search

termux / proot

An chroot-like implementation using ptrace.
https://wiki.termux.com/wiki/PRoot
Other
751 stars 161 forks source link

patch: setting attribute security.selinux for security.selinux: Permission denied #182

Open zxq432 opened 2 years ago

zxq432 commented 2 years ago

Problem description

localhost ~ # emerge -1 --nodeps vim

 * IMPORTANT: 7 news items need reading for repository 'gentoo'.
 * Use eselect news read to view new items.

>>> Verifying ebuild manifests

>>> Emerging (1 of 1) app-editors/vim-8.2.0814-r100::gentoo
Unable to unshare: EPERM (for FEATURES="ipc-sandbox network-sandbox pid-sandbox")
 * vim-8.2.0814.tar.gz BLAKE2B SHA512 size ;-) ...                                                                     [ ok ]
 * vim-8.2.0360-gentoo-patches.tar.xz BLAKE2B SHA512 size ;-) ...                                                      [ ok ]
Unable to unshare: EPERM (for FEATURES="pid-sandbox")
Unable to unshare: EPERM (for FEATURES="ipc-sandbox network-sandbox pid-sandbox")
>>> Unpacking source...
>>> Unpacking vim-8.2.0814.tar.gz to /var/tmp/portage/app-editors/vim-8.2.0814-r100/work
>>> Unpacking vim-8.2.0360-gentoo-patches.tar.xz to /var/tmp/portage/app-editors/vim-8.2.0814-r100/work
>>> Source unpacked in /var/tmp/portage/app-editors/vim-8.2.0814-r100/work
Unable to unshare: EPERM (for FEATURES="ipc-sandbox network-sandbox pid-sandbox")
>>> Preparing source in /var/tmp/portage/app-editors/vim-8.2.0814-r100/work/vim-8.2.0814 ...
 * Applying patches from /var/tmp/portage/app-editors/vim-8.2.0814-r100/work/patches/ ...
 *   001_all_vim-6.3-xorg-75816.patch ...
patch: setting attribute security.selinux for security.selinux: Permission denied                                      [ !! ]
 * ERROR: app-editors/vim-8.2.0814-r100::gentoo failed (prepare phase):
 *   patch -p1  failed with /var/tmp/portage/app-editors/vim-8.2.0814-r100/work/patches//001_all_vim-6.3-xorg-75816.patch
 * 
 * Call stack:
 *               ebuild.sh, line  127:  Called src_prepare
 *             environment, line 3613:  Called eapply '/var/tmp/portage/app-editors/vim-8.2.0814-r100/work/patches/'
 *             environment, line 1618:  Called _eapply_patch '/var/tmp/portage/app-editors/vim-8.2.0814-r100/work/patches//001_all_vim-6.3-xorg-75816.patch' '  '
 *             environment, line 1560:  Called __helpers_die 'patch -p1  failed with /var/tmp/portage/app-editors/vim-8.2.0814-r100/work/patches//001_all_vim-6.3-xorg-75816.patch'
 *   isolated-functions.sh, line  112:  Called die

Steps to reproduce

$ pkg install proot-distro
$ proot-distro install gentoo
$ proot-distro login gentoo
localhost ~ # emaint sync -a
localhost ~ # emerge -1 --nodeps vim

Expected behavior

patch the code and continue emerge process till success.

Additional information

~ $ termux-info
Application version:
0.117
Packages CPU architecture:
aarch64
Subscribed repositories:
# sources.list
deb https://termux.librehat.com/apt/termux-main/ stable main
# science-repo (sources.list.d/science.list)
deb https://packages.termux.org/apt/termux-science science stable
# game-repo (sources.list.d/game.list)
deb https://packages.termux.org/apt/termux-games games stable
Updatable packages:
openssh/stable 8.6p1-3 aarch64 [upgradable from: 8.6p1-1]
termux-keyring/stable 2.2 all [upgradable from: 2.0]
Android version:
10
Kernel build information:
Linux localhost 4.14.116 #1 SMP PREEMPT Fri Aug 6 19:16:39 CST 2021 aarch64 Android
Device manufacturer:
HUAWEI
Device model:
SPN-AL00
~ $
zxq432 commented 2 years ago

proot of termux does not support xattr. the stage3 tarball comes with a sys-dev/patch with xattr USE flag enabled, it seems the /usr/bin/patch with xattr enabled will make it fail in proot.

workaround: after run "proot-distro login gentoo", run the following script:

curl -LO http://distfiles.gentoo.org/experimental/prefix/arm/prefix-stage3-arm64-latest.tar.xz
tar -C /data -xf prefix-stage3-arm64-latest.tar.xz
mv /usr/bin/patch /usr/bin/patch.bk
ln -s /data/gentoo64/usr/bin/patch /usr/bin/patch
nano /etc/portage/make.conf   ;#   add '-xattr' to USE in the /etc/portage/make.conf.
emerge -v1 patch
rm /usr/bin/patch.bk
michalbednarski commented 2 years ago

Proot does override lsetxattr failure when application runs as root, however in Gentoo patch is ran as uid 250. I'll yet have to see how much this condition has to be relaxed.

For now it does work if following line is commented out: https://github.com/termux/proot/blob/f5ac93d9b006340171c9d8b2106fb7df5ae777ee/src/extension/fake_id0/fake_id0.c#L524

ghost commented 2 years ago

Gentoo now (1h ago) removed from Proot-distro. Thank you, @xeffyr (no sarcasm/ROFL!).

SDRausty commented 2 years ago

patch: setting attribute security.selinux for security.selinux: Permission denied 

git clone https://aur.archlinux.org/fakeroot-tcp.git

Clone in native Termux first, then open a new PRoot session in the cloned directory and continue in the original native Termux session and in the new PRoot session. Use these commands in the PRoot session:

cd fakeroot-tcp
makepkg -firs --noconfirm

After waiting for the makepkg command to err, apply the patches individually in both open sessions to see the difference in patch's behavior, the native Termux session and the Termux PRoot session.

$grep patch PKGBUILD
        fakeroot-1.25.3-glibc-2.33-fix-1.patch
        fakeroot-1.25.3-glibc-2.33-fix-2.patch
        fakeroot-1.25.3-glibc-2.33-fix-3.patch)
  patch -p1 -i $srcdir/fakeroot-1.25.3-glibc-2.33-fix-1.patch
  patch -p1 -i $srcdir/fakeroot-1.25.3-glibc-2.33-fix-2.patch
  patch -p1 -i $srcdir/fakeroot-1.25.3-glibc-2.33-fix-3.patch

The expected behavior is for the patch command to work in native Termux and in Termux PRoot correctly.

Additional information

The obvious workaround is NOT to use patch in the meantime in Termux PRoot for those of us who do not know how to fix this not so newly arisen error.

The patch command used to work correctly in both native Termux and in Termux PRoot. How was it broken? Can I have some links to the code how the patch command was cracked in the Termux PRoot environment please?

SDRausty commented 2 years ago

patch: setting attribute security.selinux for security.selinux: Permission denied #

This command ln -s /system/bin/patch /data/data/com.termux/files/home/arch/usr/local/bin/patch run in a native Termux shell might resolve a patch: setting attribute security.selinux for security.selinux: Permission denied error. This workaround seems to work with QEMU architecture emulation too.

Issues “Building xrdp from AUR fails mentioning selinux #293” at https://github.com/SDRausty/TermuxArch/issues/293 and “patch: setting attribute security.selinux for security.selinux: Permission denied #182” at https://github.com/termux/proot/issues/182 have more information about this error.