Hi,
On Sat, 18.06.2005 at 22:34:11 +0200, Nikolay Sturm <[EMAIL PROTECTED]> wrote:
> * Toni Mueller [2005-06-18]:
> > - Building the port breaks when using systrace at archive extraction
> > phase:
> Show me the port's systrace.policy file, please. I cannot reproduce your
> problem.
no problem:
Policy: /bin/sh, Emulation: native
native-__sysctl: permit
native-accept: true then permit log
native-bind: sockaddr match "/tmp" then permit
native-bind: sockaddr match "/tmp" then permit
native-break: permit
native-chdir: permit
native-chflags: permit
native-chmod: permit
native-chown: permit
native-chroot: permit
native-clock_gettime: permit
native-close: permit
native-closefrom: permit
native-compat_43_ogetdtablesize: permit
native-compat_43_ogetpagesize: permit
native-compat_43_olseek: permit
native-connect: sockaddr eq "family(0)" then permit
native-connect: sockaddr match "/dev/log" then permit
native-connect: sockaddr match "/tmp" then permit
native-connect: sockaddr match "/tmp" then permit
native-dup2: permit
native-dup: permit
native-execve: true then permit
native-exit: permit
native-fchdir: permit
native-fchflags: permit
native-fchmod: permit
native-fchown: permit
native-fcntl: permit
native-flock: permit
native-fork: permit
native-fsread: true then permit
native-fstat: permit
native-fstatfs: permit
native-fswrite: filename eq "" then deny[enoent]
native-fswrite: filename eq "/dev/crypto" then permit
native-fswrite: filename eq "/dev/null" then permit
native-fswrite: filename eq "/dev/stdout" then permit
native-fswrite: filename eq "/dev/tty" then permit
native-fswrite: filename eq "/dev/zero" then permit
native-fswrite: filename match "/tmp" then permit
native-fswrite: filename match "/tmp" then permit
native-fswrite: filename match "/usr/S/ports/distfiles" then permit
native-fswrite: filename match "/usr/ports/sysutils/nut/w-nut-2.0.0"
then permit
native-fswrite: filename match "/usr/S/ports/bulk" then permit
native-fswrite: filename match "/usr/S/ports/packages" then permit
native-fswrite: filename match "/var/tmp" then permit
native-fswrite: filename match "/<non-existent filename>: *" then
deny[enoent]
native-fsync: permit
native-ftruncate: permit
native-futimes: permit
native-getdirentries: permit
native-getegid: permit
native-geteuid: permit
native-getfsstat: permit
native-getgid: permit
native-getgroups: permit
native-getlogin: permit
native-getpeername: permit
native-getpgid: permit
native-getpgrp: permit
native-getpid: permit
native-getppid: permit
native-getpriority: permit
native-getrlimit: permit
native-getrusage: permit
native-getsid: permit
native-getsockname: permit
native-getsockopt: permit
native-gettimeofday: permit
native-getuid: permit
native-ioctl: permit
native-issetugid: permit
native-kill: permit
native-lchown: permit
native-link: filename match "/tmp" and filename[1] match "/tmp" then
permit
native-link: filename match "/usr/ports/sysutils/nut/w-nut-2.0.0" and
filename[1] match "/usr/ports/sysutils/nut/w-nut-2.0.0" then permit
native-link: filename[1] match "/<non-existent filename>: *" then
deny[enoent]
native-listen: true then permit log
native-lseek: permit
native-madvise: permit
native-mkfifo: permit
native-mlock: permit
native-mlockall: permit
native-mmap: permit
native-mprotect: permit
native-mquery: permit
native-msync: permit
native-munmap: permit
native-nanosleep: permit
native-osigaltstack: permit
native-pathconf: permit
native-pipe: permit
native-poll: permit
native-pread: permit
native-pwrite: permit
native-read: permit
native-readv: permit
native-recvfrom: permit
native-recvmsg: permit
native-rename: permit
native-select: permit
native-sendmsg: permit
