466522 – media-libs/libvpx sandbox violation in command 'php -v' (again)

Bug 466522 - media-libs/libvpx sandbox violation in command 'php -v' (again)

Summary: media-libs/libvpx sandbox violation in command 'php -v' (again)

Status:	RESOLVED DUPLICATE of bug 465988

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	Low QA (vote)
Assignee:	Gentoo Media-video project

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-04-20 03:17 UTC by Mark Wright
Modified:	2013-04-23 17:10 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mark Wright gentoo-dev

2013-04-20 03:17:52 UTC

As noted at the end of:

384585 media-libs/libvpx sandbox violation in command 'php -v'

This problem re-occurs:

>>> Source configured.
--------------------------- ACCESS VIOLATION SUMMARY ---------------------------
LOG FILE "/var/log/sandbox/sandbox-5743.log"

VERSION 1.0
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line

F: mkdir
S: deny
P: /var/lib/net-snmp/mib_indexes
A: /var/lib/net-snmp/mib_indexes
R: /var/lib/net-snmp/mib_indexes
C: php -v 
--------------------------------------------------------------------------------

If php -v was ever run as root beforehand, then the sandbox violation is slightly different, but is covered by the same fix:

argus ~ # php -v
Created directory: /var/lib/net-snmp/mib_indexes
PHP 5.4.13--pl0-gentoo (cli) (built: Apr 11 2013 05:43:12) 
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies
argus ~ # emerge -av dev-libs/libpvx

These are the packages that would be merged, in order:

Calculating dependencies... done!

emerge: there are no ebuilds to satisfy "dev-libs/libpvx".

emerge: searching for similar names...
emerge: Maybe you meant any of these: dev-libs/libpqxx, dev-libs/libxr, dev-libs/libev?
argus ~ # emerge -av media-libs/libvpx

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild     U  ] media-libs/libvpx-1.1.0 [1.0.0] USE="doc mmx sse sse2 threads (-altivec) -debug -postproc -sse3 -sse4_1 -ssse3 -static-libs" 0 kB

Total: 1 package (1 upgrade), Size of downloads: 0 kB

Would you like to merge these packages? [Yes/No] y
>>> Verifying ebuild manifests
>>> Emerging (1 of 1) media-libs/libvpx-1.1.0
>>> Failed to emerge media-libs/libvpx-1.1.0, Log file:
>>>  '/h/argus/3/root/var/tmp/portage/media-libs/libvpx-1.1.0/temp/build.log'
>>> Jobs: 0 of 1 complete, 1 failed                 Load avg: 2.53, 4.94, 4.20
 * Package:    media-libs/libvpx-1.1.0
 * Repository: gentoo
 * Maintainer: media-video@gentoo.org
 * USE:        abi_x86_64 amd64 doc elibc_glibc kernel_linux mmx multilib sse sse2 test threads userland_GNU
 * FEATURES:   compressdebug installsources preserve-libs sandbox splitdebug test userpriv usersandbox
>>> Unpacking source...
>>> Unpacking libvpx-v1.1.0.tar.bz2 to /h/argus/3/root/var/tmp/portage/media-libs/libvpx-1.1.0/work
>>> Source unpacked in /h/argus/3/root/var/tmp/portage/media-libs/libvpx-1.1.0/work
>>> Preparing source in /h/argus/3/root/var/tmp/portage/media-libs/libvpx-1.1.0/work/libvpx-v1.1.0 ...
 * Applying libvpx-1.1.0-chost.patch ...
 [ ok ]
 * Applying libvpx-1.1.0-generic-gnu-shared.patch ...
 [ ok ]
 * Applying libvpx-1.1.0-arm.patch ...
 [ ok ]
 * Applying libvpx-1.1.0-x32.patch ...
 [ ok ]
>>> Source prepared.
>>> Configuring source in /h/argus/3/root/var/tmp/portage/media-libs/libvpx-1.1.0/work/libvpx-v1.1.0 ...
./configure --prefix=/usr --libdir=/usr/lib64 --enable-pic --enable-vp8 --enable-shared --extra-cflags=-O2 -march=native -ggdb -gdwarf-4 -fvar-tracking-assignments -fvar-tracking -pipe --disable-altivec --disable-debug-libs --disable-debug --enable-install-docs --enable-mmx --disable-postproc --enable-sse --enable-sse2 --disable-sse3 --disable-sse4_1 --disable-ssse3 --disable-static --enable-multithread
Configuring selected codecs
  enabling vp8_encoder
  enabling vp8_decoder
Configuring for target 'x86_64-linux-gcc'
  enabling x86_64
  enabling pic
  enabling runtime_cpu_detect
  enabling mmx
  enabling sse
  enabling sse2
  using yasm
Creating makefiles for x86_64-linux-gcc libs
Creating makefiles for x86_64-linux-gcc examples
Creating makefiles for x86_64-linux-gcc docs
>>> Source configured.
--------------------------- ACCESS VIOLATION SUMMARY ---------------------------
LOG FILE "/var/log/sandbox/sandbox-29703.log"

VERSION 1.0
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line

F: open_wr
S: deny
P: /var/lib/net-snmp/mib_indexes/0
A: /var/lib/net-snmp/mib_indexes/0
R: /var/lib/net-snmp/mib_indexes/0
C: php -v 
--------------------------------------------------------------------------------
argus ~ # 

Fix is simple (I tested it on both the above cases):

argus ~ # diff -wc /usr/portage/media-libs/libvpx/libvpx-1.1.0.ebuild /usr/local/portage/media-libs/libvpx/libvpx-1.1.0.ebuild 
*** /usr/portage/media-libs/libvpx/libvpx-1.1.0.ebuild	Wed Apr 17 07:31:19 2013
--- /usr/local/portage/media-libs/libvpx/libvpx-1.1.0.ebuild	Sat Apr 20 13:00:54 2013
***************
*** 64,69 ****
--- 64,70 ----
  
  	# http://bugs.gentoo.org/show_bug.cgi?id=384585
  	addpredict /usr/share/snmp/mibs/.index
+ 	addpredict /var/lib/net-snmp/mib_indexes
  
  	# Build with correct toolchain.
  	tc-export CC AR NM
argus ~ #

Comment 1 Jeroen Roovers (RETIRED) gentoo-dev

2013-04-23 17:10:42 UTC


*** This bug has been marked as a duplicate of bug 465988 ***