On merging firefox, the build fails to merge due to sandbox violations Reproducible: Always Steps to Reproduce: 1. Emerge firefox Actual Results: Firefox merge fails due to sandbox violations Expected Results: Firefox should compile and then emerge successfully
Created attachment 278715 [details] Sandbox log Sandbox log
Emerge --info Portage 2.2.0_alpha41 (default/linux/x86/10.0/desktop, gcc-4.5.2, glibc-2.13-r2, 2.6.39-gentoo i686) ================================================================= System uname: Linux-2.6.39-gentoo-i686-Intel-R-_Core-TM-2_Duo_CPU_T7250_@_2.00GHz-with-gentoo-2.0.3 Timestamp of tree: Thu, 30 Jun 2011 07:00:01 +0000 app-shells/bash: 4.2_p10 dev-java/java-config: 2.1.11-r3 dev-lang/python: 2.7.2, 3.2 dev-util/cmake: 2.8.4-r1 dev-util/pkgconfig: 0.26 sys-apps/baselayout: 2.0.3 sys-apps/openrc: 0.8.3-r1 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.13, 2.68 sys-devel/automake: 1.10.3, 1.11.1-r1 sys-devel/binutils: 2.21.1 sys-devel/gcc: 4.5.2 sys-devel/gcc-config: 1.4.1-r1 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82-r1 sys-kernel/linux-headers: 2.6.38 (virtual/os-headers) sys-libs/glibc: 2.13-r2 Repositories: gentoo gnome mysql belak x-custom local_overlay Installed sets: @system ACCEPT_KEYWORDS="x86 ~x86" ACCEPT_LICENSE="* -@EULA dlj-1.1 skype-eula AdobeFlash-10.1 google-talkplugin PUEL" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=core2 -mtune=core2 -O2 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo" CXXFLAGS="-march=core2 -mtune=core2 -O2 -pipe -fomit-frame-pointer" DISTDIR="/data/tmp/" FEATURES="assume-digests binpkg-logs collision-protect distlocks ebuild-locks fixlafiles fixpackages news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" FFLAGS="" GENTOO_MIRRORS="http://gentoo.osuosl.org/ ftp://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://ftp.ucsb.edu/pub/mirrors/linux/gentoo/ http://gentoo.mirrors.pair.com/ http://www.gtlib.gatech.edu/pub/gentoo http://gentoo.llarian.net/ http://gentoo.j-schmitz.net/mirror/" LANG="en_US.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="en_US" MAKEOPTS="-j3" PKGDIR="/data/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/data/temp/" PORTDIR="/data/portage" PORTDIR_OVERLAY="/usr/local/portage/layman/gnome /usr/local/portage/layman/mysql /usr/local/portage/layman/belak /usr/local/portage/custom /usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X a52 aac acl acpi alsa berkdb bluetooth branding bzip2 cairo cdda cdr cjk cli consolekit cracklib crypt cxx dbus dri dts dvd dvdr emboss encode exif fam flac fortran gdbm gdu gif gnome gpm gtk gtk3 iconv introspection jpeg lcms libnotify lm_sensors mad mng modules mp3 mp4 mpeg mudflap ncurses nls nptl nptlonly ogg opengl openmp pam pango pcre pdf perl pgo png policykit ppds pppd pulseaudio python qt3support readline sdl session spell ssl startup-notification svg sysfs tcpd tiff truetype udev unicode usb vorbis wifi x264 x86 xcb xml xorg xulrunner xv xvid xvmc zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="charset_lite actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="braindump flow karbon kexi kpresenter krita tables words" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev keyboard mouse synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_US" LIRC_DEVICES="irman usb_uirt_raw" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS Emerge -pv firefox [ebuild U ] www-client/firefox-5.0-r1 [4.0.1-r1] USE="alsa dbus ipc libnotify pgo%* startup-notification webm wifi -bindist -custom-optimization -debug -gconf% -hardened% -system-sqlite" LINGUAS="-af -ak -ar -ast -be -bg -bn -bn_BD -bn_IN -br -bs -ca -cs -cy -da -de -el -en -eo -es -es_ES -et -eu -fa -fi -fr -fy -fy_NL -ga -ga_IE -gd -gl -gu -gu_IN -he -hi -hi_IN -hr -hu -hy -hy_AM -id -is -it -ja -kk -kn -ko -ku -lg -lt -lv -mai -mk -ml -mr -nb -nb_NO -nl -nn -nn_NO -nso -or -pa -pa_IN -pl -pt -pt_PT -rm -ro -ru -si -sk -sl -son -sq -sr -sv -sv_SE -ta -ta_LK -te -th -tr -uk -vi -zu (-en_ZA%)" 0 kB
To reproduce sandbox violation, firefox should be compiles with USE=pgo
I can reproduce this too. Using pgo USE flag.
