Hello, recently i noticed when i'm using distcc or if i try to set CCACHE_LOGFILE="/var/log/ccache.log", i will be unable to emerge most of the gentoo packages. They end up with a sandbox violation after a successful compilation. Also FEATURES="-distcc -ccache" doesn't help. distcc stays activated. distccd is working on an different architecture (x86_64) as the client (i686). So distccd need to cross compile. I don't think that is related with the violation because it still appended when distcc sent the job locally to localhost, no matter the architecture is. make[1]: quittant le répertoire « /var/tmp/portage/xfce-base/libxfce4util-4.4.1/work/libxfce4util-4.4.1/po » Making install in xfce4-kiosk-query make[1]: entrant dans le répertoire « /var/tmp/portage/xfce-base/libxfce4util-4.4.1/work/libxfce4util-4.4.1/xfce4-kiosk-query » make[2]: entrant dans le répertoire « /var/tmp/portage/xfce-base/libxfce4util-4.4.1/work/libxfce4util-4.4.1/xfce4-kiosk-query » test -z "/usr/sbin" || mkdir -p -- "/var/tmp/portage/xfce-base/libxfce4util-4.4.1/image//usr/sbin" make[2]: Rien à faire pour « install-data-am ». /bin/sh ../libtool --mode=install /usr/bin/install -c 'xfce4-kiosk-query' '/var/tmp/portage/xfce-base/libxfce4util-4.4.1/image//usr/sbin/xfce4-kiosk-query' ACCESS DENIED open_wr: /var/lib/cache/distcc/lock/cpu_localhost_0 distcc[555] (dcc_open_lockfile) ERROR: failed to creat /var/lib/cache/distcc/lock/cpu_localhost_0: Permission denied distcc[555] (dcc_lock_one) ERROR: failed to lock ACCESS DENIED open_wr: /var/lib/cache/distcc/state/binstate_555 distcc[555] (dcc_open_state) ERROR: failed to open /var/lib/cache/distcc/state/binstate_555: Permission denied ACCESS DENIED unlink: /var/lib/cache/distcc/state/binstate_555 distcc[555] (dcc_remove_state_file) Warning: failed to unlink /var/lib/cache/distcc/state/binstate_555: Permission denied ACCESS DENIED open_wr: /var/lib/cache/distcc/lock/cpu_localhost_0 distcc[572] (dcc_open_lockfile) ERROR: failed to creat /var/lib/cache/distcc/lock/cpu_localhost_0: Permission denied distcc[572] (dcc_lock_one) ERROR: failed to lock ACCESS DENIED open_wr: /var/lib/cache/distcc/state/binstate_572 distcc[572] (dcc_open_state) ERROR: failed to open /var/lib/cache/distcc/state/binstate_572: Permission denied ACCESS DENIED unlink: /var/lib/cache/distcc/state/binstate_572 distcc[572] (dcc_remove_state_file) Warning: failed to unlink /var/lib/cache/distcc/state/binstate_572: Permission denied /usr/bin/install -c .libs/xfce4-kiosk-query /var/tmp/portage/xfce-base/libxfce4util-4.4.1/image//usr/sbin/xfce4-kiosk-query make[2]: quittant le répertoire « /var/tmp/portage/xfce-base/libxfce4util-4.4.1/work/libxfce4util-4.4.1/xfce4-kiosk-query » make[1]: quittant le répertoire « /var/tmp/portage/xfce-base/libxfce4util-4.4.1/work/libxfce4util-4.4.1/xfce4-kiosk-query » make[1]: entrant dans le répertoire « /var/tmp/portage/xfce-base/libxfce4util-4.4.1/work/libxfce4util-4.4.1 » make[2]: entrant dans le répertoire « /var/tmp/portage/xfce-base/libxfce4util-4.4.1/work/libxfce4util-4.4.1 » make[2]: Rien à faire pour « install-exec-am ». make[2]: Rien à faire pour « install-data-am ». make[2]: quittant le répertoire « /var/tmp/portage/xfce-base/libxfce4util-4.4.1/work/libxfce4util-4.4.1 » make[1]: quittant le répertoire « /var/tmp/portage/xfce-base/libxfce4util-4.4.1/work/libxfce4util-4.4.1 » >>> Completed installing libxfce4util-4.4.1 into /var/tmp/portage/xfce-base/libxfce4util-4.4.1/image/ --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE = "/var/log/sandbox/sandbox-xfce-base_-_libxfce4util-4.4.1-31584.log" open_wr: /var/lib/cache/distcc/lock/cpu_localhost_0 open_wr: /var/lib/cache/distcc/state/binstate_32336 unlink: /var/lib/cache/distcc/state/binstate_32336 open_wr: /var/lib/cache/distcc/lock/cpu_localhost_0 open_wr: /var/lib/cache/distcc/state/binstate_32374 unlink: /var/lib/cache/distcc/state/binstate_32374 open_wr: /var/lib/cache/distcc/lock/cpu_localhost_0 open_wr: /var/lib/cache/distcc/state/binstate_555 unlink: /var/lib/cache/distcc/state/binstate_555 open_wr: /var/lib/cache/distcc/lock/cpu_localhost_0 open_wr: /var/lib/cache/distcc/state/binstate_572 unlink: /var/lib/cache/distcc/state/binstate_572 -------------------------------------------------------------------------------- The LOG_FILE isn't pertinent, it just repeat the above message. Jj Reproducible: Always Steps to Reproduce: 1.emerge -uDvab world 2. 3. Actual Results: It's okay when i apply FEATURES="-sandbox" to emerge but i don't like that kind of alternative. Also, distcc and ccache are really useful when you have weak computers. Expected Results: It would be great to deny sandbox to control files and/or directories declared in distcc or ccache shell variables. # cat /etc/env.d/11ccache CCACHE_DIR="/var/lib/cache/ccache" CCACHE_LOGFILE="" CCACHE_UMASK=002 CCACHE_PREFIX="distcc" CCACHE_NOLINK="" # cat /etc/env.d/02distcc # This file is managed by distcc-config; use it to change these settings. DISTCC_LOG="" DCCC_PATH="/usr/lib/distcc/bin" DISTCC_VERBOSE="0" DISTCC_DIR="/var/lib/cache/distcc" # ls -l /usr/lib/ccache/bin/ total 0 lrwxrwxrwx 1 root root 40 Apr 12 20:42 c++ -> /usr/local/bin/i686-pc-linux-gnu-wrapper lrwxrwxrwx 1 root root 40 Apr 12 20:42 cc -> /usr/local/bin/i686-pc-linux-gnu-wrapper lrwxrwxrwx 1 root root 40 Apr 12 20:42 g++ -> /usr/local/bin/i686-pc-linux-gnu-wrapper lrwxrwxrwx 1 root root 40 Apr 12 20:42 gcc -> /usr/local/bin/i686-pc-linux-gnu-wrapper lrwxrwxrwx 1 root root 15 Mar 16 22:47 i686-pc-linux-gnu-c++ -> /usr/bin/ccache lrwxrwxrwx 1 root root 15 Apr 12 20:43 i686-pc-linux-gnu-cc -> /usr/bin/ccache lrwxrwxrwx 1 root root 15 Mar 16 22:47 i686-pc-linux-gnu-g++ -> /usr/bin/ccache lrwxrwxrwx 1 root root 15 Mar 16 22:47 i686-pc-linux-gnu-gcc -> /usr/bin/ccache # cat /etc/env.d/02distcc DISTCC_LOG="" DCCC_PATH="/usr/lib/distcc/bin" DISTCC_VERBOSE="0" DISTCC_DIR="/var/lib/cache/distcc"
Created attachment 116106 [details] emerge --info
Try without userpriv or chown the files portage complains about to portage:portage
(In reply to comment #2) > Try without userpriv or chown the files portage complains about to > portage:portage > I did it and it doesn't change anything :( FEATURES="distcc ccache sandbox parallel-fetch userfetch collision-protect" --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE = "/var/log/sandbox/sandbox-xfce-extra_-_xfce4-mixer-4.4.1-4633.log" open_wr: /var/lib/cache/distcc/lock/cpu_localhost_0 # ls -l /var/lib/cache/distcc/lock/cpu_localhost_0 -rw-rw-r-- 1 portage portage 0 Apr 12 21:31 /var/lib/cache/distcc/lock/cpu_localhost_0
(In reply to comment #2) Hello, I have done some more tests and i noticed after removing distcc from FEATURES in /etc/make.conf , FEATURES="ccache userpriv sandbox parallel-fetch userfetch collision-protect", setting the variables to, CCACHE_LOGFILE= CCACHE_DIR=/var/lib/cache/ccache DISTCC_LOG= CCACHE_UMASK=002 DISTCC_DIR=/var/lib/cache/distcc CCACHE_NOLINK= DISTCC_VERBOSE=0 and removing /usr/lib/ccache/bin and /usr/lib/distcc/bin from the PATH, i didn't have the error 111 about distcc loop anymore. Setting CCACHE_PREFIX="distcc" like the author suggest it in his man page make that even worse. Anyway, i continue to get a sandbox violation with xfce4 4.4.1 ebuild about distcc files for example. It is really difficult to deduce something because ebuild processes imbrication is like a black box to me.
