I got this sanbox violation: rename: /opt/netscape/navigator/components/xpti.dat.tmp rename: /opt/netscape/navigator/components/xpti.dat.tmp rename: /opt/netscape/navigator/components/compreg.dat.tmp unlink: /opt/netscape/navigator/update.test open_wr: /root/.gconf/.testing.writeability unlink: /root/.gconf/.testing.writeability open_wr: /root/.gconfd/saved_state chmod: /root/.gnome2_private open_wr: /root/.gconfd/saved_state open_wr: /root/.gconfd/saved_state.tmp Looked a lot like bug 145048, only this is netscape navigator (using an ebuild from bug 186954) instead of a browser from the official portage tree. Still I investigated, to find out what a2ps was doing here. Seems like it would call netscape to try figure out whether that program supports remote commands. I don't particularly like the idea of ebuilds running such programs as root. The whole point of this check seems to provide a likely default configuration. I'm not sure whether this is a wanted feature on gentoo at all; I had supposed that the result of building a package should rely as little on the rest of the installed packages (and on what configure detects) as possible. In that case there would probably be a lot of checks to disable by default.
Created attachment 138728 [details, diff] set COM_netscape to no in ebuild This patch to a2ps-4.13c-r5.ebuild tells configure that there is no netscape available, so it has no cause to run netscape. The corresponding section will end up as commments in the config file, which I would prefer anyway. As netscape is never run, there is probably no reason to predict any access to firefox-specific files. That would need to be tested on different systems, though, especially on those systems that needed these predictions in the first place. So I'll post a comment on bug 145048 pointing here.
Still an issue in app-text/a2ps-4.13c-r6. The patch still applies and works.
Is this still an issue in (upstream) a2ps-4.14?
(In reply to comment #3) > Is this still an issue in (upstream) a2ps-4.14? Had some trouble locating the 4.14 sources, as the HOMEPAGE given in the current ebuild doesn't list that release yet. Maybe http://www.gnu.org/software/a2ps/ should become the official HOMEPAGE of a2ps. Anyway, a grep for COM_netscape in the configure script tells me that this bug here is still an issue with 4.14. Due to patches that won't apply out of the box and other sandbox violations that occur without these patches, I haven't managed to get a clean build of 4.14 here yet. Once you have an ebuild in portage, I'll test that, but I'm very sure that the fix from comment #1 still solves the issue described here as well as the one from bug 145048.
Now that a2ps-4.14 has hit the tree, I actually had netscape start up while emerging a2ps. So I can definitely confirm it's running "netscape" if that binary is in the PATH. The patch still applies to the ebuild.
(In reply to comment #0) > The whole point of this check seems to provide a likely default > configuration. I'm not sure whether this is a wanted feature on gentoo at > all; I had supposed that the result of building a package should rely as > little on the rest of the installed packages (and on what configure detects) > as possible. This is a valid argument; especially the build system should not depend on third-party binaries being present or not in the system. (In reply to comment #5) > Now that a2ps-4.14 has hit the tree, I actually had netscape start up while > emerging a2ps. So I can definitely confirm it's running "netscape" if that > binary is in the PATH. @printing: The fix of comment 1 looks sane to me, any reason why it cannot be applied?
well, obviously no one has looked here yet. Go ahead and apply it..
Fixed in 4.14. No revbump, since it is a build-time issue. Thank you for reporting and for the bugfix.
*** Bug 175846 has been marked as a duplicate of this bug. ***