native-sendto: permit
native-setegid: permit
native-setgid: permit
native-setgroups: permit
native-setitimer: permit
native-setpgid: permit
native-setpriority: permit
native-setregid: permit
native-setresgid: permit
native-setresuid: permit
native-setreuid: permit
native-setrlimit: permit
native-setsid: permit
native-setsockopt: permit
native-setuid: permit
native-shmat: permit
native-shmctl: permit
native-shmdt: permit
native-shmget: permit
native-shutdown: permit
native-sigaction: permit
native-sigaltstack: permit
native-sigprocmask: permit
native-sigreturn: permit
native-sigsuspend: permit
native-socket: permit
native-socketpair: permit
native-statfs: permit
native-symlink: filename match "/tmp" then permit
native-symlink: filename match "/usr/ports/sysutils/nut/w-nut-2.0.0"
then permit
native-symlink: filename match "/<non-existent filename>: *" then
deny[enoent]
native-symlink: string eq "" and filename eq "" then deny[enoent]
native-sync: permit
native-umask: permit
native-utimes: permit
native-vfork: permit
native-wait4: permit
native-write: permit
native-writev: permit
Policy: /usr/bin/env, Emulation: native
native-__sysctl: permit
native-accept: true then permit log
native-bind: sockaddr match "/tmp" then permit
native-bind: sockaddr match "/tmp" then permit
native-break: permit
native-chdir: permit
native-chflags: permit
native-chmod: permit
native-chown: permit
native-chroot: permit
native-clock_gettime: permit
native-close: permit
native-closefrom: permit
native-compat_43_ogetdtablesize: permit
native-compat_43_ogetpagesize: permit
native-compat_43_olseek: permit
native-connect: sockaddr eq "family(0)" then permit
native-connect: sockaddr match "/dev/log" then permit
native-connect: sockaddr match "/tmp" then permit
native-connect: sockaddr match "/tmp" then permit
native-dup2: permit
native-dup: permit
native-execve: true then permit
native-exit: permit
native-fchdir: permit
native-fchflags: permit
native-fchmod: permit
native-fchown: permit
native-fcntl: permit
native-flock: permit
native-fork: permit
native-fsread: true then permit
native-fstat: permit
native-fstatfs: permit
native-fswrite: filename eq "" then deny[enoent]
native-fswrite: filename eq "/dev/crypto" then permit
native-fswrite: filename eq "/dev/null" then permit
native-fswrite: filename eq "/dev/stdout" then permit
native-fswrite: filename eq "/dev/tty" then permit
native-fswrite: filename eq "/dev/zero" then permit
native-fswrite: filename match "/tmp" then permit
native-fswrite: filename match "/tmp" then permit
native-fswrite: filename match "/usr/S/ports/distfiles" then permit
native-fswrite: filename match "/usr/ports/sysutils/nut/w-nut-2.0.0"
then permit
native-fswrite: filename match "/usr/S/ports/bulk" then permit
native-fswrite: filename match "/usr/S/ports/packages" then permit
native-fswrite: filename match "/var/tmp" then permit
native-fswrite: filename match "/<non-existent filename>: *" then
deny[enoent]
native-fsync: permit
native-ftruncate: permit
native-futimes: permit
native-getdirentries: permit
native-getegid: permit
native-geteuid: permit
native-getfsstat: permit
native-getgid: permit
native-getgroups: permit
native-getlogin: permit
native-getpeername: permit
native-getpgid: permit
native-getpgrp: permit
native-getpid: permit
native-getppid: permit
native-getpriority: permit
native-getrlimit: permit
native-getrusage: permit
native-getsid: permit
native-getsockname: permit
native-getsockopt: permit
native-gettimeofday: permit
native-getuid: permit
native-ioctl: permit
native-issetugid: permit
native-kill: permit
native-lchown: permit
native-link: filename match "/tmp" and filename[1] match "/tmp" then
