I am unable to reproduce this with either sandbox-2.11-r2 (as noted in title) or sandbox-2.10-r2 (as noted in emerge --info) on an otherwise stable amd64 system.  As discussed in #gentoo-dev, it is not clear which version of sandbox Patrick had installed at the time this issue was encountered.  A clear indication of which version was actually in use might help.

Comment 2 SpanKY 2016-03-30 13:41:13 UTC

*** This bug has been marked as a duplicate of bug 578524 ***

Comment 3 Patrick Lauer 2016-04-01 08:55:41 UTC

Not a duplicate.

Comment 4 SpanKY 2016-04-01 20:11:21 UTC

does it happen every time ?  does it only happen when installing sandbox ?  does it fail when you're running sandbox-2.11 ?  do some basic triage here please.

Comment 5 Patrick Lauer 2016-04-02 13:57:52 UTC

(In reply to SpanKY from comment #4)
> does it happen every time ?  does it only happen when installing sandbox ? 
> does it fail when you're running sandbox-2.11 ?  do some basic triage here
> please.

Sandbox-2.11. Happens with every single ebuild I've tried, segfaults when creating WORKDIR.

Comment 6 Patrick Lauer 2016-04-02 13:58:25 UTC

Can we please stop mis-editing things?

Comment 7 SpanKY 2016-04-02 16:30:23 UTC

(In reply to Patrick Lauer from comment #6)

read your own output.  you're *running* sandbox-2.10-r2 but *installing* sandbox-2.11.  hence only the *running* version matters.  if your output is wrong, then stop wasting time and fix it.  and if it is wrong, then you need to upgrade to sandbox-2.11-r2 like the other bugs said because this is a dupe.

Comment 8 Patrick Lauer 2016-04-03 16:11:22 UTC

Asjf EGAR AEWG NEEF SD  ARW 3QRAF

With that being said ...


Excuse me for fixing the issue locally and verifying that it's only sandbox-2.11 affected before filing a bug. Having portage working is so overrated.

I'm getting tired of the games, can you just accept that there is a bug and that ignoring it won't magically fix it?

Comment 9 SpanKY 2016-04-04 05:41:26 UTC

(In reply to Patrick Lauer from comment #8)

the only games being played are you continuing to ignore requests for real details.  prove that (1) you have sandbox-2.11-r2 installed and (2) it continues to crash.

Comment 10 Patrick Lauer 2016-04-04 07:57:24 UTC

So now that my machine is broken on purpose, just for to you find another reason to ignore:

>>> sys-apps/sandbox-2.11-r2 merged.

[snip]

>>> Emerging (1 of 1) app-editors/nano-2.5.3::gentoo
 * nano-2.5.3.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...                                                                                                                                                                                                               [ ok ]
/usr/lib/portage/python2.7/phase-functions.sh: line 234: 26141 Segmentation fault      install -m${PORTAGE_WORKDIR_MODE:-0700} -d "${WORKDIR}"
 * ERROR: app-editors/nano-2.5.3::gentoo failed (unpack phase):
 *   Failed to create dir '/var/tmp/portage/app-editors/nano-2.5.3/work'

dmesg says:
ebuild.sh[26185]: segfault at 7fca170bec18 ip 00007fca114e5906 sp 00007ffef3698960 error 4 in libsandbox.so[7fca114de000+14000]


