Can we get a better error message for noexec /tmp?

[mk-pmb]

Hi! Not sure if this is a pyinstaller bug, or a problem with the way Ubuntu bundles docker-compose. However, pyinstaller seems like the most central place to fix it:

error while loading shared libraries: libz.so.1: failed to map segment from shared object: Operation not permitted

Could we give a more helpful error message here, to remind users of bundled programs that it's about /tmp being mounted noexec?

This issue is intended to improve the experience for users of bundled programs.
#3870 is a related issue, but as I understand it, from the bundle provider's view.

[LevN0]

Ideally pyi_test_temp_path could be modified to check if path is noexec.

The code currently tries /tmp, /var/tmp and /usr/tmp, there is a good chance at least one of those is not mounted noexec. But currently only a mkdtemp check exists, no mount.

[mk-pmb]

Nice, thanks for pointing me to that part of the code! I'll prepare a PR.

[mk-pmb]

Sorry for the too-early optimism. I had somehow assumed pyinstaller was written in python. :-D Let's hope someone else jumps in.

[mk-pmb]

The code currently tries /tmp, /var/tmp and /usr/tmp, there is a good chance at least one of those is not mounted noexec.

We might add /var/cache/pyinstaller/tmp+exec as first priority, so admins with a thorough lockdown mindset can arrange special circumstances for their precious special snowflakes.

[simeononsecurity]

Would like to see this fixed.

[siddjellali]

UP ! I would like to see this fixed as well 👍