Description of problem: Recently I built a package in mock who's unittests attempts to invoke a non-existent program and checked that OSError, 2 -- File not found is returned. In a local system, this works fine. In mock, it returns Permission Denied instead. A bit of debugging shows that the code searches the PATH for the non-existent program. In mock, the PATH includes /root/bin/ which the mock user is not allowed to search. I think what's happening is that when mock is invoked it needs root privileges to create the chroot. When it drops privileges in the chroot, it fails to reset its environment to what a user would have. This means that the unprivileged user has PATH set as though they were root instead of a PATH appropriate for themselves. Doing this reset of the environment should solve the problem. Version-Release number of selected component (if applicable): mock-1.1.1-1.fc13.noarch How reproducible: Everytime Steps to Reproduce: 1. Create a spec file that prints the PATH. For instance, %prep echo "$PATH" echo "$HOME" 2. Build the package in mock 3. Actual results: The environment variables printed would be appropriate for the root user. Expected results: Environment variables printed would be appropriate for the non-privileged user that mock is running as. Additional info: For this particular problem, I was able to work around it by setting PATH manually: %check PATH=/bin:/usr/bin nosetests
I'm looking at how we start subprocesses and how we could pass in an appropriate environment mapping based on the privilege level we have at the time of the call, but I'm not sure this is going to be an easy fix. I believe it means we have to maintain two environment mappings, one from our startup (privileged) and another which is a subset of that, with path components removed. It can be done but the potential for us missing something and causing havoc is high, so I don't want to just throw something together. Actually, looking at the environment I have as a user, I would really like to trim that down to a manageable set. Obviously we need PATH and HOME. Not sure whether we need TERM, LANG, SHELL, TMPDIR, TZ and USER.
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
added the clean_env() function to py/mockbuild/util.py for use in the --shell operation. I need to make sure that I've got all the env variables actually needed but if that function looks ok, I'll add it to the main routine that runs things inside the chroot.
Here's what I'm setting up in clean_env() and the return value is used to to replace os.environ: def clean_env(): env = {'TERM' : 'vt100', 'SHELL' : '/bin/bash', 'HOME' : '/builddir', 'HOSTNAME' : 'mock', 'TMPDIR' : '/tmp' } env['LANG'] = os.environ.setdefault('LANG', 'en_US.UTF-8') env['TZ'] = os.environ.setdefault('TZ', 'EST5EDT') return env
ok, added the above logic to my tree and queued for mock-1.1.16 release
mock-1.1.16-1.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/mock-1.1.16-1.fc15
mock-1.0.23-1.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/mock-1.0.23-1.el5
mock-1.1.16-1.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/mock-1.1.16-1.fc14
mock-1.1.16-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/mock-1.1.16-1.el6
Package mock-1.1.16-1.fc14: * should fix your issue, * was pushed to the Fedora 14 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing mock-1.1.16-1.fc14' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2011-14382 then log in and leave karma (feedback).
mock-1.1.16-1.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
mock-1.1.16-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
mock-1.1.17-1.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/mock-1.1.17-1.fc15
mock-1.1.17-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/mock-1.1.17-1.fc16
mock-1.1.17-1.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/mock-1.1.17-1.fc14
mock-1.0.24-1.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/mock-1.0.24-1.el5
mock-1.1.17-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/mock-1.1.17-1.el6
mock-1.1.17-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
mock-1.1.17-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
mock-1.0.24-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
mock-1.1.17-1.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
mock-1.1.17-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.