I am getting the same error with use pgo enabled. I also have gconf _disabled_. So I would assume that I shouldn't get this anyway.
The ebuild simply needs the following two lines added to the beginning of src_install() addpredict "$(unset HOME; echo ~)/.gconf" addpredict "$(unset HOME; echo ~)/.gconfd"
(In reply to comment #6) > The ebuild simply needs the following two lines added to the beginning of > src_install() > > addpredict "$(unset HOME; echo ~)/.gconf" > addpredict "$(unset HOME; echo ~)/.gconfd" This is incorrect, what is happening is the browser is finding gconf and attempting to launch when firefox fires up for profiling, I believe we have found a solution that I can put into upstream.
Created attachment 278993 [details, diff] gconf sandbox fix, disable gconf support completely when -gconf all you will need to do to test the patch is throw it into /etc/portage/patches/www-client/firefox and emerge as normal.
I confirm that the patch anarchy mentions does indeed fix pgo and -gconf issue at hand
(In reply to comment #7) > (In reply to comment #6) > > The ebuild simply needs the following two lines added to the beginning of > > src_install() > > > > addpredict "$(unset HOME; echo ~)/.gconf" > > addpredict "$(unset HOME; echo ~)/.gconfd" > > This is incorrect, what is happening is the browser is finding gconf and > attempting to launch when firefox fires up for profiling, I believe we have > found a solution that I can put into upstream. Yes, you're correct about how the violation occurs but that doesn't necessarily make the addpredict solution incorrect. The gconf problem is historically similar to other builds that do the same and the addpredict solution just works (without having to disable gconf). Disabling gconf entirely while it would also work seems like cutting off an arm for a sore finger. While you're talking with upstream you might also suggest they do the same with libgnomevfs so we don't have to 'mkdir -p /root/.gnome2/accels /root/.gnome2_private' before emerging so as to remove the /root/.gnome2 sandbox violations. Is this why the gnomevfs extension has also been disabled in the ebuild ? If so then it doesn't work for the same reason as you stated above (libgnomevfs is found at runtime and libgnomevfs violates sandbox when it checks for /root/.gnome2 dirs) Cheers :)
(In reply to comment #10) > (In reply to comment #7) > > (In reply to comment #6) > > > The ebuild simply needs the following two lines added to the beginning of > > > src_install() > > > > > > addpredict "$(unset HOME; echo ~)/.gconf" > > > addpredict "$(unset HOME; echo ~)/.gconfd" > > > > This is incorrect, what is happening is the browser is finding gconf and > > attempting to launch when firefox fires up for profiling, I believe we have > > found a solution that I can put into upstream. > > Yes, you're correct about how the violation occurs but that doesn't necessarily > make the addpredict solution incorrect. The solution is incorrect as your not even in src_install when the violation is occuring. > > The gconf problem is historically similar to other builds that do the same and > the addpredict solution just works (without having to disable gconf). > > Disabling gconf entirely while it would also work seems like cutting off an arm > for a sore finger. > You are not required to disable gconf support if you want to enable it go ahead noone is gonna stop you, it is designed to disable all gconf support for those users who do not wish to have this support. > While you're talking with upstream you might also suggest they do the same with > libgnomevfs so we don't have to 'mkdir -p /root/.gnome2/accels > /root/.gnome2_private' before emerging so as to remove the /root/.gnome2 > sandbox violations. Will be resolved when we move fx to gtk3. > > Is this why the gnomevfs extension has also been disabled in the ebuild ? > If so then it doesn't work for the same reason as you stated above (libgnomevfs > is found at runtime and libgnomevfs violates sandbox when it checks for > /root/.gnome2 dirs) > > Cheers :)
(In reply to comment #10) > Is this why the gnomevfs extension has also been disabled in the ebuild ? > If so then it doesn't work for the same reason as you stated above (libgnomevfs > is found at runtime and libgnomevfs violates sandbox when it checks for > /root/.gnome2 dirs) > > Cheers :) I don't know why that extension was disabled in firefox (I don't use firefox for a long time and mozilla team will know more about this for sure) but, from a "gnome" point of view, gnomevfs is deprecated for ages in favor of gvfs and, then, it should be avoided when possible. GConf2 is also deprecated, but I am not sure how firefox[-gconf] would behave, if that support is completely optional, I would hard-disable it.
