see attached build log Reproducible: Always Steps to Reproduce: 1. emerge -av firefox 2. 3. Actual Results: see attached build log Expected Results: not try to write outside of sandbox environment I am trying to build with FEATURES="-sandbox" but that is not really a fix if it does work, ill report if it does go through with this option but I don't feel the issue has been address. I asked in #gentoo and and this was all we could come with because my config seemed fine, here is the output of 'emerge --info firefox':: Portage 2.1.10.15 (default/linux/amd64/10.0, gcc-4.4.5, glibc-2.13-r4, 3.0.4-gentoo x86_64) ================================================================= System Settings ================================================================= System uname: Linux-3.0.4-gentoo-x86_64-Intel-R-_Core-TM-2_Duo_CPU_T6600_@_2.20GHz-with-gentoo-2.0.3 Timestamp of tree: Fri, 09 Sep 2011 23:45:01 +0000 app-shells/bash: 4.2_p10 dev-java/java-config: 2.1.11-r3 dev-lang/python: 2.7.2-r2, 3.1.3-r1, 3.2-r2 dev-util/cmake: 2.8.5-r2 dev-util/pkgconfig: 0.26 sys-apps/baselayout: 2.0.3 sys-apps/openrc: 0.9.2 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.13, 2.68 sys-devel/automake: 1.10.3, 1.11.1-r1 sys-devel/binutils: 2.21.1-r1 sys-devel/gcc: 4.4.5, 4.5.3-r1 sys-devel/gcc-config: 1.4.1-r1 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82-r1 sys-kernel/linux-headers: 2.6.39 (virtual/os-headers) sys-libs/glibc: 2.13-r4 Repositories: gentoo ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="* -@EULA googleearth Oracle-BCLA-JavaSE" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=core2 -mtune=core2 -mssse3 -msse4.1 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=core2 -mtune=core2 -mssse3 -msse4.1 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests binpkg-logs distlocks ebuild-locks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" FFLAGS="" GENTOO_MIRRORS="http://gentoo.osuosl.org/ http://www.gtlib.gatech.edu/pub/gentoo/" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync8.us.gentoo.org/gentoo-portage" USE="3dnow X a52 aac aalib accessibility acl acpi aim alsa amd64 apm apng atm bash-completion bcmath berkdb bluetooth bluray branding bzip2 cairo cdda cddb cdinstall cdparanoia cdr cgi cjk cli cpudetection cracklib crypt css cups curl curlwrappers cvs cxx dbi dbus dga djvu dri dts dv dvd dvdr emerald encode exif expat extras fastcgi fbcon ffmpeg fftw firefox flac fontconfig foomaticdb fortran ftp gd gdbm gif gimp ginac gpm gzip hddtemp iconv ieee1394 imagemagick imap ios ipod ipv6 java javascript joystick jpeg jpeg2k kde lame latex libmpeg2 libwww lm_sensors lock lzma matroska mime mmap mms mmx modules mp3 mp4 mpeg mplayer msn mudflap multilib ncurses networkmanager nls nptl nptlonly nsplugin offensive ogg opengl openmp pam pcmcia pcre pda pdf perl pgo php plasma png ppds pppd python qt3support qt4 quicktime readline samba sasl scanner sdl session smartcard sockets socks5 sound spell sse sse2 ssl ssse3 startup-notification subversion sysfs tcpd theora threads thunar tiff truetype udev unicode usb vcd vorbis wavpack wifi x264 xcb xcomposite xine xinerama xml xorg xscreensaver xv xvid zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="radeon" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Created attachment 286285 [details] some of the build log from this compile, the relevent parts
Actual results:: After firefox compiles and links an automation.py script is executed and tries to make directories in /root/ and gets permission denied due to sandbox being enabled. This causes emerge to fail.
Please attach the full build log, compressed if necessary.
Ok i will have to run emerge firefox again and let it fail so it will take a couple hours for me to get this log up. Unfortunately I did not save the full build log from before and started emerging with FEATURES="-sandbox". I just restarted emerge without this feature so that it will fail. Give me a couple hours to get this log up here. I was hoping that the cut out parts would be enough. My apologies.
Created attachment 286291 [details] Full build log with bz2 compression Had to compress the log because it was 8 MB in plain text. Hope this helps.
Created attachment 286293 [details] Full build log with bz2 compression full build log in bz2 compression. hope this helps.
(In reply to comment #6) > Created attachment 286293 [details] > Full build log with bz2 compression > > full build log in bz2 compression. hope this helps. I find this rather interesting as there is already and addpredict for /root. The temporary solution is to simply disable pgo build. I will dig into the log deeper over next few days.
Obviously this is not a fix but i got it to get past the fail point in the posted build log by making the dir's /root/.gnome2_private /root/.gnome2 and /root/.gnome2/accels myself and chmod 777 to each. Whether it fully compiles is to be seen, just thought I would let you guys know. I will report back on whether it builds completely or not whenever it gets done.
Firefox compiles completely after i made the changes described above.
