Bug 177256 - net-analyzer/rrdtool-1.2.23 sandbox violation
|
Bug#:
177256
|
Product: Gentoo Linux
|
Version: unspecified
|
Platform: AMD64
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: normal
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: pva@gentoo.org
|
Reported By: aikawarazuni@gmail.com
|
|
Component: Ebuilds
|
|
|
URL:
|
|
Summary: net-analyzer/rrdtool-1.2.23 sandbox violation
|
|
Keywords:
|
|
Status Whiteboard:
|
|
Opened: 2007-05-05 22:27 0000
|
Broke the sandbox, attempted to access illegally:
open_wr: /usr/lib/ruby/1.8/x86_64-linux/RRD.so (symlink to
/usr/lib64/ruby/1.8/x86_64-linux/RRD.so)
Reproducible: Always
On i386 systems emerge rrdtool-1.2.23 fails with:
make[4]: Entering directory
`/var/tmp/portage/net-analyzer/rrdtool-1.2.23/work/rrdtool-1.2.23/bindings/ruby'
Makefile:144: Commands were specified for file `RRD.so' at Makefile:114,
Makefile:144: but `RRD.so' is now considered the same file as
`/usr/lib/ruby/1.8/i686-linux/RRD.so'.
Makefile:144: Commands for `/usr/lib/ruby/1.8/i686-linux/RRD.so' will be
ignored in favor of those for `RRD.so'.
make[4]: Circular /usr/lib/ruby/1.8/i686-linux/RRD.so <-
/usr/lib/ruby/1.8/i686-linux/RRD.so dependency dropped.
i686-pc-linux-gnu-gcc -I. -I. -I/usr/lib/ruby/1.8/i686-linux -I. -I../../src
-fPIC -O2 -march=athlon-xp -fno-str
ict-aliasing -fPIC -c main.c
/bin/install -c -m 0755 RRD.so /usr/lib/ruby/1.8/i686-linux
/bin/install: cannot stat `RRD.so': No such file or directory
make[4]: *** [/usr/lib/ruby/1.8/i686-linux/RRD.so] Error 1
(In reply to comment #2)
Isn't this a different bug?
It's related - difference is only in enabling ruby use flag:
make[4]: Entering directory
`/var/tmp/portage/net-analyzer/rrdtool-1.2.23/work/rrdtool-1.2.23/bindings/ruby'
Makefile:144: Commands were specified for file `RRD.so' at Makefile:114,
Makefile:144: but `RRD.so' is now considered the same file as
`/usr/lib/ruby/1.8/i686-linux/RRD.so'.
Makefile:144: Commands for `/usr/lib/ruby/1.8/i686-linux/RRD.so' will be
ignored in favor of those for `RRD.so'.
make[4]: Circular /usr/lib/ruby/1.8/i686-linux/RRD.so <-
/usr/lib/ruby/1.8/i686-linux/RRD.so dependency dropped.
i686-pc-linux-gnu-gcc -I. -I. -I/usr/lib/ruby/1.8/i686-linux -I. -I../../src
-fPIC -march=pentium-m -O2 -pipe -fno-strict-aliasing -fPIC -c main.c
/usr/bin/install -c -m 0755 RRD.so /usr/lib/ruby/1.8/i686-linux
/usr/bin/install: cannot stat `RRD.so': No such file or directory
make[4]: *** [/usr/lib/ruby/1.8/i686-linux/RRD.so] Error 1
make[4]: Leaving directory
`/var/tmp/portage/net-analyzer/rrdtool-1.2.23/work/rrdtool-1.2.23/bindings/ruby'
make[3]: *** [ruby] Error 2
make[3]: *** Waiting for unfinished jobs....
