Created attachment 572766 [details] emerge --info I was working on a custom ebuild for net-vpn/wireguard that requires PROPERTIES="interactive" being enabled. However, everytime I tried to emerge it, it would run into sandbox access violation errors at '__dyn_instprep()' for: (I will attach the build log) F: open_wr S: deny P: /dev/tty1 A: /dev/tty1 R: /dev/tty1 C: /bin/bash -rcfile /usr/share/sandbox/sandbox.bashrc -c /usr/lib/portage/python3.6/misc-functions.sh __dyn_instprep (plus more that follow) I tried: addpredict /dev/tty1 addpredict /dev addwrite /dev/tty1 addwrite /dev None of the above worked. On a whim, I tried an experiment to see if it was my ebuild or not. I added PROPERTIES="interactive" to the official portage: net-vpn/wireguard-0.0.20190406 I also tried something that was much simpler: net-vpn/vtun-3.0.3 Same result for both. In all cases, the same sandbox ACCESS VIOLATION was thrown for /dev/tty1 This leads me to believe there is a regression that would affect all ebuilds that use 'interactive' mode. If I use: FEATURES="-sandbox" emerge ... they will install fine. What I'm seeing in the phase flow is: src_install() ==> [BOOM!] __dyn_instprep() ==> pkg_preinst() I hacked on __dyn_instprep() and added a short-circuit: __dyn_instprep() { __vecho "!!! Got Here !!!" return 0 ... } This pretty much narrowed it down to the spawning of: "/bin/bash -rcfile /usr/share/sandbox/sandbox.bashrc -c /usr/lib/portage/python3.6/misc-functions.sh __dyn_instprep" If you need any more details, please let me know. Thank you for taking a look. -- Terra
Created attachment 572768 [details] (official) net-vpn/wireguard ebuild log
Created attachment 572770 [details] net-vpn/vtun build log
I'm not aware of any portage changes that would have caused this. I see your emerge --info shows sandbox-2.13.
@Zac Do you want me to try other sandbox versions? sandbox-2.13 is latest stable. After encountering this problem, I did go ahead and rebuild sandbox to make sure some unseen lib change caused it. Unfortunately same result.
is this still an issue ? sandbox doesn't have any special handling for tty1 and such nodes (nor should any ebuild hardcode any path like that).
I just tested this again with net-vpn/vtun + PROPERTIES="interactive" and it seems to work fine now. I would say go ahead and close this now, because somewhere between 2019 and now - the problem has resolved itself.
okiedokie. feel free to re-open if it shows up again.