Portage 2.2.28 (python 2.7.11-final-0, default/linux/amd64/13.0/desktop/kde, gcc-4.9.3, glibc-2.22-r3, 4.4.0-gentoo-r1 x86_64)
=================================================================
System uname: Linux-4.4.0-gentoo-r1-x86_64-Intel-R-_Core-TM-_i7-5600U_CPU_@_2.60GHz-with-gentoo-2.2
KiB Mem:    16125132 total,    562656 free
KiB Swap:          0 total,         0 free
sh bash 4.3_p42-r2
ld GNU ld (Gentoo 2.25.1 p1.1) 2.25.1
app-shells/bash:          4.3_p42-r2::gentoo
dev-java/java-config:     2.2.0-r3::gentoo
dev-lang/perl:            5.22.1::gentoo
dev-lang/python:          2.7.11-r2::gentoo, 3.4.3-r7::gentoo, 3.5.1-r2::gentoo
dev-util/cmake:           3.4.3::gentoo
dev-util/pkgconfig:       0.29.1::gentoo
sys-apps/baselayout:      2.2::gentoo
sys-apps/openrc:          0.20.5::gentoo
sys-apps/sandbox:         2.11-r2::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69-r2::gentoo
sys-devel/automake:       1.11.6-r1::gentoo, 1.12.6-r1::gentoo, 1.13.4::gentoo, 1.14.1-r1::gentoo, 1.15-r2::gentoo
sys-devel/binutils:       2.25.1-r1::gentoo
sys-devel/gcc:            4.9.3::gentoo
sys-devel/gcc-config:     1.8-r1::gentoo
sys-devel/libtool:        2.4.6-r2::gentoo
sys-devel/make:           4.1-r1::gentoo
sys-kernel/linux-headers: 4.5::gentoo (virtual/os-headers)
sys-libs/glibc:           2.22-r3::gentoo
Repositories:

gentoo
    location: /home/patrick/code/gentoo
    sync-type: rsync
    sync-uri: rsync://rsync.gentoo.org/gentoo-portage
    priority: -1000

x-overlay
    location: /home/patrick/code/overlay
    masters: gentoo
    priority: 0

adjust
    location: /home/patrick/code/adjust/gentoo-overlay
    masters: gentoo
    priority: 1

ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=native"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe -march=native"
DISTDIR="/home/patrick/media/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j4"
PKGDIR="/home/patrick/code/gentoo/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="X a52 aac acl acpi alsa amd64 berkdb bluetooth branding bzip2 cairo cdda cdr cli consolekit cracklib crypt cups cxx dbus declarative dri dts dvd dvdr emboss encode exif fam firefox flac fortran gdbm gif glamor gpm iconv icu ipv6 jpeg kde kipi lcms libnotify mad mmx mmxext mng modules mp3 mp4 mpeg multilib ncurses nls nptl ogg opengl openmp pam pango pcre pdf phonon plasma png policykit postgres postproc ppds qt3support qt4 readline sdl seccomp semantic-desktop session spell sqlite sse sse2 ssl startup-notification svg tcpd tiff truetype udev udisks unicode upower usb vaapi vdpau vorbis wxwidgets x264 xattr xcb xcomposite xinerama xml xscreensaver xv xvid zlib" ABI_X86="32 64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 fma3 mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" NGINX_MODULES_HTTP="access auth_basic autoindex browser charset empty_gif fastcgi geo gzip limit_conn limit_req map memcached proxy referer rewrite scgi split_clients ssi upstream_ip_hash userid uwsgi headers_more" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4" RUBY_TARGETS="ruby20 ruby21" USERLAND="GNU" VIDEO_CARDS="intel i965" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON

Comment 11 SpanKY 2016-04-04 17:37:30 UTC

(In reply to Patrick Lauer from comment #10)

you mean now your information is coherent and can actually be investigated instead of being incoherent garbage that wastes people's time

see if install crashes when you run sandbox yourself:
  $ sandbox
  $ rmdir foo
  $ install -m0700 -d foo

if it does, run it through gdb and get a backtrace

(In reply to SpanKY from comment #11)
Running this experiment with sandbox-2.11-r2, I don't even get to the install part. The rmdir part segfaults. In fact, it seems like every command besides shell built-ins segfaults. I can't run any of them from gdb, because that segfaults too. Specifying a command as an argument to sandbox also segfaults. If I run that in gdb, I get something like this:
abe@ganymede ~ $ gdb sandbox
Reading symbols from sandbox...(no debugging symbols found)...done.
(gdb) r ls
Starting program: /usr/bin/sandbox ls
Sandboxed process killed by signal: Segmentation fault

