Bug 358755

Summary:	[gnome-overlay] media-video/totem-2.91.91 : sandbox violation
Product:	Gentoo Linux	Reporter:	Guillaume ZITTA <gentoo.guillaume>
Component:	[OLD] GNOME	Assignee:	Gentoo Linux Gnome Desktop Team <gnome>
Status:	RESOLVED FIXED
Severity:	normal	CC:	cornicx, gentoo.guillaume, gentoo, plaes, travisghansen
Priority:	Normal	Keywords:	InVCS
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	sandbox logs patch to fix sandbox violation Patch to fix sandbox violation at eclass level

Description Guillaume ZITTA 2011-03-13 21:35:45 UTC

sandbox violation on compile for /root/.gconfd and /root/.gconf


Reproducible: Always

Comment 1 Guillaume ZITTA 2011-03-13 21:36:23 UTC

Created attachment 265769 [details]
sandbox logs

Comment 2 Guillaume ZITTA 2011-03-13 21:37:40 UTC

Created attachment 265771 [details, diff]
patch to fix sandbox violation

Comment 3 Gilles Dartiguelongue (RETIRED) gentoo-dev

2011-03-14 09:28:56 UTC

That looks like a duplicate of a report we had for in tree ebuilds.
We should also stop adding workarounds like this and work on our eclasses sanitizing functions instead.

Comment 4 Guillaume ZITTA 2011-03-15 20:27:35 UTC

Created attachment 266027 [details, diff]
Patch to fix sandbox violation at eclass level

thanks for your comment, Gilles.
I've patched eclass too, but I'm less confident about side effects.

Comment 5 Gilles Dartiguelongue (RETIRED) gentoo-dev

2011-03-30 08:29:09 UTC

*** Bug 360697 has been marked as a duplicate of this bug. ***

Comment 6 tman 2011-03-30 10:29:25 UTC

well i see only on the version number and if it dont suit, i make a new report. else some other developer will complain agin

Comment 7 M. B. 2011-04-05 15:06:34 UTC

This bug is still valid for totem-3.0.0.

Comment 8 Nirbheek Chauhan (RETIRED) gentoo-dev

2011-04-05 17:35:50 UTC

For reference: the current official solution for this is to compile with FEATURES=userpriv .

Comment 9 tman 2011-04-05 18:37:09 UTC

the best solution are dont compile in X, go in a tyy console and emerge from there, so u have not to change anything.

it it works

Comment 10 Pacho Ramos gentoo-dev

2011-04-07 09:12:08 UTC

*** Bug 362397 has been marked as a duplicate of this bug. ***

Comment 11 Nirbheek Chauhan (RETIRED) gentoo-dev

2011-05-03 16:10:39 UTC

There's a patch to not detect gconf sinks at all in totem now. This should work around the issue till we can figure out how to fix it properly.

Please don't close this bug till we can find a proper solution (or till GConf is killed).

Comment 12 Travis Hansen 2011-10-17 00:55:00 UTC

Same with 3.2.0.

Comment 13 Pacho Ramos gentoo-dev

2012-01-30 10:01:15 UTC

I can't see anything about this in current totem-3.2 ebuild in the tree, how was this handled finally? At eclass level?

Comment 14 Priit Laes (IRC: plaes) 2012-04-06 10:00:19 UTC

with totem-3.4.0

--------------------------- ACCESS VIOLATION SUMMARY ---------------------------
LOG FILE "/var/log/sandbox/sandbox-23993.log"

VERSION 1.0
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line

F: open_wr
S: deny
P: /dev/dri/card0
A: /dev/dri/card0
R: /dev/dri/card0
C: /usr/libexec/gstreamer-0.10/gst-plugin-scanner -l 
--------------------------------------------------------------------------------

Comment 15 Alexandre Rostovtsev (RETIRED) gentoo-dev

2012-04-07 08:34:46 UTC

(In reply to comment #14)
> with totem-3.4.0
> 
> --------------------------- ACCESS VIOLATION SUMMARY
> ---------------------------
> LOG FILE "/var/log/sandbox/sandbox-23993.log"
> 
> VERSION 1.0
> FORMAT: F - Function called
> FORMAT: S - Access Status
> FORMAT: P - Path as passed to function
> FORMAT: A - Absolute Path (not canonical)
> FORMAT: R - Canonical Path
> FORMAT: C - Command Line
> 
> F: open_wr
> S: deny
> P: /dev/dri/card0
> A: /dev/dri/card0
> R: /dev/dri/card0
> C: /usr/libexec/gstreamer-0.10/gst-plugin-scanner -l 
> -----------------------------------------------------------------------------
> ---

Can you try with

src_compile() {
        DISPLAY="999invalid" gnome2_src_compile
}

in the ebuild?

Comment 16 Alexandre Rostovtsev (RETIRED) gentoo-dev

2012-04-08 16:06:43 UTC

(In reply to comment #14)
> with totem-3.4.0
> 
> --------------------------- ACCESS VIOLATION SUMMARY
> ---------------------------
> LOG FILE "/var/log/sandbox/sandbox-23993.log"
> 
> VERSION 1.0
> FORMAT: F - Function called
> FORMAT: S - Access Status
> FORMAT: P - Path as passed to function
> FORMAT: A - Absolute Path (not canonical)
> FORMAT: R - Canonical Path
> FORMAT: C - Command Line
> 
> F: open_wr
> S: deny
> P: /dev/dri/card0
> A: /dev/dri/card0
> R: /dev/dri/card0
> C: /usr/libexec/gstreamer-0.10/gst-plugin-scanner -l 
> -----------------------------------------------------------------------------
> ---

These particular violations occur only when FEATURES=-userpriv and are caused by gst-inspect-0.10, which is run by configure to check for various gst plugins. Fixed in the overlay by the usual hack of passing DISPLAY=999invalid to configure.

Comment 17 Gilles Dartiguelongue (RETIRED) gentoo-dev

2013-01-12 11:38:21 UTC

+  12 Jan 2013; Gilles Dartiguelongue <eva@gentoo.org> totem-2.32.0-r2.ebuild,
+  totem-3.4.3.ebuild, totem-3.6.3-r1.ebuild:
+  Workaround sandbox violations due to gst-inspect, bug #358755 & co.
+

I have disabled gst-inspect in configure like I did in sound-juicer.
This is more annoyance for us than necessary since we check configure.ac
changes in bumps hence dependencies should already be satisfied at this point
of the build.

Possible alternative solution would be to chase down all gstreamer plugins
that need to open a GL context on mere scan which seems silly.