: 3935 bytes --]
next prev parent reply other threads:[~2024-02-21 21:37 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-09 14:09 [PATCH] sanity.bbclass: raise_sanity_error if /tmp is noexec Michal Sieron
2024-02-09 15:57 ` [OE-core] " Ross Burton
2024-02-21 7:18 ` ChenQi
2024-02-21 9:48 ` Ross Burton
2024-02-21 10:08 ` Alexander Kanavin
2024-02-21 21:36 ` Randy MacLeod [this message]
2024-02-22 9:41 ` michalwsieron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b83edeb7-62c3-43af-80cf-c22f2e4041e4@windriver.com \
--to=randy.macleod@windriver.com \
--cc=Qi.Chen@windriver.com \
--cc=alex.kanavin@gmail.com \
--cc=michalwsieron@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=ross.burton@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox