I would like to install a package with a security profile that does not have access to /tmp
, but has its own temporary directory, for example /tmp/jeroen
. However even though I try to pass the TMPDIR
environment variable, it still fails because it tries to use /tmp
. Below a toy example using RAppArmor and unixtools (see here for the test profile)
> library(RAppArmor)
> library(unixtools)
> dir.create("/tmp/jeroen")
> set.tempdir("/tmp/jeroen")
> setwd(tempdir());
> aa_change_profile("r-test")
Switching profiles...
> print(tempdir());
[1] "/tmp/jeroen"
> install.packages("plyr", lib="/tmp/jeroen", configure.vars="TMPDIR=/tmp/jeroen")
trying URL 'http://cran.rstudio.com/src/contrib/plyr_1.8.tar.gz'
Content type 'application/x-gzip' length 384462 bytes (375 Kb)
opened URL
==================================================
downloaded 375 Kb
Fatal error: cannot create 'R_TempDir'
The downloaded source packages are in
‘/tmp/jeroen/downloaded_packages’
When looking at the kern.log
file (which logs security messages), it turns out that the problem is that R CMD INSTALL
still tried to use /tmp
which was denied:
Jul 24 19:41:34 Jeroen-Antec kernel: [16270.696805] type=1400 audit(1374687694.097:599):
apparmor="DENIED" operation="mkdir" parent=5798 profile="r-test" name="/tmp/RtmpcUOJuQ/"
pid=5802 comm="R" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Is there any way I can tell R CMD INSTALL
to use /tmp/jeroen
instead?
TMPDIR="/tmp/jeroen" R
– Enterotomyinstall.packages
makes 2 calls totempdir()
; it might help to examine when it's called – Enterotomyconfigure-vars
option would take care of that. The process does not have permission to edit .Renviron – Salpinxdestdir
will usetempdir()
which has been taken care of. The problem appears later in the process wheninstall.packages
calls out toR CMD INSTALL
. – SalpinxSys.setenv()
. Environmental variables are inherited by child processes. – Length