creating build/lib.linux-i686-2.5
i686-pc-linux-gnu-gcc -pthread -shared -march=pentium-m -O2 -pipe
-fno-strict-aliasing -Wall -std=gnu99 -pedantic -Wshadow -Wpointer-arith
-Wcast-align -Wmissing-prototypes -Wmissing-declarations -Wnested-externs
-Winline -W -fPIC -DPIC -I/usr/include/libart-2.0 -I/usr/include/freetype2
build/temp.linux-i686-2.5/rrdtoolmodule.o -L../../src/.libs -L/usr/lib
-R../../src/.libs -lrrd -lpython2.5 -o
build/lib.linux-i686-2.5/rrdtoolmodule.so
i686-pc-linux-gnu-gcc: unrecognized option '-R../../src/.libs'
make[3]: Leaving directory
`/var/tmp/portage/net-analyzer/rrdtool-1.2.23/work/rrdtool-1.2.23/bindings'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory
`/var/tmp/portage/net-analyzer/rrdtool-1.2.23/work/rrdtool-1.2.23/bindings'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory
`/var/tmp/portage/net-analyzer/rrdtool-1.2.23/work/rrdtool-1.2.23'
make: *** [all] Error 2
!!! ERROR: net-analyzer/rrdtool-1.2.23 failed.
Call stack:
ebuild.sh, line 1614: Called dyn_compile
ebuild.sh, line 971: Called qa_call 'src_compile'
ebuild.sh, line 44: Called src_compile
rrdtool-1.2.23.ebuild, line 64: Called die
!!! make failed
!!! If you need support, post the topmost build error, and the call stack if
relevant.
!!! A complete build log is located at
'/var/tmp/portage/net-analyzer/rrdtool-1.2.23/temp/build.log'.
(this is with -ruby)
It looks like automagic dependency.
Is this error related, do you think?
Checking if your kit is complete...
Looks good
Writing Makefile for RRDs
cd perl-shared && make
make[4]: Entering directory
`/var/tmp/portage/net-analyzer/rrdtool-1.2.23/work/rrdtool-1.2.23/bindings/perl-shared'
cp RRDs.pm blib/lib/RRDs.pm
cp ntmake.pl blib/lib/ntmake.pl
/usr/bin/perl5.8.8 /usr/lib/perl5/5.8.8/ExtUtils/xsubpp -typemap
/usr/lib/perl5/5.8.8/ExtUtils/typemap RRDs.xs > RRDs.xsc && mv RRDs.xsc RRDs.c
i686-pc-linux-gnu-gcc -c -I../../src -D_REENTRANT -D_GNU_SOURCE
-DTHREADS_HAVE_PIDS -fno-strict-aliasing -pipe -Wdeclaration-after-statement
-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -march=i686 -O2 -pipe
-DVERSION=\"1.2023\" -DXS_VERSION=\"1.2023\" -fPIC
"-I/usr/lib/perl5/5.8.8/i686-linux-thread-multi/CORE" -DPERLPATCHLEVEL=8
RRDs.c
Running Mkbootstrap for RRDs ()
chmod 644 RRDs.bs
rm -f blib/arch/auto/RRDs/RRDs.so
i686-pc-linux-gnu-gcc -shared -L/usr/local/lib RRDs.o -L../../src/.libs/
-Wl,--rpath -Wl,/usr/lib -lrrd -lm -o blib/arch/auto/RRDs/RRDs.so \
\
chmod 755 blib/arch/auto/RRDs/RRDs.so
cp RRDs.bs blib/arch/auto/RRDs/RRDs.bs
chmod 644 blib/arch/auto/RRDs/RRDs.bs
Manifying blib/man3/RRDs.3pm
make[4]: Leaving directory
`/var/tmp/portage/net-analyzer/rrdtool-1.2.23/work/rrdtool-1.2.23/bindings/perl-shared'
cd ruby && /usr/bin/ruby extconf.rb && make EPREFIX=/usr sitedir=/usr/lib/ruby
checking for rrd_create() in -lrrd... yes
creating Makefile
make[4]: Entering directory
`/var/tmp/portage/net-analyzer/rrdtool-1.2.23/work/rrdtool-1.2.23/bindings/ruby'
Makefile:144: Commands were specified for file `RRD.so' at Makefile:114,
Makefile:144: but `RRD.so' is now considered the same file as
`/usr/lib/ruby/1.8/i686-linux/RRD.so'.
Makefile:144: Commands for `/usr/lib/ruby/1.8/i686-linux/RRD.so' will be
ignored in favor of those for `RRD.so'.
make[4]: Circular /usr/lib/ruby/1.8/i686-linux/RRD.so <-
/usr/lib/ruby/1.8/i686-linux/RRD.so dependency dropped.
i686-pc-linux-gnu-gcc -I. -I. -I/usr/lib/ruby/1.8/i686-linux -I. -I../../src
-fPIC -march=i686 -O2 -pipe -fno-strict-aliasing -fPIC -c main.c
/usr/bin/install -c -m 0755 RRD.so /usr/lib/ruby/1.8/i686-linux
/usr/bin/install: cannot stat `RRD.so': No such file or directory
make[4]: *** [/usr/lib/ruby/1.8/i686-linux/RRD.so] Error 1
make[4]: Leaving directory
`/var/tmp/portage/net-analyzer/rrdtool-1.2.23/work/rrdtool-1.2.23/bindings/ruby'
make[3]: *** [ruby] Error 2
make[3]: Leaving directory
`/var/tmp/portage/net-analyzer/rrdtool-1.2.23/work/rrdtool-1.2.23/bindings'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory
`/var/tmp/portage/net-analyzer/rrdtool-1.2.23/work/rrdtool-1.2.23/bindings'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory
`/var/tmp/portage/net-analyzer/rrdtool-1.2.23/work/rrdtool-1.2.23'
make: *** [all] Error 2
!!! ERROR: net-analyzer/rrdtool-1.2.23 failed.
Call stack:
ebuild.sh, line 1614: Called dyn_compile
ebuild.sh, line 971: Called qa_call 'src_compile'
ebuild.sh, line 44: Called src_compile
rrdtool-1.2.23.ebuild, line 64: Called die
!!! make failed
!!! If you need support, post the topmost build error, and the call stack if
relevant.
!!! A complete build log is located at
'/var/tmp/portage/net-analyzer/rrdtool-1.2.23/temp/build.log'.
Created an attachment (id=118452) [details]
patch for disabling ruby bindings
Simple patch for disabling ruby bindings all together.
As stated, only disables ruby bindings, does not take care of the
sandbox violation at all. Kind of like, hiding the dirt under the
carpet.
I am not interested in the ruby bindings, so I wanted to at least
be able to install the ebuild.
Same error as comment #1. (permission denied)
Agree with comment #7, ruby is not enabled on my machine (so i prefer not being
bothered with ruby stuff ;)
Now it seems that ruby bindings was present in 1.2.19 but not enabled due
missing .PHONY in bindings/Makefile (so ruby was not tried to be installed).
If i go into
/var/tmp/portage/net-analyzer/rrdtool-1.2.23/work/rrdtool-1.2.23/bindings and
make install, everything seems to be ok:
make[3]: Entering directory
`/var/tmp/portage/net-analyzer/rrdtool-1.2.23/work/rrdtool-1.2.23/bindings/ruby'
/usr/bin/install -c -m 0755 RRD.so /usr/lib/ruby/1.8/x86_64-linux
But i'm not aware of portage/sandbox rules/rights that might be the point here.
I've got that /bin/install error, too:
make[4]: Entering directory
`/var/tmp/portage/net-analyzer/rrdtool-1.2.23/work/rrdtool-1.2.23/bindings/ruby'
Makefile:144: Commands were specified for file `RRD.so' at Makefile:114,
Makefile:144: but `RRD.so' is now considered the same file as
`/usr/lib/ruby/1.8/i686-linux/RRD.so'.
