Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 98854 - media-libs/libcaca; media-libs/libdvdcss; doxygen causes sandbox access violation on
Summary: media-libs/libcaca; media-libs/libdvdcss; doxygen causes sandbox access viola...
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Library (show other bugs)
Hardware: x86 Linux
: High normal
Assignee: Gentoo Media-video project
: 99090 99166 99450 99829 99894 100408 (view as bug list)
Depends on:
Reported: 2005-07-13 00:49 UTC by Thomas Heinz
Modified: 2005-11-03 16:39 UTC (History)
18 users (show)

See Also:
Package list:
Runtime testing required: ---

libcaca-0.9-r1 emerge log (libcaca-0.9-r1.log.gz,11.89 KB, application/x-gzip)
2005-07-13 04:08 UTC, Thomas Heinz
libdvdcss-1.2.9.ebuild (libdvdcss-1.2.9.ebuild,1.79 KB, text/plain)
2005-07-22 16:08 UTC, Tom Fredrik Blenning Klaussen
Proposed patch for libdvdcss-1.2.9.ebuild (patch,293 bytes, patch)
2005-08-22 10:39 UTC, Ulrich Müller
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Heinz 2005-07-13 00:49:21 UTC
Emerging media-libs/libcaca-0.9-r1 yields a number of access violations. The
history shows a number of lines of the following form:

kpathsea: Running mktextfm <font>
ACCESS DENIED   access_wr: /usr/share/texmf/fonts

Reproducible: Always
Steps to Reproduce:
1. emerge libcaca
Actual Results:  
--------------------------- ACCESS VIOLATION SUMMARY ---------------------------
LOG FILE = "/tmp/sandbox-media-libs_-_libcaca-0.9-r1-7765.log"

access_wr: /usr/share/texmf/fonts
access_wr: /usr/share/texmf/fonts

Portage (default-linux/x86/2005.0, gcc-3.3.5-20050130,
glibc-, 2.6.11-gentoo-r9 i686)
System uname: 2.6.11-gentoo-r9 i686 AMD Athlon(tm) Processor
Gentoo Base System version 1.6.12
dev-lang/python:     2.3.5
sys-apps/sandbox:    1.2.10
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5
sys-devel/libtool:   1.5.18-r1
virtual/os-headers:  2.6.11-r2
CFLAGS="-O2 -march=athlon -pipe -fomit-frame-pointer"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env
/usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config
/usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
/usr/share/texmf/xdvi/ /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=athlon -pipe -fomit-frame-pointer"
FEATURES="autoconfig ccache distlocks sandbox sfperms strict"
USE="3dnow X Xaw3d a52 aac aalib accessibility acl acpi aim alsa apache2 apm
arts audiofile avi bash-completion bcmath berkdb bitmap-fonts bluetooth bzip2
calendar caps cdb cdparanoia cdr cpdflib crypt cscope cups curl curlwrappers dbm
dbus dedicated dga dio directfb divx4linux doc dv dvb dvd dvdr dvdread emacs
emboss encode esd ethereal examples exif fam fastcgi fbcon ffmpeg fftw flac
flash flatfile foomaticdb fortran freetds ftp gd gdbm geoip gif ginac glut gmp
gnome gnutls gphoto2 gpm gps gstreamer gtk gtk2 guile hal hardened hardenedphp
howl hyperwave-api icc iconv icq ieee1394 imagemagick imap imlib innodb iodbc
ipv6 jabber jack java javascript joystick jpeg kde kdeenablefinal kerberos krb4
ladccalcms ldap leim lesstif libcaca libg++ libgda libwww lirc lm_sensors mad
maildir matroska matrox mbox mcal mcve memlimit mhash mikmod milter mime ming
mmap mmx mng mono motif mozilla mp3 mpeg mpi msession msn mule mysql mysqli nas
ncurses netcdf nls nocd nptl offensive ofx ogg oggvorbis openal opengl osc oscar
oss pam pcntl pcre pda pdflib perl pfpro phpplotutils png portaudio posix ppds
python qdbm qt quicktime radius readline recode ruby samba sasl scanner sdl
session sharedext sharedmem shorten simplexml skey slang slp smartcard sndfile
snmp soap sockets socks5 sox speex spell spl sqlite ssl svg svga tcltk tcpd
tetex theora threads tidy tiff tokenizer truetype truetype-fonts type1-fonts usb
v4l vcd vhosts videos vorbis wddx win32codecs wmf wxwindows x86 xface xine xml
xml2 xmlrpc xmms xpm xprint xsl xv xvid yahoo yaz zeo zlib linguas_de
userland_GNU kernel_linux elibc_glibc"
Comment 1 Diego Elio Pettenò (RETIRED) gentoo-dev 2005-07-13 03:44:44 UTC
Please attach the full LOG file. 
Comment 2 Thomas Heinz 2005-07-13 04:08:58 UTC
Created attachment 63304 [details]
libcaca-0.9-r1 emerge log
Comment 3 Thomas Heinz 2005-07-13 14:28:06 UTC
Here are some more details about the cause of the first access violation:

`doxygen doxygen.cfg` is executed in
/var/tmp/portage/libcaca-0.9-r1/work/libcaca-0.9/doc which creates the
subdirectory latex.

Then `make ps` is executed from within the latex subdirectory which issues
`latex refman.tex` which again issues `/bin/sh /usr/bin/mktextfm ecrm1000`.

Now the last command causes the access violation.
Comment 4 Thomas Heinz 2005-07-13 15:02:37 UTC
Another interesting observation is the following. I started `emerge libcaca` and
suspended the process shortly before `make all` in the doc subdirectory is
executed. Then I opened a sandbox shell and issued `make all` from within the
doc subdirectory. This works without any access violation.

Hence, the remaining question is: Where is the difference between the manual
sandbox environment and the emerge sandbox environment?
Comment 5 Diego Elio Pettenò (RETIRED) gentoo-dev 2005-07-14 03:30:17 UTC
Ok I'm seeing a similar behavior on libdvdcss too when building API docs. 
Seems to be a general doxygen problem, does anybody knows anything on that? 
Comment 6 Martin Schlemmer (RETIRED) gentoo-dev 2005-07-14 03:56:03 UTC
The ebuild does:  export VARTEXFONTS="${T}/fonts"
Anyhow, I havent really looked at tetex since the 1.0.x days I maintained it,
but you might have to do something post install, or such.
Comment 7 sfp-a7x 2005-07-14 12:18:33 UTC
Just wanted to say "me too":  emerging libcaca gives me ACCESS DENIED messages
and fails.
Comment 8 sigloiv 2005-07-14 14:22:12 UTC
It happens to me while emerging libdvdcss, as #5 pointed out.
Comment 9 Diego Elio Pettenò (RETIRED) gentoo-dev 2005-07-15 05:17:49 UTC
*** Bug 99090 has been marked as a duplicate of this bug. ***
Comment 10 Ed Catmur 2005-07-15 12:02:42 UTC
I have been able to fix this (in libdvdcss; I have not experienced it in
libcaca) with:


placed in /etc/portage/bashrc or within the ebuild. It might also work to use 

export VARTEXFONTS="${T}/fonts" TEXMFVAR="${T}/fonts" USE_TEXMFVAR=1

but the directory ${T}/fonts would have to be created first.
Comment 11 Diego Elio Pettenò (RETIRED) gentoo-dev 2005-07-16 01:59:45 UTC
*** Bug 99166 has been marked as a duplicate of this bug. ***
Comment 12 Bill Krueger 2005-07-17 13:17:51 UTC
I can verify that #10's suggestion of adding (or creating a file with) the
following line:


to /etc/portage/bashrc fixed this problem (libdvdcss) for me.
Comment 13 Steve Arnold archtester gentoo-dev 2005-07-18 08:45:21 UTC
If you're going for a more permanent fix, perhaps the tetex environment should 
be modified (via /etc/env.d ?) since it appears doxygen simply calls tetex to
build that part of the docs (latex is used to generate the PDF output I believe).
Comment 14 Kurt Guenther 2005-07-18 11:31:15 UTC
*** Bug 99450 has been marked as a duplicate of this bug. ***
Comment 15 Jakub Moc (RETIRED) gentoo-dev 2005-07-21 14:02:23 UTC
*** Bug 99829 has been marked as a duplicate of this bug. ***
Comment 16 Jakub Moc (RETIRED) gentoo-dev 2005-07-22 04:03:14 UTC
*** Bug 99894 has been marked as a duplicate of this bug. ***
Comment 17 Tom Fredrik Blenning Klaussen 2005-07-22 16:08:50 UTC
Created attachment 64091 [details]

I created a replacement for the existing libdvdcss ebuild, following the
suggestions given above.