Does this still happen with 9.0? Please re-sync since I made some changes today to the 9.0 ebuild which is relevant to this problem.
*** Bug 402227 has been marked as a duplicate of this bug. ***
(In reply to comment #10) > Does this still happen with 9.0? Please re-sync since I made some changes today > to the 9.0 ebuild which is relevant to this problem. Yes, it does! Look at this duplicate Bug 402227
I've made another change. Please sync and retry. It should *really* be fixed now.
I still get the same error after resync. Seems like the fix didn't work...
(In reply to comment #14) > I still get the same error after resync. Seems like the fix didn't work... No luck here also...same error.
Same with firefox-10.0.1 : --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE "/var/log/sandbox/sandbox-3035.log" VERSION 1.0 FORMAT: F - Function called FORMAT: S - Access Status FORMAT: P - Path as passed to function FORMAT: A - Absolute Path (not canonical) FORMAT: R - Canonical Path FORMAT: C - Command Line F: open_wr S: deny P: /dev/nvidiactl A: /dev/nvidiactl R: /dev/nvidiactl C: /var/tmp/portage/www-client/firefox-10.0.1/work/mozilla-release/obj-x86_64-unknown-linux-gnu/dist/firefox/firefox-bin -no-remote -profile /var/tmp/portage/www-client/firefox-10.0.1/work/mozilla-release/obj-x86_64-unknown-linux-gnu/_profile/pgo/pgoprofile/ http://localhost:8888/index.html
Confirmed on firefox-11 with +pgo flag >>> Source compiled. --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE "/var/log/sandbox/sandbox-3232.log" VERSION 1.0 FORMAT: F - Function called FORMAT: S - Access Status FORMAT: P - Path as passed to function FORMAT: A - Absolute Path (not canonical) FORMAT: R - Canonical Path FORMAT: C - Command Line F: open_wr S: deny P: /dev/nvidiactl A: /dev/nvidiactl R: /dev/nvidiactl C: /var/tmp/portage/www-client/firefox-11.0/work/mozilla-release/obj-i686-pc-linux-gnu/dist/firefox/firefox-bin -no-remote -profile /var/tmp/portage/www-client/firefox-11.0/work/mozilla-release/obj-i686-pc-linux-gnu/_profile/pgo/pgoprofile/ http://localhost:8888/index.html --------------------------------------------------------------------------------
*** Bug 408573 has been marked as a duplicate of this bug. ***
Created attachment 306683 [details, diff] insert "addpredict /dev/nvidiactl" to avoid sandbox violation failure
--------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE "/var/log/sandbox/sandbox-1729.log" VERSION 1.0 FORMAT: F - Function called FORMAT: S - Access Status FORMAT: P - Path as passed to function FORMAT: A - Absolute Path (not canonical) FORMAT: R - Canonical Path FORMAT: C - Command Line F: open_wr S: deny P: /dev/nvidiactl A: /dev/nvidiactl R: /dev/nvidiactl C: /var/portagetmp/portage/www-client/firefox-11.0-r1/work/mozilla-release/obj-x86_64-unknown-linux-gnu/dist/firefox/firefox-bin -no-remote -profile /var/portagetmp/portage/www-client/firefox-11.0-r1/work/mozilla-release/obj-x86_64-unknown-linux-gnu/_profile/pgo/pgoprofile/ http://localhost:8888/index.html F: open_wr S: deny P: /dev/nvidiactl A: /dev/nvidiactl R: /dev/nvidiactl C: /var/portagetmp/portage/www-client/firefox-11.0-r1/work/mozilla-release/obj-x86_64-unknown-linux-gnu/dist/firefox/firefox-bin --version --------------------------------------------------------------------------------
Looks like thats all about https://bugs.gentoo.org/show_bug.cgi?id=394715 . Its marked as FIXED, but definitely NOT foxed for me.
From today: >>> Source compiled. --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE "/var/log/sandbox/sandbox-19545.log" VERSION 1.0 FORMAT: F - Function called FORMAT: S - Access Status FORMAT: P - Path as passed to function FORMAT: A - Absolute Path (not canonical) FORMAT: R - Canonical Path FORMAT: C - Command Line F: open_wr S: deny P: /dev/nvidiactl A: /dev/nvidiactl R: /dev/nvidiactl C: /var/tmp/portage/www-client/firefox-11.0-r1/work/mozilla-release/obj-x86_64-unknown-linux-gnu/dist/firefox/firefox-bin -no-remote -profile /var/tmp/portage/www-client/firefox-11.0-r1/work/mozilla-release/obj-x86_64-unknown-linux-gnu/_profile/pgo/pgoprofile/ http://localhost:8888/index.html --------------------------------------------------------------------------------
PGO useflag has been masked until such a time we can properly support it in gentoo. Soon as we can we will unmask and support pgo builds for all users. At this time even upstream is having problems supporting pgo builds in Linux. I will continue to track there upstream to determine when best we can come back and review all pgo build failures. Please ignore resolution we no longer have an option for later.
