95292 2005-06-06 20:57 0000 nullmailer-1.00 ebuild gets sandbox violation doing chmod on mailq symlink 2005-11-29 12:30:00 0000 1 1 1 Unclassified Gentoo Linux Unspecified unspecified All Linux RESOLVED FIXED Inclusion P2 normal --- 1 sllewbj@blueyonder.co.uk net-mail@gentoo.org dragonheart@gentoo.org sllewbj@blueyonder.co.uk 2005-06-06 20:57:48 0000 The nullmailer-1.00 ebuild gets a sandbox violation when it tries to do chmod on the /usr/bin/mailq symlink in the build area. This symlink properly points to /usr/sbin/sendmail (i.e., a real absolute path outside of the sandbox), as it should when the mailwrapper USE flag is on. Doing chmod on a symlink is a bit odd, but it seems that this line in the ebuild is intended for the case when /usr/bin/mailq is a real file. Reproducible: Always Steps to Reproduce: 1.emerge nullmailer Actual Results: The ebuild failed with a sandbox violation. Expected Results: Nullmailer should have been successfully emerged. Here are the error lines from the emerge output (the first and 4th line are the surrounding context, lines 2 and 3 are the error): --------------------------------------------------------- make[1]: Leaving directory `/extra/var/tmp/portage/nullmailer-1.00/work/nullmailer-1.00' ACCESS DENIED chmod: /extra/var/tmp/portage/nullmailer-1.00/image/usr/bin/mailq chmod: changing permissions of `/extra/var/tmp/portage/nullmailer-1.00/image//usr/bin/mailq': Permission denied * Please ensure you have selected nullmailer in your /etc/mailer.conf --------------------------------------------------------- Here is the emerge failure message that gets appended at the end: --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE = "/tmp/sandbox-mail-mta_-_nullmailer-1.00-1471.log" chmod: /extra/var/tmp/portage/nullmailer-1.00/image/usr/bin/mailq (symlink to /usr/sbin/sendmail) -------------------------------------------------------------------------------- Finally, here is the "emerge info" output for my system: --------------------------------------------------------- Gentoo Base System version 1.6.12 Portage 2.0.51.22-r1 (default-linux/x86/2005.0, gcc-3.4.4, glibc-2.3.5-r0, 2.6.8.1-co-0.6.2-pre1 i686) ================================================================= System uname: 2.6.8.1-co-0.6.2-pre1 i686 Intel(R) Pentium(R) M processor 1100MHz dev-lang/python: 2.2.3-r1, 2.3.5 sys-apps/sandbox: 1.2.8 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.16-r1 sys-devel/libtool: 1.5.18 virtual/os-headers: 2.6.11-r1 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium4 -O2 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/texmf/web2c /etc/env.d" CXXFLAGS="-march=pentium4 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig candy distlocks moo sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.blueyonder.co.uk ftp://gentoo.blueyonder.co.uk/mirrors/gentoo" MAKEOPTS="" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/extra/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X Xaw3d acl apache2 bitmap-fonts bonobo crypt emacs emacs-w3 emboss escreen esd etwin fam fortran fpx gcj gd gd-external gif glitz graphviz gtk gtk2 guile imagemagick imlib ipv6 java jbig jpeg latex lcms leim libg++ libwww lua lzw-tiff mad mailwrapper md5sum mmx motif mozdevelop mozilla mozsvg mozxmlterm mp3 mpeg ncurses nodrm nptl objc ogg oggvorbis opengl pam pam_chroot pam_console pam_timestamp perl php png python readline samba sdk slang snmp socks5 spell sse ssl tcltk tcpd tetex tiff truetype truetype-fonts type1-fonts unicode vorbis wmf xinerama xml2 xmms xprint xv zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS azarah@gentoo.org 2005-06-09 08:52:10 0000 This is because chmod follows the symlink, and tries to chmod the actual /usr/bin/sendmail. The Makefile should be patched to not do this. If you need more info, add me to CC. sllewbj@blueyonder.co.uk 2005-06-09 09:12:52 0000 There is indeed a line in the Makefile that could do the chmod, but I think it is not being invoked. I suspect the guilty chmod is the one in the ebuild script. soulse@gmail.com 2005-07-16 23:13:17 0000 Created an attachment (id=63591) nullmailer-1.00.ebuild.diff well i couldnt reproduce the problem but i think this patch could help you... dragonheart@gentoo.org 2005-07-20 15:35:07 0000 I did produce this problem and Marco's patch works. robbat2@gentoo.org 2005-11-29 12:30:00 0000 fixed in cvs. 63591 2005-07-16 23:13 0000 nullmailer-1.00.ebuild.diff nullmailer-1.00.ebuild.diff text/plain LS0tIG51bGxtYWlsZXItMS4wMC5lYnVpbGQub3JpZwkyMDA1LTA3LTE3IDAwOjQ2OjU2LjI0MTcx NzE3NiArMDAwMAorKysgbnVsbG1haWxlci0xLjAwLmVidWlsZAkyMDA1LTA3LTE3IDAwOjU0OjI1 LjA3MzQ4NDM3NiArMDAwMApAQCAtNjUsNyArNjUsNiBAQAogCWlmIHVzZSBtYWlsd3JhcHBlcjsg dGhlbgogCQltdiAke0R9L3Vzci9zYmluL3NlbmRtYWlsICR7RH0vdXNyL3NiaW4vc2VuZG1haWwu bnVsbG1haWxlcgogCQltdiAke0R9L3Vzci9iaW4vbWFpbHEgJHtEfS91c3IvYmluL21haWxxLm51 bGxtYWlsZXIKLQkJZG9zeW0gL3Vzci9zYmluL3NlbmRtYWlsIC91c3IvYmluL21haWxxCiAJCWlu c2ludG8gL2V0Yy9tYWlsCiAJCWRvaW5zICR7RklMRVNESVJ9L21haWxlci5jb25mCiAJZmkKQEAg LTEyMCw2ICsxMTksMTAgQEAKIAljaG1vZCA3NzAgL3Zhci9sb2cvbnVsbG1haWxlciAvdmFyL251 bGxtYWlsZXIve3RtcCxxdWV1ZX0KIAljaG1vZCA2NjAgL3Zhci9udWxsbWFpbGVyL3RyaWdnZXIK IAorCWlmIHVzZSBtYWlsd3JhcHBlcjsgdGhlbgorCQlkb3N5bSAvdXNyL3NiaW4vc2VuZG1haWwg L3Vzci9iaW4vbWFpbHEKKwlmaQorCiAJZWluZm8gIlRvIGNyZWF0ZSBhbiBpbml0aWFsIHNldHVw LCBwbGVhc2UgZG86IgogCWVpbmZvICJlYnVpbGQgL3Zhci9kYi9wa2cvJHtDQVRFR09SWX0vJHtQ Rn0vJHtQRn0uZWJ1aWxkIGNvbmZpZyIKIAltc2dfc3ZzY2FuCg==