When emerging Scribus, i get sandbox violations: open_wr: /usr/qt/3/etc/settings/.qtrc.lock open_wr: /usr/qt/3/etc/settings/.qt_plugins_3.3rc.lock (repeated many times, sometimes with access_wr instead of open_wr) Don't know what it is, but it seems almost normal for Qt apps, according to a quick search here. The workaround used in kde-functions.eclass (adding 'addwrite "${QTDIR}/etc/settings"' in src_compile()) works fine.
> The workaround used in kde-functions.eclass [...] "kde.eclass" actually.
Does this also happen with 1.2.2.1?
Yup, same with 1.2.2.1: --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE = "/tmp/sandbox-28239.log" open_wr: /usr/qt/3/etc/settings/.qtrc.lock open_wr: /usr/qt/3/etc/settings/.qtrc.lock open_wr: /usr/qt/3/etc/settings/.qtrc.lock open_wr: /usr/qt/3/etc/settings/.qtrc.lock open_wr: /usr/qt/3/etc/settings/.qtrc.lock open_wr: /usr/qt/3/etc/settings/.qtrc.lock open_wr: /usr/qt/3/etc/settings/.qt_plugins_3.3rc.lock access_wr: /usr/qt/3/etc/settings/qt_plugins_3.3rc open_wr: /usr/qt/3/etc/settings/.qt_plugins_3.3rc.lock access_wr: /usr/qt/3/etc/settings/qt_plugins_3.3rc open_wr: /usr/qt/3/etc/settings/.qt_plugins_3.3rc.lock access_wr: /usr/qt/3/etc/settings/qt_plugins_3.3rc open_wr: /usr/qt/3/etc/settings/.qt_plugins_3.3rc.lock access_wr: /usr/qt/3/etc/settings/qt_plugins_3.3rc open_wr: /usr/qt/3/etc/settings/.qt_plugins_3.3rc.lock access_wr: /usr/qt/3/etc/settings/qt_plugins_3.3rc open_wr: /usr/qt/3/etc/settings/.qt_plugins_3.3rc.lock access_wr: /usr/qt/3/etc/settings/qt_plugins_3.3rc open_wr: /usr/qt/3/etc/settings/.qt_plugins_3.3rc.lock open_wr: /usr/qt/3/etc/settings/.qtrc.lock open_wr: /usr/qt/3/etc/settings/.qt_plugins_3.3rc.lock open_wr: /usr/qt/3/etc/settings/.qtrc.lock open_wr: /usr/qt/3/etc/settings/.qt_plugins_3.3rc.lock -------------------------------------------------------------------------------- SANDBOX_ON:=1 SANDBOX_DISABLED:=0 SANDBOX_READ:=/:/dev/shm:/var/tmp SANDBOX_WRITE:=/dev/zero:/dev/null:/dev/fd:/proc/self/fd:/dev/pts/:/dev/vc/:/dev/pty:/dev/tty:/dev/console:/dev/shm/ngpt:/var/log/scrollkeeper.log:/usr/tmp/conftest:/usr/lib/conftest:/usr/lib32/conftest:/usr/lib64/conftest:/usr/tmp/cf:/usr/lib/cf:/usr/lib32/cf:/usr/lib64/cf:/tmp/.gconfd/lock:/tmp/.bash_history:/var/tmp/portage:/tmp:/var/tmp:/tmp/:/var/tmp/:/tmp/sandbox-28239.log:/dev/shm:/var/tmp:/tmp/sandbox-28239.log:/var/log/portage/10769-scribus-1.2.2.1.log SANDBOX_PREDICT:=/tmp/.:/usr/lib/python2.0/:/usr/lib/python2.1/:/usr/lib/python2.2/:/usr/lib/python2.3/:/usr/lib/python2.4/:/usr/lib/python2.5/:/usr/lib/python3.0/:/var/db/aliases.db:/var/db/netgroup.db:/var/db/netmasks.db:/var/db/ethers.db:/var/db/rpc.db:/var/db/protocols.db:/var/db/services.db:/var/db/networks.db:/var/db/hosts.db:/var/db/group.db:/var/db/passwd.db::/proc/self/maps:/dev/console:/usr/lib/portage/pym:/dev/random SANDBOX_DEBUG:=unset SANDBOX_DEBUG_LOG:=/tmp/sandbox-debug-28239.log SANDBOX_LOG:=/tmp/sandbox-28239.log SANDBOX_ARMED:=unset It seems that /usr/qt/3/bin/uic is the bad guy: =========================== % grep -B5 "ACCESS DENIED" /var/log/portage/10769-scribus-1.2.2.1.log make[5]: Entering directory `/var/tmp/portage/scribus-1.2.2.1/work/scribus-1.2.2.1/scribus/plugins/scriptplugin/scripts' make[5]: Nothing to be done for `all'. make[5]: Leaving directory `/var/tmp/portage/scribus-1.2.2.1/work/scribus-1.2.2.1/scribus/plugins/scriptplugin/scripts' make[5]: Entering directory `/var/tmp/portage/scribus-1.2.2.1/work/scribus-1.2.2.1/scribus/plugins/scriptplugin' /usr/qt/3/bin/uic -L -nounload -o scripterprefs.h ./scripterprefs.ui ACCESS DENIED open_wr: /usr/qt/3/etc/settings/.qtrc.lock /usr/qt/3/bin/uic -L -nounload -o managemacrosdialog.h ./managemacrosdialog.ui ACCESS DENIED open_wr: /usr/qt/3/etc/settings/.qtrc.lock /usr/qt/3/bin/uic -L -nounload -o editmacrodialog.h ./editmacrodialog.ui ACCESS DENIED open_wr: /usr/qt/3/etc/settings/.qtrc.lock -- then mv -f ".deps/scriptercore.Tpo" ".deps/scriptercore.Plo"; else rm -f ".deps/scriptercore.Tpo"; exit 1; fi /usr/qt/3/bin/moc scripterprefs.h -o scripterprefs.moc rm -f scripterprefs.cpp /usr/qt/3/bin/uic -L -nounload -i scripterprefs.h ./scripterprefs.ui > scripterprefs.cpp; ret=$?; \ if test "$ret" = 0; then echo '#include "scripterprefs.moc"' >> scripterprefs.cpp; else rm -f scripterprefs.cpp ; exit $ret ; fi ACCESS DENIED open_wr: /usr/qt/3/etc/settings/.qtrc.lock ACCESS DENIED open_wr: /usr/qt/3/etc/settings/.qt_plugins_3.3rc.lock ACCESS DENIED access_wr: /usr/qt/3/etc/settings/qt_plugins_3.3rc ACCESS DENIED open_wr: /usr/qt/3/etc/settings/.qt_plugins_3.3rc.lock ACCESS DENIED access_wr: /usr/qt/3/etc/settings/qt_plugins_3.3rc ACCESS DENIED open_wr: /usr/qt/3/etc/settings/.qt_plugins_3.3rc.lock ACCESS DENIED access_wr: /usr/qt/3/etc/settings/qt_plugins_3.3rc ACCESS DENIED open_wr: /usr/qt/3/etc/settings/.qt_plugins_3.3rc.lock ACCESS DENIED access_wr: /usr/qt/3/etc/settings/qt_plugins_3.3rc ACCESS DENIED open_wr: /usr/qt/3/etc/settings/.qt_plugins_3.3rc.lock ACCESS DENIED access_wr: /usr/qt/3/etc/settings/qt_plugins_3.3rc ACCESS DENIED open_wr: /usr/qt/3/etc/settings/.qt_plugins_3.3rc.lock ACCESS DENIED access_wr: /usr/qt/3/etc/settings/qt_plugins_3.3rc ACCESS DENIED open_wr: /usr/qt/3/etc/settings/.qt_plugins_3.3rc.lock -- then mv -f ".deps/scripterprefs.Tpo" ".deps/scripterprefs.Plo"; else rm -f ".deps/scripterprefs.Tpo"; exit 1; fi /usr/qt/3/bin/moc managemacrosdialog.h -o managemacrosdialog.moc rm -f managemacrosdialog.cpp /usr/qt/3/bin/uic -L -nounload -i managemacrosdialog.h ./managemacrosdialog.ui > managemacrosdialog.cpp; ret=$?; \ if test "$ret" = 0; then echo '#include "managemacrosdialog.moc"' >> managemacrosdialog.cpp; else rm -f managemacrosdialog.cpp ; exit $ret ; fi ACCESS DENIED open_wr: /usr/qt/3/etc/settings/.qtrc.lock ACCESS DENIED open_wr: /usr/qt/3/etc/settings/.qt_plugins_3.3rc.lock -- then mv -f ".deps/managemacrosdialog.Tpo" ".deps/managemacrosdialog.Plo"; else rm -f ".deps/managemacrosdialog.Tpo"; exit 1; fi /usr/qt/3/bin/moc editmacrodialog.h -o editmacrodialog.moc rm -f editmacrodialog.cpp /usr/qt/3/bin/uic -L -nounload -i editmacrodialog.h ./editmacrodialog.ui > editmacrodialog.cpp; ret=$?; \ if test "$ret" = 0; then echo '#include "editmacrodialog.moc"' >> editmacrodialog.cpp; else rm -f editmacrodialog.cpp ; exit $ret ; fi ACCESS DENIED open_wr: /usr/qt/3/etc/settings/.qtrc.lock ACCESS DENIED open_wr: /usr/qt/3/etc/settings/.qt_plugins_3.3rc.lock =========================== My Qt version is x11-libs/qt-3.3.4-r6. Oh, and here is $(emerge info) in case it matters: Portage 1.589-cvs (default-linux/x86/2005.0, gcc-3.4.4, glibc-2.3.5-r0, 2.6.12-tgl1 i686) ================================================================= System uname: 2.6.12-tgl1 i686 Intel(R) Pentium(R) M processor 1500MHz Gentoo Base System version 1.6.12 Python: dev-lang/python-2.4.1-r1 [2.4.1 (#1, Jun 17 2005, 09:49:53)] distcc: No such file or directory [disabled] dev-lang/python: 2.4.1-r1 sys-apps/sandbox: 1.2.10 sys-devel/autoconf: 2.59-r7, 2.13 sys-devel/automake: 1.5, 1.7.9-r1, 1.9.5, 1.8.5-r3, 1.4_p6, 1.6.3 sys-devel/binutils: 2.16-r1 sys-devel/libtool: 1.5.18-r1 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="no" CFLAGS="-march=i686 -mtune=pentium-m -O2 -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/cursors/xfree/default /var/qmail/control" CONFIG_PROTECT_MASK="/etc/X11/Sessions /etc/dev.d /etc/env.d /etc/gconf /etc/hotplug /etc/hotplug.d /etc/init.d /etc/sound /etc/splash /etc/terminfo /etc/texmf/web2c /etc/env.d" CXXFLAGS="-march=i686 -mtune=pentium-m -O2 -fomit-frame-pointer -pipe" DISTDIR="/var/portage/distfiles" FEATURES="autoaddcvs autoconfig buildsyspkg ccache digest distlocks fixpackages manifest parallel-fetch sandbox sfperms userpriv usersandbox verify-rdepend" GENTOO_MIRRORS="http://distro.ibiblio.org/pub/linux/distributions/gentoo ftp://ftp.ussg.iu.edu/linux/gentoo" LANG="fr_FR@euro" LC_ALL="fr_FR@euro" LINGUAS="fr fr_FR en en_US" MAKEOPTS="-j1" PKGDIR="/var/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/var/portage/tree" PORTDIR_OVERLAY="/var/portage/overlays/bugzilla /var/portage/overlays/gentopia /var/portage/overlays/tgl /var/portage/overlays/demexp /var/portage/overlays/camelis /var/portage/overlays/portage-cvs /var/portage/overlays/x11r6" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="x86 X Xaw3d a52 aac aalib acpi adns alsa apache2 apm audiofile avi bash-completion berkdb bitmap-fonts bzip2 cairo cdparanoia cdr cross crypt cscope cups curl dba dga dpms dvd dvdr emboss encode esd faad fastcgi fbcon ffmpeg firefox flac flash foomaticdb fortran freetype gd gdbm ggz gif gnome gnomedb gphoto2 gpm gstreamer gtk gtk2 gtkhtml guile hal howl imagemagick imap imlib imlib2 ipv6 java jikes jpeg junit lcms leim libcaca libg++ libwww lirc logrotate lzo mad mailwrapper matroska mbox memlimit mikmod mmx mng mozilla mp3 mpeg ncurses network nls nodrm nptl offensive ogg oggvorbis openal opengl oss pam pdflib perl plotutils png pnp postgres python qt quicktime readline ruby ruby18 samba scanner sdl slang slp smooth snmp speex spell sqlite sse sse2 ssl svg svga tcltk tcpd tetex theora threads tiff tmpfs truetype truetype-fonts type1-fonts unicode usb v4l v4l2 vorbis wifi win32codecs wmf wxwindows xface xfs xine xinerama xml xml2 xosd xpm xprint xscreensaver xv xvid zeo zlib video_cards_radeon input_devices_synaptics linguas_fr linguas_fr_FR linguas_en linguas_en_US userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CBUILD, CTARGET, LDFLAGS Config files: /etc/make.conf, /etc/portage/modules, /etc/portage/bashrc, /etc/portage/mirrors, /etc/portage/package.mask, /etc/portage/package.unmask, /etc/portage/profile/virtuals, /etc/portage/profile/use.defaults ===========================
Oh, and i've also tried 1.2.1, and got some violations too on the same .lock files.
I've looked at Qt sources, and all this lock files come from src/tools/qsettings.cpp. Not sure how good is the idea, but it would be really easy to change the openlock() code so that it create them in a directory (/var/lock/qt3 for instance) which could be added to the sandbox whitelist, and i think that would be enough to kill all this ugly 'addwrite' in qt/kde related ebuilds. CCing kde@ (i tried qt@ first, according to the herd list, but bugzilla told me it was invalid) to get their feeling on that idea.
kde-heard, TGL's comment looks sane to me, much better than adding some addwrite-stuff. Can you comment on that if this would be a good solution?
That's a good idea and a patch would certainly be appreciated, but could you take a look at the qt4 sources first to see if they have this problem too? If not, maybe we can just bear with the addwrite/addpredict for now as this issue will just disappear with time? In the meantime, I ported scribus-1.2.2.1 to use qt3.eclass instead of kde-functions.eclass, and as a side effect this bug should be fixed now.