Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 371997 - net-firewall/xtables-addons-1.36 sandbox violation
Summary: net-firewall/xtables-addons-1.36 sandbox violation
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Peter Volkov (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-06-17 08:42 UTC by Marcin Mirosław
Modified: 2011-06-20 12:28 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
build.log (build.log,26.03 KB, text/plain)
2011-06-17 08:45 UTC, Marcin Mirosław 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcin Mirosław 2011-06-17 08:42:16 UTC 
[...]
checking for libmnl... yes
checking Xtables module directory... /lib/xtables
checking kernel version that we will build against... ACCESS DENIED  unlinkat:     /usr/src/linux-2.6.36-hardened-r9/.10591.tmp
rm: cannot remove `./.10591.tmp': Permission denied
ACCESS DENIED  unlinkat:     /usr/src/linux-2.6.36-hardened-r9/.10591.o
rm: cannot remove `./.10591.o': Permission denied
ACCESS DENIED  unlinkat:     /usr/src/linux-2.6.36-hardened-r9/.10596.tmp
[...]

Reproducible: Always




# emerge --info
FEATURES variable contains unknown value(s): Xtest, Xuserpriv, Xusersandbox
Portage 2.1.9.42 (hardened/linux/x86, gcc-4.5.2, libc-0-r0, 2.6.36-hardened-r9 i686)
=================================================================
System uname: Linux-2.6.36-hardened-r9-i686-Pentium-R-_Dual-Core_CPU_E6300_@_2.80GHz-with-gentoo-2.0.2
Timestamp of tree: Fri, 17 Jun 2011 07:30:01 +0000
ccache version 3.1.5 [enabled]
app-shells/bash:     4.1_p9
dev-lang/python:     2.7.1-r1, 3.1.3-r1
dev-util/ccache:     3.1.5
dev-util/cmake:      2.8.4-r1
sys-apps/baselayout: 2.0.2
sys-apps/openrc:     0.8.2-r1
sys-apps/sandbox:    2.4
sys-devel/autoconf:  2.65-r1
sys-devel/automake:  1.10.3, 1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.4.5, 4.5.2
sys-devel/gcc-config: 1.4.1-r1
sys-devel/libtool:   2.2.10
sys-devel/make:      3.82
sys-kernel/linux-headers: 2.6.36.1
sys-libs/glibc:      2.12.2
virtual/os-headers:  0
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE="* -@EULA"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=native -mfpmath=sse -pipe    -fprefetch-loop-arrays -fpeel-loops     -fgraphite-identity -floop-interchange -floop-block -floop-strip-mine -fira-lo
op-pressure     -fpredictive-commoning -freorder-blocks-and-partition -ftracer -ftree-loop-distribution -ftree-vectorize        --param l2-cache-size=1024 --param l1-
cache-size=16 --param l1-cache-line-size=16 -ggdb"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /usr/share/openvpn/easy-rsa /var/bind"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-act
ive/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -march=native -mfpmath=sse -pipe  -fprefetch-loop-arrays -fpeel-loops     -fgraphite-identity -floop-interchange -floop-block -floop-strip-mine -fira-lo
op-pressure     -fpredictive-commoning -freorder-blocks-and-partition -ftracer -ftree-loop-distribution -ftree-vectorize        --param l2-cache-size=1024 --param l1-
cache-size=16 --param l1-cache-line-size=16 -ggdb"
DISTDIR="/usr/portage/distfiles"
FEATURES="Xtest Xuserpriv Xusersandbox assume-digests binpkg-logs ccache collision-protect distlocks fail-clean fixlafiles fixpackages news parallel-fetch protect-own
ed sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
FFLAGS=""
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="pl"
LC_ALL="pl_PL.utf-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="pl en"
MAKEOPTS="-j1"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_EXTRA_OPTS="-6 -y -O --delete-after"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/lo
cal --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/layman/sunrise /usr/portage/local/layman/science /usr/portage/local/layman/sping /usr/portage/local/layman/steev /usr/portage/loca
l/layman/gnustep /usr/portage/local/layman/mgorny /usr/portage/local /usr/local/portage/miro/staging /usr/local/portage/miro/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="acl acpi adns aio apache2 bash-completion bcmath bzip2 caps chroot clamav clamdtop cli cracklib crypt curl custom-cflags cxx dkim dri dsn enscript exiscan exisca
n-acl fastcgi force-cgi-redirect glibc-omitfp graphite hardened iconv idn imap iproute2 ipv6 logrotate maildir mmap mmx modules mudflap ncurses network-cron nls nptl 
nptlonly openmp openssl pam pcre pic pppd readline server session slang spell srs sse sse2 sse3 ssl ssse3 subversion suhosin sysfs syslog threads threadsafe tools uni
code urandom vhosts vim vim-pager vim-syntax x86 xattr xorg zip zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug
 ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon auth_digest
 authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user cache cgid dav dav_fs dav_lock dir disk_cache env expire
s ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif status unique_id usertrack vhost_alias" AP
ACHE2_MPMS="prefork" CALLIGRA_FEATURES="braindump flow karbon kexi kpresenter krita tables words" ELIBC="glibc" KERNEL="linux" LINGUAS="pl en" NGINX_MODULES_HTTP="acc
ess browser charset gzip map limit_zone proxy rewrite stub_status" PHP_TARGETS="php5-3" USERLAND="GNU" XTABLES_ADDONS="geoip ipset6 psd sysrq tarpit" 
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS
Comment 1 Marcin Mirosław 2011-06-17 08:45:36 UTC 
Created attachment 277341 [details]
build.log
Comment 2 Peter Volkov (RETIRED) gentoo-dev 2011-06-20 07:09:40 UTC 
Marcin, unfortunately I'm unable to reproduce this bug. Please, try to REPRODUCE this problem. If you are able to reproduce this problem, then try xtables-addons from my overlay and report if this problem was resolved or not. To checkout ebuild from my overlay, run the command:

svn co http://overlays.gentoo.org/svn/dev/pva/net-firewall/xtables-addons

TIA.
Comment 3 Marcin Mirosław 2011-06-20 08:15:12 UTC 
I can reproduce problem both on amd64 and x86.
I've tried ebuild from your overlay, at x86 xtables build correctly (and i guess there will be no problem at amd64).
Comment 4 Peter Volkov (RETIRED) gentoo-dev 2011-06-20 08:25:40 UTC 
Thank you! Patches are applied in the tree.
Comment 5 Marcin Mirosław 2011-06-20 09:42:46 UTC 
I've emerged xtables-addons from official tree, still works;)
Thank you for fix.
Comment 6 Peter Volkov (RETIRED) gentoo-dev 2011-06-20 09:51:52 UTC 
Marcin, upstream developer (Jan Engelhardt) committed slightly different patch. I've updated patch in my overlay. Could you, please, emerge xtables-addons with updated patch from my overlya (run snv up or checkout package another time), to double check that we don't break thing with next version bump?
Comment 7 Marcin Mirosław 2011-06-20 12:28:16 UTC 
This time, i've tried on amd64, and package compiles without sandbox violation. New patch works good.
Thanks.