Program received signal SIGSEGV, Segmentation fault.
0x00000037342334f7 in kill () from /lib64/libc.so.6
(gdb) bt
#0  0x00000037342334f7 in kill () from /lib64/libc.so.6
#1  0x0000000000402472 in ?? ()
#2  0x0000003734220720 in __libc_start_main () from /lib64/libc.so.6
#3  0x0000000000402dc9 in ?? ()
(gdb) i r
rax            0x0      0
rbx            0x7ffffffed968   140737488279912
rcx            0x37342334f7     237097923831
rdx            0x0      0
rsi            0xb      11
rdi            0xda5    3493
rbp            0x5      0x5
rsp            0x7ffffffed588   0x7ffffffed588
r8             0x0      0
r9             0x60efe0 6352864
r10            0x8      8
r11            0x206    518
r12            0xb      11
r13            0x7fffffffdaa8   140737488345768
r14            0x7ffffffed970   140737488279920
r15            0x0      0
rip            0x37342334f7     0x37342334f7 <kill+7>
eflags         0x206    [ PF IF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
(gdb) disas kill
Dump of assembler code for function kill:
   0x00000037342334f0 <+0>:     mov    $0x3e,%eax
   0x00000037342334f5 <+5>:     syscall 
=> 0x00000037342334f7 <+7>:     cmp    $0xfffffffffffff001,%rax
   0x00000037342334fd <+13>:    jae    0x3734233500 <kill+16>
   0x00000037342334ff <+15>:    retq   
   0x0000003734233500 <+16>:    mov    0x35f971(%rip),%rcx        # 0x3734592e78
   0x0000003734233507 <+23>:    neg    %eax
   0x0000003734233509 <+25>:    mov    %eax,%fs:(%rcx)
   0x000000373423350c <+28>:    or     $0xffffffffffffffff,%rax
   0x0000003734233510 <+32>:    retq   
End of assembler dump.

I don't have debug symbols set up, so the stack trace is unfortunately incomplete. From looking at objdump of sandbox, I can tell you that 0x402472 is the instruction immediately after a call to kill(), and 0x402dc9 is the instruction immediately after a call to __libc_start_main. Although the arguments may not have been preserved in the registers at this point, the values in rdi and rsi are consistent with the sandbox process (3493) sending SIGSEGV (11) to itself. The assembly dump shows that the first argument is indeed the return value of getpid(). I can't immediately see what the second argument is being set to, but I think 11 would be a reasonable working hypothesis based on the registers.

Based on a cursory glance at the sandbox source, I'm guessing this comes from sandbox.c:346, which would mean that the child bash process got a SIGSEGV.

Each time this happens, I see an entry in dmesg of the following form:
[688438.399352] bash[5117]: segfault at 7ffffe4ef760 ip 00007ffff7da18f6 sp 00007fffffffcfc0 error 4 in libsandbox.so[7ffff7d9a000+14000]
I also see logs like this when something segfaults from within an interactive sandbox session. I haven't determined exactly where all the numbers come from, but a few things jump out:
1. The PID is not the PID of sandbox. Presumably it is of the child shell.
2. The process name is "bash," so it seems like it was the child process bash and not the "grandchild" ls that segfaulted originally.
3. The instruction pointer consistently ends with 0x...8f6 across multiple runs, so this may be part of the offset within libsandbox.so at which the segfault really happens.

I realize that's not exactly a smoking gun. If you want, I can try to get debug symbols set up and gather some more info, although it will be hard if I can't get gdb to run inside sandbox.

Comment 13 SpanKY 2016-11-15 04:29:28 UTC

(In reply to Abe from comment #12)

you need to change gdb's mode:
(gdb) set follow-fork-mode child

can this be re-opened. i don't see a reason why it's resolved needinfo. Also resolved needinfo is an idiotic status. but this is out of this report scope of course.

Comment 15 SpanKY 2016-11-16 15:11:23 UTC

(In reply to Oleg from comment #14)

cut the crap.  it's NEEDINFO because there's still not enough info to address.  Patrick has provided little info (and none to reproduce).  Abe has a bit more, but it stalled.  if you have something useful to contribute, then try doing so.

Comment 16 SpanKY 2016-11-16 22:19:49 UTC

are you guys using prelink ?

nothing related to prelink ever used here.

(In reply to SpanKY from comment #15)
> (In reply to Oleg from comment #14)
> 
> cut the crap.  it's NEEDINFO because there's still not enough info to
but it's not RESOLVED, do you realize?