As far as I can understand the reasons for this behaviour is the font-caching
property of tex. The correct solution would be to somehow let the caching
continue to occur outside the sandbox, if thats possible.
Comment 18 Tom Fredrik Blenning Klaussen 2005-07-23 03:21:53 UTC
Comment on attachment 64091 [details]

Just given a more descriptive name
Comment 19 Martin Wegner 2005-07-25 04:04:46 UTC
Again I have to criticize as in bug #97707 : This bug was reported on July 13th
and the failing ebuild was not masked until yesterday. I think ebuilds that fail
so clearly shall be masked until a solution is available to prevent them from
breaking world updates for weeks or am I wrong?
Comment 20 Jakub Moc (RETIRED) gentoo-dev 2005-07-26 15:04:01 UTC
*** Bug 100408 has been marked as a duplicate of this bug. ***
Comment 21 Dennis Schridde 2005-08-15 15:06:27 UTC
This bug exists since a month and till now there is no fix, neither is the 
ebuild masked... 
Is somebody working on it? 
Comment 22 Chris T. Purcell 2005-08-17 18:57:45 UTC
(In reply to comment #0)
> Emerging media-libs/libcaca-0.9-r1 yields a number of access violations. The
> history shows a number of lines of the following form:

I re-emerged tetex and sandbox, then libcaca and everything worked fine.
It appears that sandbox may have been the culprit the entire time.
Comment 23 Jordi Vilalta 2005-08-19 06:11:16 UTC
Chris' solution also worked for me. Maybe clean installs are now safe.
Comment 24 Dennis Schridde 2005-08-19 07:06:30 UTC
For me it did _not_ work. 
I did the following: 
# emerge --oneshot tetex sandbox libdvdcss 
These are the packages that I did merge: 
app-text/tetex-3.0-r2  +X -Xaw3d +doc -lesstif -motif -neXt 
media-libs/libdvdcss-1.2.9  +doc -static 
Comment 25 Ivan Yosifov 2005-08-19 07:30:25 UTC
To even the score: It did _not_ work for me neither.
I did an "emerge sandbox tetex libdvdcss".

[ebuild   R   ] sys-apps/sandbox-1.2.12  0 kB
[ebuild   R   ] app-text/tetex-3.0-r2  +X -Xaw3d +doc -lesstif +motif -neXt 0 kB
[ebuild     U ] media-libs/libdvdcss-1.2.9 [1.2.8] +doc -static 0 kB
Comment 26 Dennis Schridde 2005-08-19 07:51:32 UTC
More info: 
Writing index file refman.idx  
No file refman.aux.  
(/usr/share/texmf/tex/latex/base/ts1cmr.fd)kpathsea: Running mktextfm ecrm1440  
mktextfm: Running mf-nowin -progname=mf \mode:=ljfour; mag:=1; nonstopmode;  
input ecrm1440  
This is METAFONT, Version 2.71828 (Web2C 7.5.4)  
kpathsea: Running mktexmf ecrm1440  
ACCESS DENIED  open_wr:   /var/cache/fonts/source/jknappen/ec/mf10598.tmp  
/usr/bin/mktexmf: line 92: mf10598.tmp: Permission denied  
chmod: cannot access `mf10598.tmp': No such file or directory  
ACCESS DENIED  unlink:    /var/cache/fonts/source/jknappen/ec/  
rm: cannot remove `': Permission denied  
mv: cannot stat `mf10598.tmp': No such file or directory  
mktexmf: /var/cache/fonts/source/jknappen/ec/ successfully  
/var/lib/texmf/web2c/mktexupd: /var/cache/fonts/source/jknappen/ec/  
not a file.  
warning: kpathsea: mktexpk output  
`/var/cache/fonts/source/jknappen/ec/' instead of a filename.  
Comment 27 Ulrich Müller gentoo-dev 2005-08-22 10:38:39 UTC
Concerning libdvdcss (in reply to comment #13 and comment #17):

Why don't you just add the following line to src_compile (see attachment):
    use doc && addwrite /var/cache/fonts

This will allow TeX to cache its fonts without causing a sandbox violation.
Comment 28 Ulrich Müller gentoo-dev 2005-08-22 10:39:45 UTC
Created attachment 66572 [details, diff]
Proposed patch for libdvdcss-1.2.9.ebuild
Comment 29 Ed Catmur 2005-08-22 10:48:45 UTC

works without breaking sandbox.
Comment 30 Jamie Saker 2005-08-29 08:21:33 UTC
(In reply to comment #25)

Didn't work for me either...

Comment 31 Martin von Gagern 2005-08-30 07:17:07 UTC
As in comment #12: libdvdss works for me now.