Makefile:144: Commands for `/usr/lib/ruby/1.8/i686-linux/RRD.so' will be
ignored in favor of those for `RRD.so'.
make[4]: Circular /usr/lib/ruby/1.8/i686-linux/RRD.so <-
/usr/lib/ruby/1.8/i686-linux/RRD.so dependency dropped.
i686-pc-linux-gnu-gcc -I. -I. -I/usr/lib/ruby/1.8/i686-linux -I. -I../../src
-fPIC -mtune=athlon-xp -O3 -pipe -fPIC -c main.c
running build
running build_ext
/bin/install -c -m 0755 RRD.so /usr/lib/ruby/1.8/i686-linux
make[4]: /bin/install: Command not found
make[4]: *** [/usr/lib/ruby/1.8/i686-linux/RRD.so] Error 127
make[4]: Leaving directory
`/var/tmp/portage/net-analyzer/rrdtool-1.2.23/work/rrdtool-1.2.23/bindings/ruby'
make[3]: *** [ruby] Error 2
make[3]: *** Waiting for unfinished jobs....
building 'rrdtoolmodule' extension
creating build
creating build/temp.linux-i686-2.4
i686-pc-linux-gnu-gcc -pthread -fno-strict-aliasing -DNDEBUG -mtune=athlon-xp
-O3 -pipe -fno-strict-aliasing -Wall -std=gnu99 -pedantic -Wshadow
-Wpointer-arith -Wcast-align -Wmissing-prototypes -Wmissing-declarations
-Wnested-externs -Winline -W -fPIC -DPIC -I/usr/include/libart-2.0
-I/usr/include/freetype2 -fPIC -I../../src -I/usr/include/python2.4 -c
rrdtoolmodule.c -o build/temp.linux-i686-2.4/rrdtoolmodule.o
creating build/lib.linux-i686-2.4
i686-pc-linux-gnu-gcc -pthread -shared -mtune=athlon-xp -O3 -pipe
-fno-strict-aliasing -Wall -std=gnu99 -pedantic -Wshadow -Wpointer-arith
-Wcast-align -Wmissing-prototypes -Wmissing-declarations -Wnested-externs
-Winline -W -fPIC -DPIC -I/usr/include/libart-2.0 -I/usr/include/freetype2
build/temp.linux-i686-2.4/rrdtoolmodule.o -L../../src/.libs -R../../src/.libs
-lrrd -o build/lib.linux-i686-2.4/rrdtoolmodule.so
i686-pc-linux-gnu-gcc: unrecognized option `-R../../src/.libs'
make[3]: Leaving directory
`/var/tmp/portage/net-analyzer/rrdtool-1.2.23/work/rrdtool-1.2.23/bindings'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory
`/var/tmp/portage/net-analyzer/rrdtool-1.2.23/work/rrdtool-1.2.23/bindings'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory
`/var/tmp/portage/net-analyzer/rrdtool-1.2.23/work/rrdtool-1.2.23'
make: *** [all] Error 2
I think the errors are related, they both seem to come from wrong
sandbox-related pathname arithmetics, maybe some variable is not set correctly.
/usr/bin/install -c -m 0755 RRD.so /usr/lib/ruby/1.8/x86_64-linux
ACCESS DENIED open_wr: /usr/lib/ruby/1.8/x86_64-linux/RRD.so
/usr/bin/install: cannot create regular file
`/usr/lib/ruby/1.8/x86_64-linux/RRD.so': Permission denied
make[4]: *** [/usr/lib/ruby/1.8/x86_64-linux/RRD.so] Error 1
make[4]: Leaving directory
`/dev/shm/portage/net-analyzer/rrdtool-1.2.23/work/rrdtool-1.2.23/bindings/ruby'
--------------------------- ACCESS VIOLATION SUMMARY
---------------------------
LOG FILE = "/var/log/sandbox/sandbox-net-analyzer_-_rrdtool-1.2.23-22319.log"
open_wr: /usr/lib/ruby/1.8/x86_64-linux/RRD.so (symlink to
/usr/lib64/ruby/1.8/x86_64-linux/RRD.so)
--------------------------------------------------------------------------------
Fixed in rrdtool-1.2.23-r1.
