Fix mode +st on TMPDIR when creating it

A sanity check fails when TMPDIR has setuid, setgid set. It was
proposed to fix this on TMPDIR creation instead of failing with
a sanity test only. This patch handles removal of those special
bits (and additonally, the sticky bit) from BUILDDIR and TMPDIR
when these directories are created.

[YOCTO #7669]

(From OE-Core rev: 8236d57439640a185c0226312cd4903a3ce2f53b)

Signed-off-by: Alex Franco <alejandro.franco@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/classes/sanity.bbclass

@@ -686,6 +686,7 @@ def check_sanity_version_change(status, d):
     status.addresult(check_not_nfs(tmpdir, "TMPDIR"))
 
 def check_sanity_everybuild(status, d):
+    import os, stat
     # Sanity tests which test the users environment so need to run at each build (or are so cheap
     # it makes sense to always run them.
 
@@ -839,6 +840,10 @@ def check_sanity_everybuild(status, d):
                 status.addresult("Error, TMPDIR has changed location. You need to either move it back to %s or rebuild\n" % saved_tmpdir)
     else:
         bb.utils.mkdirhier(tmpdir)
+        # Remove setuid, setgid and sticky bits from TMPDIR
+        os.chmod(tmpdir, os.stat(tmpdir).st_mode & ~ stat.S_ISUID)
+        os.chmod(tmpdir, os.stat(tmpdir).st_mode & ~ stat.S_ISGID)
+        os.chmod(tmpdir, os.stat(tmpdir).st_mode & ~ stat.S_ISVTX)
         with open(checkfile, "w") as f:
             f.write(tmpdir)
 

scripts/oe-setup-builddir

@@ -24,6 +24,7 @@ if [ -z "$BUILDDIR" ]; then
 fi
 
 mkdir -p "$BUILDDIR/conf"
+chmod -R -st "$BUILDDIR" 
 
 if [ ! -d "$BUILDDIR" ]; then
     echo >&2 "Error: The builddir ($BUILDDIR) does not exist!"