permit
native-link: filename match "/usr/ports/sysutils/nut/w-nut-2.0.0" and
filename[1] match "/usr/ports/sysutils/nut/w-nut-2.0.0" then permit
native-link: filename[1] match "/<non-existent filename>: *" then
deny[enoent]
native-listen: true then permit log
native-lseek: permit
native-madvise: permit
native-mkfifo: permit
native-mlock: permit
native-mlockall: permit
native-mmap: permit
native-mprotect: permit
native-mquery: permit
native-msync: permit
native-munmap: permit
native-nanosleep: permit
native-osigaltstack: permit
native-pathconf: permit
native-pipe: permit
native-poll: permit
native-pread: permit
native-pwrite: permit
native-read: permit
native-readv: permit
native-recvfrom: permit
native-recvmsg: permit
native-rename: permit
native-select: permit
native-sendmsg: permit
native-sendto: permit
native-setegid: permit
native-setgid: permit
native-setgroups: permit
native-setitimer: permit
native-setpgid: permit
native-setpriority: permit
native-setregid: permit
native-setresgid: permit
native-setresuid: permit
native-setreuid: permit
native-setrlimit: permit
native-setsid: permit
native-setsockopt: permit
native-setuid: permit
native-shmat: permit
native-shmctl: permit
native-shmdt: permit
native-shmget: permit
native-shutdown: permit
native-sigaction: permit
native-sigaltstack: permit
native-sigprocmask: permit
native-sigreturn: permit
native-sigsuspend: permit
native-socket: permit
native-socketpair: permit
native-statfs: permit
native-symlink: filename match "/tmp" then permit
native-symlink: filename match "/usr/ports/sysutils/nut/w-nut-2.0.0"
then permit
native-symlink: filename match "/<non-existent filename>: *" then
deny[enoent]
native-symlink: string eq "" and filename eq "" then deny[enoent]
native-sync: permit
native-umask: permit
native-utimes: permit
native-vfork: permit
native-wait4: permit
native-write: permit
native-writev: permit
Policy: /usr/bin/make, Emulation: native
native-__sysctl: permit
native-accept: true then permit log
native-bind: sockaddr match "/tmp" then permit
native-bind: sockaddr match "/tmp" then permit
native-break: permit
native-chdir: permit
native-chflags: permit
native-chmod: permit
native-chown: permit
native-chroot: permit
native-clock_gettime: permit
native-close: permit
native-closefrom: permit
native-compat_43_ogetdtablesize: permit
native-compat_43_ogetpagesize: permit
native-compat_43_olseek: permit
native-connect: sockaddr eq "family(0)" then permit
native-connect: sockaddr match "/dev/log" then permit
native-connect: sockaddr match "/tmp" then permit
native-connect: sockaddr match "/tmp" then permit
native-dup2: permit
native-dup: permit
native-execve: true then permit
native-exit: permit
native-fchdir: permit
native-fchflags: permit
native-fchmod: permit
native-fchown: permit
native-fcntl: permit
native-flock: permit
native-fork: permit
native-fsread: true then permit
native-fstat: permit
native-fstatfs: permit
native-fswrite: filename eq "" then deny[enoent]
native-fswrite: filename eq "/dev/crypto" then permit
native-fswrite: filename eq "/dev/null" then permit
native-fswrite: filename eq "/dev/stdout" then permit
native-fswrite: filename eq "/dev/tty" then permit
native-fswrite: filename eq "/dev/zero" then permit
native-fswrite: filename match "/tmp" then permit
native-fswrite: filename match "/tmp" then permit
native-fswrite: filename match "/usr/S/ports/distfiles" then permit
native-fswrite: filename match "/usr/ports/sysutils/nut/w-nut-2.0.0"
then permit
native-fswrite: filename match "/usr/S/ports/bulk" then permit
native-fswrite: filename match "/usr/S/ports/packages" then permit
native-fswrite: filename match "/var/tmp" then permit
