#942051 debian-policy: [4.9] requirement to write only to /tmp, /var/tmp, ${TMPDIR} is too strict

#942051#5
Date:
2019-10-09 15:51:53 UTC
From:
To:
While checking the upgrade checklist I noticed this new requirement:

+---
| 4.9
|    Required targets must not write outside of the unpacked source
|    package tree, except for TMPDIR, /tmp and /var/tmp.
+---

The wording is a bit too strict and should be relaxed.  There are
other paths that should be fine to be written to during the build
process, for example /dev/shm, /run/lock[1], or possibly anything
below /proc/<pid> for processes spawned by the build process.

Ansgar

  [1] Which I noticed is world-writable which I'm not sure should be
      as users could then fill /run...  Note that /run/user/<uid> has
      separate filesystems to avoid this problem; but then there are
      many paths below /run writable by service users which can cause
      the same problems.

#942051#10
Date:
2019-10-09 16:08:09 UTC
From:
To:
Hello Ansgar,

Do you have example of packages that does that ?

(FWIW I do not consider writing to /proc/pid to be writing.
This is the same issue as with using localhost and network access.)

Cheers,

#942051#15
Date:
2019-10-09 16:30:51 UTC
From:
To:
Anything that uses the POSIX shared memory API (shm_open()), and notably
anything that is built using fakeroot with its default fakeroot-sysv
backend.

    smcv

#942051#20
Date:
2019-10-10 14:12:19 UTC
From:
To:
If you are interested in this sort of thing, <https://bugs.debian.org/942111>
is perhaps also relevant.

    smcv

#942051#25
Date:
2019-10-10 14:26:37 UTC
From:
To:
fakeroot is not started by debian/rules so this is outside the scope of
this policy.

Cheers,

#942051#30
Date:
2019-10-10 14:41:01 UTC
From:
To:
Why do you think package builds should be allowed to use /run/lock?  It
records system state.

The use of /dev/shm is an implementation detail of the shm
implementation in libc.  I don't think using the shm stuff counts as
writing.

If you take the strict approach, then writing to stdout and stderr would
be forbidden as well.

Regards,
Bastian