Patch worked for me, thanks.
Thanks for the explanation, and thanks also for the hard work and time put into this one.
(In reply to comment #12) > GConf2 is also deprecated, but I am not sure how firefox[-gconf] would behave, > if that support is completely optional, I would hard-disable it. GConf support is there *only* for setting the default browser from within Firefox. I think we should disable it completely — I don't think this was ever the intended behaviour for applications anyway. In addition, the proper way of setting the default browser is by using ~/.local/share/applications/mimeapps.list If Firefox really wants to set itself as the default browser, it should edit that file.
As per the previous comment, I've disable gconf support entirely. Unlike Windows, Linux has a standard way of setting the default browser, and Firefox should use that. See bug 360307. In addition, GConf is deprecated, and will be gone within a year. Closing as FIXED.
Although gconf has been disabled, and I can see --disable-gconf several times in the build log, firefox-5.0-r2 is still generating gconf sandbox violations. VERSION 1.0 FORMAT: F - Function called FORMAT: S - Access Status FORMAT: P - Path as passed to function FORMAT: A - Absolute Path (not canonical) FORMAT: R - Canonical Path FORMAT: C - Command Line F: open_wr S: deny P: /root/.gconf/.testing.writeability A: /root/.gconf/.testing.writeability R: /root/.gconf/.testing.writeability C: /usr/libexec/gconfd-2 F: unlink S: deny P: /root/.gconf/.testing.writeability A: /root/.gconf/.testing.writeability R: /root/.gconf/.testing.writeability C: /usr/libexec/gconfd-2 F: open_wr S: deny P: /root/.gconfd/saved_state A: /root/.gconfd/saved_state R: /root/.gconfd/saved_state C: /usr/libexec/gconfd-2 F: open_wr S: deny P: /root/.gconfd/saved_state A: /root/.gconfd/saved_state R: /root/.gconfd/saved_state C: /usr/libexec/gconfd-2 F: open_wr S: deny P: /root/.gconfd/saved_state A: /root/.gconfd/saved_state R: /root/.gconfd/saved_state C: /usr/libexec/gconfd-2 F: open_wr S: deny P: /root/.gconfd/saved_state A: /root/.gconfd/saved_state R: /root/.gconfd/saved_state C: /usr/libexec/gconfd-2 F: open_wr S: deny P: /root/.gconfd/saved_state A: /root/.gconfd/saved_state R: /root/.gconfd/saved_state C: /usr/libexec/gconfd-2 F: open_wr S: deny P: /root/.gconfd/saved_state.tmp A: /root/.gconfd/saved_state.tmp R: /root/.gconfd/saved_state.tmp C: /usr/libexec/gconfd-2 F: open_wr S: deny P: /root/.gconfd/saved_state A: /root/.gconfd/saved_state R: /root/.gconfd/saved_state C: /usr/libexec/gconfd-2 F: open_wr S: deny P: /root/.gconfd/saved_state.tmp A: /root/.gconfd/saved_state.tmp R: /root/.gconfd/saved_state.tmp C: /usr/libexec/gconfd-2