There are a lot of font caching documentation bugs around I believe. Maybe there
should be some tracker? So far I've always modified the ebuild to grant write
access to the cache. This time I tried the environment variables. The benifit is
that this is only one setting that should work for all those issues. On the
other hand, granting write access would make use of the fonts cache and so
prevent building unneccessary fonts. I dont know if this is the right thing for
everybody, though, as there might be security implications.
Comment 32 Jamie Saker 2005-08-31 13:45:02 UTC
(In reply to comment #31)
> As in comment #12: libdvdss works for me now.

Per comment #12, I've created /etc/portage/bashrc as specified and chown'ed it
to portage:portage. Still no go. I get a slew of errors:

ACCESS DENIED  open_wr:   /usr/lib/graphviz/config
Error: failed to open /usr/lib/graphviz/config for write.

and then we do some more config until we get "Underfull \hbox (badness 10000)"
(sic) garbage (useful debug message not). Finally it dies with the following:

--------------------------- ACCESS VIOLATION SUMMARY ---------------------------
LOG FILE = "/var/log/sandbox/sandbox-app-doc_-_doxygen-1.4.3-r1-1838.log"

open_wr:   /usr/lib/graphviz/config
(followed by two pages of this)

Interestingly, there is no /usr/lib/graphviz/config file.


Comment 33 Martin von Gagern 2005-09-01 00:59:16 UTC
(in reply to comment #32)
The problem you describe is bug #101337. As I executed "dot -V" the other day in
following bug #101337 comment #2, I got no graphviz problems. But graphviz-2.6
seem to be available now, and according to #101337 comment #19, this might solve
the issue as well. Your decision if you want to wait for a graphviz version bump
in portage or just call "dot -V" right now.
Comment 34 Martin Wegner 2005-09-14 03:52:16 UTC
libcaca-0.9-r1 compiled here in the meantime, libdvdcss-1.2.9 still fails .
"emerge --oneshot tetex sandbox" did not help.

# emerge info
Portage 2.0.52-r1 (default-linux/x86/2005.0, gcc-3.4.4, glibc-2.3.5-r1,
2.6.13-mw i686)
System uname: 2.6.13-mw i686 AMD Athlon(tm) XP 3200+
Gentoo Base System version 1.12.0_pre8
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
ccache version 2.4 [disabled]
dev-lang/python:     2.2.3-r6, 2.3.5, 2.4.1-r1
sys-apps/sandbox:    1.2.13
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.20
virtual/os-headers:  2.6.11-r2
CFLAGS="-march=athlon-xp -O3 -pipe -mmmx -msse -m3dnow -mfpmath=sse -ftracer"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.2/share/config
/usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown
/usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown
/usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref
/usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/texmf/web2c /etc/env.d"
CXXFLAGS="-march=athlon-xp -O3 -pipe -mmmx -msse -m3dnow -mfpmath=sse -ftracer"
FEATURES="autoconfig candy distlocks sandbox sfperms strict"
USE="x86 3dnow 3dnowext X Xaw3d aac aalib acl alsa apache2 apm avi
bash-completion berkdb bitmap-fonts bonobo browserplugin bzip2 bzlib cdparanoia
cdr cli crypt cups curl dba dedicated dga directfb divx4linux doc dvd dvdr eds
emboss encode escreen exif fam fbcon firefox flac foomaticdb ftp gd gdbm gif
gimpprint gnome gstreamer gtk gtk2 gtkhtml i8x0 imagemagick imap imlib
insecure-savers ipppd ipv6 java jpeg jpeg2k libcaca libg++ libwww mad maildir
mmx mmxext motif mozdevelop mozilla mozsvg mp3 mpeg mysql ncurses nls no-htdocs
offensive ogg oggvorbis opengl oss pam pcre pdflib pear perl png postfix python
quicktime readline real rtc ruby samba sasl sdl session silverxp slang spell sse
ssl stencil-buffer svg svga tcltk tcpd tetex theora tiff truetype truetype-fonts
type1-fonts usb userlocales vim-with-x visualization vorbis win32codecs wmf
xanim xchattext xine xml xml2 xmms xprint xsl xv xvid zlib video_cards_radeon
userland_GNU kernel_linux elibc_glibc"
Comment 35 Chris Torske 2005-09-30 17:46:51 UTC
The libdvdcss-1.2.9 still fails to compile, on a ~AMD64.  Using the export in
#29 before compiling also doesn't work for me.  However, adding addwrite
/var/cache/fonts to the abuild does work for me.
Comment 36 Diego Elio Pettenò (RETIRED) gentoo-dev 2005-11-03 16:39:15 UTC
Hopefully this is fixed, tell me if it's still a problem again.