Hello, It was definitely CCACHE_PREFIX=distcc that made all the trouble.
(In reply to comment #5) > Hello, > > It was definitely CCACHE_PREFIX=distcc that made all the trouble. > I need also to set manually SANDBOX_WRITE="/var/lib/cache/distcc:${SANDBOX_WRITE}" in /etc/portage/profile/profile.bashrc to get rid of the sandbox violation. It seems like /usr/lib/portage/ebuild.sh never did an addwrite DISTCC_DIR and dyn_compile() (line 1703) was never called or have i missed something ? You should probably add [ ! -z "${DISTCC_DIR}" ] && addwrite "${DISTCC_DIR})" after line 1413 to correct the problem. Please, could a dev have a more precise look at ebuild.sh and confirm the problem ? Thanks, Jj
Seems this is a nonissue now.
(In reply to comment #7) > Seems this is a nonissue now. > Hello, [#if u prefer crabby answer] Why should i always fight so that my bug report will be taken into account. Do you think i report only for the fun or for a silly record ? :( Anyway, you could give me a better answer as just a closed one. I feel i made some efforts to try to understand a code not well documented. I said "try" because it will be easier to just complain about it and that is not what the gentoo community needs. Even if that is a "none issue" report as you said, other people could have a very similar problem and just reading the report will prevent them to do some "unnecessary" checking. Also, i don't see why you leave the bug report as invalid. [#endif crabby answer] [#elseif constructive reply] Anyway there are two problems and i cannot believe they depend only from my own "unsupported" configuration. Please read carefully. 1. CCACHE_PREFIX CCACHE_PREFIX=distcc generates distcc loop errors. ebuild.sh should take account of that, unset the variable or at least warns us about it. It appended because ebuild.sh automatically adds /usr/lib/distcc/bin in PATH. You can try the following example. Supposed you didn't initially set /usr/lib/distcc/bin in your path and distcc isn't declared in FEATURES, then ebuild.sh won't make any changes for distcc. distcc will be called directly from ccache and you get rid of the loop warning. Anyway, there will be some conflicts with sandbox. A workaround, is to set SANDBOX_WRITE="..." in /etc/portage/profile/profile.bashrc. In that case, you won't get sandbox violations again. The benefit of CCACHE_PREFIX is to avoid unnecessary calls to distcc if ccache is able to find the code in its cache directly. If you set manually distcc directory in PATH, you will have a "recursion error" in masquerade mode. distcc is called from ccache directly and will still be found reading PATH. 2. SANDBOX violation If you won't use CCACHE_PREFIX and preferred to set distcc in FEATURES, ebuild.sh will build distcc environment but will forget to add DISTCC_DIR in SANDBOX_WRITE variable. So, you get a sandbox violation again. A solution could be the one exposed in comment #6 [#endif constructive reply] Jj
Wow. This bug is still open? ;-) Anyways, I've been seeing this error and just end-up issuing the following at the command line for the problem packages: # FEATURES="-ccache -distcc" emerge <package name> I'm using =sys-apps/portage-2.2_rc61.
(In reply to comment #9) > Wow. This bug is still open? ;-) > > Anyways, I've been seeing this error and just end-up issuing the following at > the command line for the problem packages: > > # FEATURES="-ccache -distcc" emerge <package name> > > I'm using =sys-apps/portage-2.2_rc61. > I have given up with the ccache/distcc probing thing. Anyway, with FEATURES="-cache distcc" and SANDBOX_WRITE="/var/log/ccache.log:/var/lib/cache/ccache:/var/lib/cache/distcc:/var/log/distcc.log:${SANDBOX_WRITE}" SANDBOX_READ="/var/lib/cache/ccache:${SANDBOX_READ}" distcc still works, even in pump mode. Not quite so well as it should but it works or it let me think so ;) Also SANDBOX_WRITE and SANDBOX_READ are certainly not needed anymore because ccache has been deactivated in FEATURES.