native-fswrite: filename match "/<non-existent filename>: *" then
deny[enoent]
native-fsync: permit
native-ftruncate: permit
native-futimes: permit
native-getdirentries: permit
native-getegid: permit
native-geteuid: permit
native-getfsstat: permit
native-getgid: permit
native-getgroups: permit
native-getlogin: permit
native-getpeername: permit
native-getpgid: permit
native-getpgrp: permit
native-getpid: permit
native-getppid: permit
native-getpriority: permit
native-getrlimit: permit
native-getrusage: permit
native-getsid: permit
native-getsockname: permit
native-getsockopt: permit
native-gettimeofday: permit
native-getuid: permit
native-ioctl: permit
native-issetugid: permit
native-kill: permit
native-lchown: permit
native-link: filename match "/tmp" and filename[1] match "/tmp" then
permit
native-link: filename match "/usr/ports/sysutils/nut/w-nut-2.0.0" and
filename[1] match "/usr/ports/sysutils/nut/w-nut-2.0.0" then permit
native-link: filename[1] match "/<non-existent filename>: *" then
deny[enoent]
native-listen: true then permit log
native-lseek: permit
native-madvise: permit
native-mkfifo: permit
native-mlock: permit
native-mlockall: permit
native-mmap: permit
native-mprotect: permit
native-mquery: permit
native-msync: permit
native-munmap: permit
native-nanosleep: permit
native-osigaltstack: permit
native-pathconf: permit
native-pipe: permit
native-poll: permit
native-pread: permit
native-pwrite: permit
native-read: permit
native-readv: permit
native-recvfrom: permit
native-recvmsg: permit
native-rename: permit
native-select: permit
native-sendmsg: permit
native-sendto: permit
native-setegid: permit
native-setgid: permit
native-setgroups: permit
native-setitimer: permit
native-setpgid: permit
native-setpriority: permit
native-setregid: permit
native-setresgid: permit
native-setresuid: permit
native-setreuid: permit
native-setrlimit: permit
native-setsid: permit
native-setsockopt: permit
native-setuid: permit
native-shmat: permit
native-shmctl: permit
native-shmdt: permit
native-shmget: permit
native-shutdown: permit
native-sigaction: permit
native-sigaltstack: permit
native-sigprocmask: permit
native-sigreturn: permit
native-sigsuspend: permit
native-socket: permit
native-socketpair: permit
native-statfs: permit
native-symlink: filename match "/tmp" then permit
native-symlink: filename match "/usr/ports/sysutils/nut/w-nut-2.0.0"
then permit
native-symlink: filename match "/<non-existent filename>: *" then
deny[enoent]
native-symlink: string eq "" and filename eq "" then deny[enoent]
native-sync: permit
native-umask: permit
native-utimes: permit
native-vfork: permit
native-wait4: permit
native-write: permit
native-writev: permit
Policy: /usr/local/bin/gmake, Emulation: native
native-__sysctl: permit
native-accept: true then permit log
native-bind: sockaddr match "/tmp" then permit
native-bind: sockaddr match "/tmp" then permit
native-break: permit
native-chdir: permit
native-chflags: permit
native-chmod: permit
native-chown: permit
native-chroot: permit
native-clock_gettime: permit
native-close: permit
native-closefrom: permit
native-compat_43_ogetdtablesize: permit
native-compat_43_ogetpagesize: permit
native-compat_43_olseek: permit
native-connect: sockaddr eq "family(0)" then permit
native-connect: sockaddr match "/dev/log" then permit
native-connect: sockaddr match "/tmp" then permit
native-connect: sockaddr match "/tmp" then permit
native-dup2: permit
native-dup: permit
native-execve: true then permit
native-exit: permit
native-fchdir: permit
native-fchflags: permit
native-fchmod: permit
native-fchown: permit
native-fcntl: permit
native-flock: permit
native-fork: permit