Comment 19 SpanKY 2016-11-18 18:26:59 UTC

(In reply to Oleg from comment #18)

it is resolved waiting for information.  that's how NEEDINFO works.

Comment 20 Mart Raudsepp 2016-12-05 06:03:18 UTC

I can sort-of reproduce it now. I'm not sure if it's somehow random or what's going on that I couldn't before. However one thing I noticed is that everything is fine if I launch git clones sandbox.sh in some directory and then mkdir right there, but I get a permission denied if I launch it from another dir, cd into that dir as tried before and "mkdir t" in there:

~/gentoo/sandbox/src $ SANDBOX_DEBUG=1 ../src/sandbox.sh 
============================= Gentoo path sandbox ==============================
Detection of the support files.
Verification of the required files.
Setting up the required environment variables.
The protected environment has been started.
--------------------------------------------------------------------------------
Process being started in forked instance.
 * absolute_path: /dev/tty
 * resolved_path: /dev/tty
 * ACCESS ALLOWED:  open_wr:      /dev/tty
 * absolute_path: /etc/passwd
 * resolved_path: /etc/passwd
 * ACCESS ALLOWED:  fopen_rd:     /etc/passwd
 * absolute_path: /etc/bash/bashrc
 * resolved_path: /etc/bash/bashrc
 * ACCESS ALLOWED:  open_rd:      /etc/bash/bashrc
 * absolute_path: /dev/null
 * resolved_path: /dev/null
 * ACCESS ALLOWED:  open_wr:      /dev/null
 * absolute_path: /usr/bin/dircolors
 * resolved_path: /usr/bin/dircolors
 * ACCESS ALLOWED:  execve:       /usr/bin/dircolors
 * absolute_path: /etc/bash/bashrc.d
 * resolved_path: /etc/bash/bashrc.d
 * ACCESS ALLOWED:  opendir:      /etc/bash/bashrc.d
 * absolute_path: /etc/bash/bashrc.d/*
 * resolved_path: /etc/bash/bashrc.d/*
 * ACCESS ALLOWED:  access_rd:    /etc/bash/bashrc.d/*
 * absolute_path: /home/leio/gentoo/sandbox/data/sandbox.bashrc
 * resolved_path: /home/leio/gentoo/sandbox/data/sandbox.bashrc
 * ACCESS ALLOWED:  open_rd:      /home/leio/gentoo/sandbox/data/sandbox.bashrc
 * absolute_path: /root/.ccache
 * resolved_path: /root/.ccache
 * ACCESS PREDICTED:  access_wr:    /root/.ccache
 * absolute_path: /home/leio/.bash_history
 * resolved_path: /home/leio/.bash_history
 * ACCESS ALLOWED:  open_rd:      /home/leio/.bash_history
 * absolute_path: /home/leio/.bash_history
 * resolved_path: /home/leio/.bash_history
 * ACCESS ALLOWED:  chown:        /home/leio/.bash_history
 * absolute_path: /home/leio/.bash_history
 * resolved_path: /home/leio/.bash_history
 * ACCESS ALLOWED:  open_rd:      /home/leio/.bash_history
 * absolute_path: /etc/terminfo/x/xterm-256color
 * resolved_path: /etc/terminfo/x/xterm-256color
 * ACCESS ALLOWED:  access_rd:    /etc/terminfo/x/xterm-256color
 * absolute_path: /usr/share/terminfo/x/xterm-256color
 * resolved_path: /usr/share/terminfo/x/xterm-256color
 * ACCESS ALLOWED:  access_rd:    /usr/share/terminfo/x/xterm-256color
 * absolute_path: /usr/share/terminfo/x/xterm-256color
 * resolved_path: /usr/share/terminfo/x/xterm-256color
 * ACCESS ALLOWED:  fopen_rd:     /usr/share/terminfo/x/xterm-256color
 * absolute_path: /etc/inputrc
 * resolved_path: /etc/inputrc
 * ACCESS ALLOWED:  open_rd:      /etc/inputrc
[s] leio@prometheus ~/gentoo/sandbox/src $ cd ../leio
 * absolute_path: /home/leio/.bash_history
 * resolved_path: /home/leio/.bash_history
 * ACCESS ALLOWED:  open_wr:      /home/leio/.bash_history
 * absolute_path: /home/leio/.bash_history
 * resolved_path: /home/leio/.bash_history
 * ACCESS ALLOWED:  chown:        /home/leio/.bash_history
[s] leio@prometheus ~/gentoo/sandbox/leio $ mkdir t
 * absolute_path: /bin/mkdir
 * resolved_path: /bin/mkdir
 * ACCESS ALLOWED:  execve:       /bin/mkdir
 * absolute_path: /home/leio/gentoo/sandbox/leio/t
 * resolved_path: /home/leio/gentoo/sandbox/leio/t
 * ACCESS PREDICTED:  mkdir:        /home/leio/gentoo/sandbox/leio/t
 * EARLY FAIL: open(/usr/lib64/charset.alias): No such file or directory
mkdir: cannot create directory ‘t’: Permission denied
 * absolute_path: /home/leio/.bash_history
 * resolved_path: /home/leio/.bash_history
 * ACCESS ALLOWED:  open_wr:      /home/leio/.bash_history
 * absolute_path: /home/leio/.bash_history
 * resolved_path: /home/leio/.bash_history
 * ACCESS ALLOWED:  chown:        /home/leio/.bash_history

