سؤال
I would like to install a package with a security profile that does not have access to /tmp , but has its own temporary directory, for example /tmp/jeroen. However even though I try to pass the TMPDIR environment variable, it still fails because it tries to use /tmp. Below a toy example using RAppArmor and unixtools (see here for the test profile)
https://stackoverflow.com/questions/17841332
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian> library(RAppArmor)
> library(unixtools)
> dir.create("/tmp/jeroen")
> set.tempdir("/tmp/jeroen")
> setwd(tempdir());
> aa_change_profile("r-test")
Switching profiles...
> print(tempdir());
[1] "/tmp/jeroen"
> install.packages("plyr", lib="/tmp/jeroen", configure.vars="TMPDIR=/tmp/jeroen")
trying URL 'http://cran.rstudio.com/src/contrib/plyr_1.8.tar.gz'
Content type 'application/x-gzip' length 384462 bytes (375 Kb)
opened URL
==================================================
downloaded 375 Kb
Fatal error: cannot create 'R_TempDir'
The downloaded source packages are in
‘/tmp/jeroen/downloaded_packages’
When looking at the kern.log file (which logs security messages), it turns out that the problem is that R CMD INSTALL still tried to use /tmp which was denied:
Jul 24 19:41:34 Jeroen-Antec kernel: [16270.696805] type=1400 audit(1374687694.097:599):
apparmor="DENIED" operation="mkdir" parent=5798 profile="r-test" name="/tmp/RtmpcUOJuQ/"
pid=5802 comm="R" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Is there any way I can tell R CMD INSTALL to use /tmp/jeroen instead?
المحلول
The correct answer was given by @hadley in the comments: in order to make sure install.packages uses the custom temporary directory, one needs to do
Sys.setenv(TMPDIR="/tmp/jeroen")
in addition to:
configure.vars="TMPDIR=/tmp/jeroen"
This way both the extraction and the installation of the package avoids the system or user default temporary directory.
نصائح أخرى
The documentation in help(tempdir) pretty clearly states that TMP, TMPDIR, ... are used:
By default, ‘tmpdir’ will be the directory given by ‘tempdir()’. This will be a subdirectory of the per-session temporary directory found by the following rule when the R session is started. The environment variables ‘TMPDIR’, ‘TMP’ and ‘TEMP’ are checked in turn and the first found which points to a writable directory is used: if none succeeds ‘/tmp’ is used.
So if setting one alone does not help, maybe you want to set several, and make sure the permissions on your 'replacement directory' are permissive enough etc pp.
