I'm trying to upgrade my libX11 from 1.1.5 to the newest version 1.3.2. I keep getting this error: Making all in specs make[1]: Entering directory `/var/tmp/portage/x11-libs/libX11-1.3.2/work/libX11-1.3.2/specs' Making all in libX11 make[2]: Entering directory `/var/tmp/portage/x11-libs/libX11-1.3.2/work/libX11-1.3.2/specs/libX11' GEN libX11.txt GEN libX11.ps GEN libX11.html GEN libX11.pdf ACCESS DENIED chmod: /var/cache/fontconfig rm libX11.ps make[2]: Leaving directory `/var/tmp/portage/x11-libs/libX11-1.3.2/work/libX11-1.3.2/specs/libX11' Making all in i18n make[2]: Entering directory `/var/tmp/portage/x11-libs/libX11-1.3.2/work/libX11-1.3.2/specs/i18n' [...] >>> Source compiled. --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE "/var/log/sandbox/sandbox-17746.log" VERSION 1.0 FORMAT: F - Function called FORMAT: S - Access Status FORMAT: P - Path as passed to function FORMAT: A - Absolute Path (not canonical) FORMAT: R - Canonical Path FORMAT: C - Command Line F: chmod S: deny P: /var/cache/fontconfig A: /var/cache/fontconfig R: /var/cache/fontconfig C: gs -dSAFER -dCompatibilityLevel=1.4 -q -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sstdout=%stderr -sOutputFile=libX11.pdf -dSAFER -dCompatibilityLevel=1.4 -c .setpdfwrite -f libX11.ps -------------------------------------------------------------------------------- >>> Failed to emerge x11-libs/libX11-1.3.2, Log file: >>> '/var/tmp/portage/x11-libs/libX11-1.3.2/temp/build.log' Reproducible: Always Steps to Reproduce: Seems like the libX11 build process tries to use pdf2ps (frontend for gs) to create a PDF for some documentation, and somehow this chmod's /var/cache/fontconfig outside the sandbox. My app-text/ghostscript-gpl is version 8.70-r1. Portage 2.1.7.1 (default/linux/x86/10.0/desktop, gcc-4.4.2, glibc-2.10.1-r0, 2.6.29.6 i686) ================================================================= System uname: Linux-2.6.29.6-i686-Intel-R-_Pentium-R-_M_processor_2.00GHz-with-gentoo-2.0.1 Timestamp of tree: Wed, 28 Oct 2009 21:45:02 +0000 app-shells/bash: 4.0_p35 dev-java/java-config: 1.3.7, 2.1.9-r1 dev-lang/python: 2.5.2-r6, 2.6.3, 3.1.1-r1 dev-python/pycrypto: 2.0.1-r6 dev-util/cmake: 2.6.4-r2 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.5.2-r1 sys-apps/sandbox: 2.2 sys-devel/autoconf: 2.13, 2.63-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2, 1.11 sys-devel/binutils: 2.20 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.30-r1 ACCEPT_KEYWORDS="x86 ~x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -fomit-frame-pointer -march=pentium-m -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-O2 -fomit-frame-pointer -march=pentium-m -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests candy distlocks fixpackages metadata-transfer news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="ftp://opaque/pub/gentoo http://de-mirror.org/distro/gentoo http://ftp.uni-erlangen.de/mirrors/gentoo" LANG="C" LC_ALL="en_US.ISO8859-1" LDFLAGS="-Wl,-O1" LINGUAS="en de" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/var/tmp/porttree" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="X a52 aac aalib acl acpi alsa aotuv arts asf audiofile avifile bash-completion berkdb bidi branding browserplugin bzip2 cairo caps cddb cdparanoia cdr cli consolekit cracklib crypt cscope cups curl dbus dga dhcp dio directfb divx dri dts dvb dvd dvdr dvdread emboss encode esd evo exif fam fbcon ffmpeg firefox flac ftp gcj gdbm gif gimpprint glut gmedia gmp gpm gs gstreamer gtk gtk2 hal iconv icq imagemagick imap imlib ipv6 isdnlog jabber jpeg kpathsea lame libcaca libnotify libwww logrotate loop-aes lzo mad maildir matroska mbox mikmod mime mmx mmxext mng modules mozsvg mp3 mp4 mpeg mplayer msn mudflap musicbrainz nas ncurses netboot nptl nptlonly nsplugin offensive ogg openal opengl openmp oss pam pcre pdf pdflib perl png pop posix postgres ppds pppd qt3support qt4 quicktime readline realmedia reflection rtc ruby sdl session skey smime sndfile sockets socks5 sox speex spell spl sqlite sse sse2 ssl startup-notification stroke svg svga sysfs tcltk tcpd tetex theora thunar tidy tiff timidity truetype unicode usb userlocales vcd vidix vim-syntax vim-with-x vorbis wifi win32codecs wmf wmp x264 x86 xanim xine xinerama xml xorg xpm xulrunner xv xvid xvmc zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" DVB_CARDS="usb-vp702x usb-vp7045" ELIBC="glibc" INPUT_DEVICES="keyboard mouse synaptics evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en de" USERLAND="GNU" VIDEO_CARDS="fbdev radeon vga vesa" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Could you run the following command and paste the output? qfile /etc/sandbox.d/37fontconfig Thanks
(In reply to comment #1) > Could you run the following command and paste the output? > > qfile /etc/sandbox.d/37fontconfig > > Thanks > I experienced the exact same problem with a machine that hadn't been updated for a while. Turned out I had no file at /etc/sandbox.d/37fontconfig, I looked at the version of media-libs/fontconfig and it turned out I only had version 2.7.1 while the most recent was 2.7.3. After emerging the latest version x11-libs/libX11 emerged fine. Hope this helps. Jelle Nelis
When I discovered this, I was in the process of updating my system after two months without updates. I eventually modified the Makefiles so I could install libX11 without the PDFs, so my system is not any more in the state that can reproduce this bug. The output of qfile /etc/sandbox.d/37fontconfig is: media-libs/fontconfig (/etc/sandbox.d/37fontconfig) From emerge.log I see that just like in Jelle's case, fontconfig was at version 2.7.1 by the time I had this problem (emerge -uD world upgraded it later than libX11). Maybe a dependency requiring a newer fontconfig would fix this. Cheers, Christoph
Because we also assume that users will update their systems with "emerge -DuN world". Fontconfig being a rather low-level dep in the desktop stack, we can't just edit all our ebuilds to force a newer dep. You _should_ fully update your system, not doing so puts at risk of more of these bugs. Thanks