But when I launch while already in that sandbox/leio path:

~/gentoo/sandbox/leio $ SANDBOX_DEBUG=1 ../src/sandbox.sh 
============================= Gentoo path sandbox ==============================
Detection of the support files.
Verification of the required files.
Setting up the required environment variables.
The protected environment has been started.
--------------------------------------------------------------------------------
Process being started in forked instance.
 * absolute_path: /dev/tty
 * resolved_path: /dev/tty
 * ACCESS ALLOWED:  open_wr:      /dev/tty
 * absolute_path: /etc/passwd
 * resolved_path: /etc/passwd
 * ACCESS ALLOWED:  fopen_rd:     /etc/passwd
 * absolute_path: /etc/bash/bashrc
 * resolved_path: /etc/bash/bashrc
 * ACCESS ALLOWED:  open_rd:      /etc/bash/bashrc
 * absolute_path: /dev/null
 * resolved_path: /dev/null
 * ACCESS ALLOWED:  open_wr:      /dev/null
 * absolute_path: /usr/bin/dircolors
 * resolved_path: /usr/bin/dircolors
 * ACCESS ALLOWED:  execve:       /usr/bin/dircolors
 * absolute_path: /etc/bash/bashrc.d
 * resolved_path: /etc/bash/bashrc.d
 * ACCESS ALLOWED:  opendir:      /etc/bash/bashrc.d
 * absolute_path: /etc/bash/bashrc.d/*
 * resolved_path: /etc/bash/bashrc.d/*
 * ACCESS ALLOWED:  access_rd:    /etc/bash/bashrc.d/*
 * absolute_path: /home/leio/gentoo/sandbox/data/sandbox.bashrc
 * resolved_path: /home/leio/gentoo/sandbox/data/sandbox.bashrc
 * ACCESS ALLOWED:  open_rd:      /home/leio/gentoo/sandbox/data/sandbox.bashrc
 * absolute_path: /root/.ccache
 * resolved_path: /root/.ccache
 * ACCESS PREDICTED:  access_wr:    /root/.ccache
 * absolute_path: /home/leio/.bash_history
 * resolved_path: /home/leio/.bash_history
 * ACCESS ALLOWED:  open_rd:      /home/leio/.bash_history
 * absolute_path: /home/leio/.bash_history
 * resolved_path: /home/leio/.bash_history
 * ACCESS ALLOWED:  chown:        /home/leio/.bash_history
 * absolute_path: /home/leio/.bash_history
 * resolved_path: /home/leio/.bash_history
 * ACCESS ALLOWED:  open_rd:      /home/leio/.bash_history
 * absolute_path: /etc/terminfo/x/xterm-256color
 * resolved_path: /etc/terminfo/x/xterm-256color
 * ACCESS ALLOWED:  access_rd:    /etc/terminfo/x/xterm-256color
 * absolute_path: /usr/share/terminfo/x/xterm-256color
 * resolved_path: /usr/share/terminfo/x/xterm-256color
 * ACCESS ALLOWED:  access_rd:    /usr/share/terminfo/x/xterm-256color
 * absolute_path: /usr/share/terminfo/x/xterm-256color
 * resolved_path: /usr/share/terminfo/x/xterm-256color
 * ACCESS ALLOWED:  fopen_rd:     /usr/share/terminfo/x/xterm-256color
 * absolute_path: /etc/inputrc
 * resolved_path: /etc/inputrc
 * ACCESS ALLOWED:  open_rd:      /etc/inputrc
[s] leio@prometheus ~/gentoo/sandbox/leio $ mkdir t
 * absolute_path: /bin/mkdir
 * resolved_path: /bin/mkdir
 * ACCESS ALLOWED:  execve:       /bin/mkdir
 * absolute_path: /home/leio/gentoo/sandbox/leio/t
 * resolved_path: /home/leio/gentoo/sandbox/leio/t
 * ACCESS ALLOWED:  mkdir:        /home/leio/gentoo/sandbox/leio/t
 * absolute_path: /home/leio/.bash_history
 * resolved_path: /home/leio/.bash_history
 * ACCESS ALLOWED:  open_wr:      /home/leio/.bash_history
 * absolute_path: /home/leio/.bash_history
 * resolved_path: /home/leio/.bash_history
 * ACCESS ALLOWED:  chown:        /home/leio/.bash_history