native-fsread: true then permit
native-fstat: permit
native-fstatfs: permit
native-fswrite: filename eq "" then deny[enoent]
native-fswrite: filename eq "/dev/crypto" then permit
native-fswrite: filename eq "/dev/null" then permit
native-fswrite: filename eq "/dev/stdout" then permit
native-fswrite: filename eq "/dev/tty" then permit
native-fswrite: filename eq "/dev/zero" then permit
native-fswrite: filename match "/tmp" then permit
native-fswrite: filename match "/tmp" then permit
native-fswrite: filename match "/usr/S/ports/distfiles" then permit
native-fswrite: filename match "/usr/ports/sysutils/nut/w-nut-2.0.0"
then permit
native-fswrite: filename match "/usr/S/ports/bulk" then permit
native-fswrite: filename match "/usr/S/ports/packages" then permit
native-fswrite: filename match "/var/tmp" then permit
native-fswrite: filename match "/<non-existent filename>: *" then
deny[enoent]
native-fsync: permit
native-ftruncate: permit
native-futimes: permit
native-getdirentries: permit
native-getegid: permit
native-geteuid: permit
native-getfsstat: permit
native-getgid: permit
native-getgroups: permit
native-getlogin: permit
native-getpeername: permit
native-getpgid: permit
native-getpgrp: permit
native-getpid: permit
native-getppid: permit
native-getpriority: permit
native-getrlimit: permit
native-getrusage: permit
native-getsid: permit
native-getsockname: permit
native-getsockopt: permit
native-gettimeofday: permit
native-getuid: permit
native-ioctl: permit
native-issetugid: permit
native-kill: permit
native-lchown: permit
native-link: filename match "/tmp" and filename[1] match "/tmp" then
permit
native-link: filename match "/usr/ports/sysutils/nut/w-nut-2.0.0" and
filename[1] match "/usr/ports/sysutils/nut/w-nut-2.0.0" then permit
native-link: filename[1] match "/<non-existent filename>: *" then
deny[enoent]
native-listen: true then permit log
native-lseek: permit
native-madvise: permit
native-mkfifo: permit
native-mlock: permit
native-mlockall: permit
native-mmap: permit
native-mprotect: permit
native-mquery: permit
native-msync: permit
native-munmap: permit
native-nanosleep: permit
native-osigaltstack: permit
native-pathconf: permit
native-pipe: permit
native-poll: permit
native-pread: permit
native-pwrite: permit
native-read: permit
native-readv: permit
native-recvfrom: permit
native-recvmsg: permit
native-rename: permit
native-select: permit
native-sendmsg: permit
native-sendto: permit
native-setegid: permit
native-setgid: permit
native-setgroups: permit
native-setitimer: permit
native-setpgid: permit
native-setpriority: permit
native-setregid: permit
native-setresgid: permit
native-setresuid: permit
native-setreuid: permit
native-setrlimit: permit
native-setsid: permit
native-setsockopt: permit
native-setuid: permit
native-shmat: permit
native-shmctl: permit
native-shmdt: permit
native-shmget: permit
native-shutdown: permit
native-sigaction: permit
native-sigaltstack: permit
native-sigprocmask: permit
native-sigreturn: permit
native-sigsuspend: permit
native-socket: permit
native-socketpair: permit
native-statfs: permit
native-symlink: filename match "/tmp" then permit
native-symlink: filename match "/usr/ports/sysutils/nut/w-nut-2.0.0"
then permit
native-symlink: filename match "/<non-existent filename>: *" then
deny[enoent]
native-symlink: string eq "" and filename eq "" then deny[enoent]
native-sync: permit
native-umask: permit
native-utimes: permit
native-vfork: permit
native-wait4: permit
native-write: permit
native-writev: permit
Btw, while I'm at it, this machine, despite being amd64, creates
...ports/packages/i386/... instead of ...porets/packages/amd64/...
Best,
--Toni++
