That's pretty much it. I have to use FEATURES="-userpriv -usersandbox" for this package to compile. Otherwise, I get this: GROFF_COMMAND_PREFIX=''; export GROFF_COMMAND_PREFIX; GROFF_BIN_PATH=`echo /var/tmp/portage/groff-1.19.1-r2/work/groff-1.19.1/src/roff/groff /var/tmp/portage/groff-1.19.1-r2/work/groff-1.19.1/src/roff/troff /var/tmp/portage/groff-1.19.1-r2/work/groff-1.19.1/src/preproc/pic /var/tmp/portage/groff-1.19.1-r2/work/groff-1.19.1/src/preproc/eqn /var/tmp/portage/groff-1.19.1-r2/work/groff-1.19.1/src/preproc/tbl /var/tmp/portage/groff-1.19.1-r2/work/groff-1.19.1/src/preproc/grn /var/tmp/portage/groff-1.19.1-r2/work/groff-1.19.1/src/preproc/refer /var/tmp/portage/groff-1.19.1-r2/work/groff-1.19.1/src/preproc/soelim /var/tmp/portage/groff-1.19.1-r2/work/groff-1.19.1/src/preproc/html /var/tmp/portage/groff-1.19.1-r2/work/groff-1.19.1/src/devices/grops /var/tmp/portage/groff-1.19.1-r2/work/groff-1.19.1/src/devices/grohtml | sed -e 's| *|:|g'`; export GROFF_BIN_PATH; sed -e "s;@VERSION@;1.19.1;" pic.ms | /var/tmp/portage/groff-1.19.1-r2/work/groff-1.19.1/src/roff/groff/groff -M/var/tmp/portage/groff-1.19.1-r2/work/groff-1.19.1/tmac -M/var/tmp/portage/groff-1.19.1-r2/work/groff-1.19.1/tmac -F/var/tmp/portage/groff-1.19.1-r2/work/groff-1.19.1/font -F/var/tmp/portage/groff-1.19.1-r2/work/groff-1.19.1/font -Upet -ww -Tps -ms -mwww >pic.ps test -f grnexmpl.g || cp ./grnexmpl.g . make[2]: Leaving directory `/var/tmp/portage/groff-1.19.1-r2/work/groff-1.19.1/doc' make[1]: Leaving directory `/var/tmp/portage/groff-1.19.1-r2/work/groff-1.19.1' imake -DUseInstalled -I/usr/lib/X11/config sh: /var/tmp/portage/groff-1.19.1-r2/temp/imakeavcDyW: Permission denied /usr/bin/xmkmf: line 57: 28684 Aborted imake $imake_defines $args I don't know enough about sandbox (can't find any logs either, and it seems to have no docs or config files) to offer any suggestions about fixing this, so I'm just posting this in the hope that someone else can. :) nenene ~ # emerge --info Portage 2.0.54 (hardened/ppc, gcc-3.4.5, glibc-2.3.5-r3, 2.6.14-hardened-r5 ppc) ================================================================= System uname: 2.6.14-hardened-r5 ppc 7400, altivec supported Gentoo Base System version 1.6.14 distcc 2.18.3 powerpc-unknown-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.3 [enabled] dev-lang/python: 2.4.2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="ppc" AUTOCLEAN="yes" CBUILD="powerpc-unknown-linux-gnu" CFLAGS="-O2 -mcpu=G4 -pipe -maltivec -mabi=altivec -mpowerpc-gfxopt" CHOST="powerpc-unknown-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -mcpu=G4 -pipe -maltivec -mabi=altivec -mpowerpc-gfxopt" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig buildpkg ccache distlocks sandbox sfperms strict userpriv usersandbox" GENTOO_MIRRORS="http://mirror.datapipe.net/gentoo ftp://gentoo.mirrors.tds.net/gentoo http://gentoo.mirrors.tds.net/gentoo ftp://gentoo.ccccom.com" LC_ALL="en_US.UTF-8" MAKEOPTS="-j3" PKGDIR="/usr/portage//packages/ppc/" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage/" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="X acl aim alsa altivec arts audiofile berkdb bzip2 bzlib cdr crypt cups curl dlloader dvdr effects ethereal exif expat fam fbcon ffmpeg flac foomaticdb gdbm gif gimp glibc-omitfp glut gmp gpm gstreamer gtk gtk2 gtkhtml hardened icq idn imagemagick imlib jabber java javascript jbig jikes joystick jpeg jpeg2k kde kdexdeltas lcms ldap libwww lzo lzw-tiff mad maildir matroska mng mozsvg mp3 mpeg mplayer musepack musicbrainz ncurses nsplugin ogg oggvorbis opengl oss pam parse-clocks pcre perl pic pie png ppc ppds profile python qt quicktime rage128 readline rtc sasl scanner sdl slang smp speex spell sqlite ssl svg sysfs tcpd tetex tiff truetype ucs2 udev unicode usb userlocales vcd vorbis wmf x264 xine xml2 xosd xv xvid yahoo zlib video_cards_ati128 userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LDFLAGS, LINGUAS
Builds just fine here, userpriv/usersandbox and all...
chances are good your kernel is restricting you
Wow, I wouldn't have thought that would stumble over kernel security, but according to the logs that's exactly what happened: Apr 1 19:20:58 [kernel] grsec: exec of /bin/bash (sh -c /var/tmp/portage/groff-1.19.1-r2/temp/imake4AmBvk ) by /usr/bin/imake[imake:9908] uid/euid:250/250 gid/egid:250/250, parent /usr/bin/imake[imake:13695] uid/euid:250/250 gid/egid:250/250 Apr 1 19:20:58 [kernel] grsec: denied untrusted exec of /var/tmp/portage/groff-1.19.1-r2/temp/imake4AmBvk by /bin/bash[sh:9908] uid/euid:250/250 gid/egid:250/250, parent /usr/bin/imake[imake:13695] uid/euid:250/250 gid/egid:250/250 There are other packages, like xorg, that show similar behavior, probably for the same reason. I'll just change FEATURES temporarily when needed and not worry about it. :)