Though not a segfault like for others here, but still seems weird and very wrong. Maybe it acts different due to me being on mostly up to date git with sandbox.sh vs what's in gentoo package tree.
Can't debug further right now, and still waiting for my other fixes to be included anyways, so not very motivated.

Comment 21 Mart Raudsepp 2016-12-05 06:13:19 UTC

When going to 2.11 tag, it's still a bad permission denied when not started from that dir, but no crash. With install -m0700 -d foo I get this when launched from another dir and cd'd first:

[s] leio@prometheus ~/gentoo/sandbox/leio $ install -m0700 -d foo
 * absolute_path: /usr/bin/install
 * resolved_path: /usr/bin/install
 * ACCESS ALLOWED:  execve:       /usr/bin/install
 * absolute_path: /home/leio/gentoo/sandbox/leio/foo
 * resolved_path: /home/leio/gentoo/sandbox/leio/foo
 * ACCESS PREDICTED:  mkdir:        /home/leio/gentoo/sandbox/leio/foo
 * EARLY FAIL: __open_2(foo): No such file or directory
 * EARLY FAIL: open(/usr/lib64/charset.alias): No such file or directory
install: cannot change permissions of ‘foo’: No such file or directory
 * absolute_path: /home/leio/.bash_history
 * resolved_path: /home/leio/.bash_history
 * ACCESS ALLOWED:  open_wr:      /home/leio/.bash_history
 * absolute_path: /home/leio/.bash_history
 * resolved_path: /home/leio/.bash_history
 * ACCESS ALLOWED:  chown:        /home/leio/.bash_history


So same as mkdir, just install is doing the chmod and then failing as the mkdir failed.

Reopening as a similar issue is found. Maybe the segfault vs permission denied is just due to system differences or patches on gentoo tree -r2.

Comment 22 Mart Raudsepp 2016-12-05 06:22:20 UTC

sigh, actually this permission denied error happens to me from a v2.10 tag too, and also from my system sandbox-2.10-r2, so some other thing than what this bug was about, so putting back to NEEDINFO...

Actually my thing is probably just about it not letting me do stuff to parent directory, only where it's launched + subdirs, and because I happened to do cd ../leio this was violated and sandbox caught it.

Sorry for the noise. tl;dr: can't reproduce the mkdir issue either still.

I'm seeing segfaults in x11-themes/adwaita-icon-theme-3.22.0-r1 too, only installed this version of sandbox as the new versions of Chromium require it

emerged successfully
>>> sys-apps/sandbox-2.11-r5
>>> x11-themes/adwaita-icon-theme-3.22.0-r2