Emerging net-im/signal-desktop-bin-1.29.0 failed with this sandbox violation: >>> Install net-im/signal-desktop-bin-1.29.0 into /var/tmp/portage/net-im/signal-desktop-bin-1.29.0/image * XATTR_PAX marking -m opt/Signal/signal-desktop with paxctl-ng * XATTR_PAX marking -m /opt/Signal/chrome-sandbox with paxctl-ng * ACCESS DENIED: open_wr: /opt/Signal/chrome-sandbox >>> Completed installing net-im/signal-desktop-bin-1.29.0 into /var/tmp/portage/net-im/signal-desktop-bin-1.29.0/image * Final size of build directory: 257356 KiB (251.3 MiB) * Final size of installed tree: 256840 KiB (250.8 MiB) * --------------------------- ACCESS VIOLATION SUMMARY --------------------------- * LOG FILE: "/var/log/sandbox/sandbox-4.log" * VERSION 1.0 FORMAT: F - Function called FORMAT: S - Access Status FORMAT: P - Path as passed to function FORMAT: A - Absolute Path (not canonical) FORMAT: R - Canonical Path FORMAT: C - Command Line F: open_wr S: deny P: /opt/Signal/chrome-sandbox A: /opt/Signal/chrome-sandbox R: /opt/Signal/chrome-sandbox C: paxctl-ng -l -m /opt/Signal/chrome-sandbox * -------------------------------------------------------------------------------- This looks to be because the ebuild contains a call to the pax-mark helper using an absolute path: pax-mark m opt/Signal/signal-desktop /opt/Signal/chrome-sandbox pax-mark wants relative paths, which is what older versions of signal-desktop-bin used and which worked, see e.g. https://github.com/gentoo/gentoo/commit/723794cd7c1a1bd0c6638dafe762207714935f63#diff-72e391783034f102d58df03273f556b1R53 Reproducible: Always Portage 2.3.81 (python 3.6.9-final-0, default/linux/amd64/17.1/hardened, gcc-9.2.0, glibc-2.30-r3, 5.4.2-gentoo x86_64) ================================================================= System Settings ================================================================= System uname: Linux-5.4.2-gentoo-x86_64-Intel-R-_Core-TM-_i7-2620M_CPU_@_2.70GHz-with-gentoo-2.6 KiB Mem: 16334164 total, 8283588 free KiB Swap: 16777212 total, 16777212 free Timestamp of repository gentoo: Mon, 09 Dec 2019 04:45:01 +0000 Head commit of repository gentoo: ce40dac7505118d5fcff820d21e338b571ab79ed Head commit of repository creideiki: c5fa426fec43da5cd5166376d6aecf5f9f85b667 sh bash 5.0_p11 ld GNU ld (Gentoo 2.32 p2) 2.32.0 app-shells/bash: 5.0_p11::gentoo dev-java/java-config: 2.2.0-r4::gentoo dev-lang/perl: 5.30.1::gentoo dev-lang/python: 2.7.17::gentoo, 3.6.9::gentoo, 3.7.5-r1::gentoo, 3.8.0::gentoo dev-util/cmake: 3.16.0::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.6-r1::gentoo sys-apps/openrc: 0.42.1::gentoo sys-apps/sandbox: 2.18::gentoo sys-devel/autoconf: 2.13-r1::gentoo, 2.69-r5::gentoo sys-devel/automake: 1.13.4-r2::gentoo, 1.16.1-r2::gentoo sys-devel/binutils: 2.32-r1::gentoo, 2.33.1::gentoo sys-devel/gcc: 9.2.0-r2::gentoo sys-devel/gcc-config: 2.1::gentoo sys-devel/libtool: 2.4.6-r5::gentoo sys-devel/make: 4.2.1-r4::gentoo sys-kernel/linux-headers: 5.4::gentoo (virtual/os-headers) sys-libs/glibc: 2.30-r3::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://rsync.europe.gentoo.org/gentoo-portage priority: -1000 sync-rsync-verify-metamanifest: yes sync-rsync-verify-max-age: 24 sync-rsync-verify-jobs: 1 sync-rsync-extra-opts: --timeout=10 creideiki location: /usr/local/portage sync-type: git sync-uri: https://github.com/creideiki/portage masters: gentoo rion location: /var/lib/layman/rion masters: gentoo priority: 50 seden location: /var/lib/layman/seden masters: gentoo priority: 50 steam-overlay location: /var/lib/layman/steam-overlay masters: gentoo priority: 50 torbrowser location: /var/lib/layman/torbrowser masters: gentoo priority: 50 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="@FREE" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--alphabetical --keep-going --quiet-build=n --verbose-conflicts" ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch parallel-install pid-sandbox preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://mirror.mdfnet.se/gentoo http://gentoo.oregonstate.edu http://www.ibiblio.org/pub/Linux/distributions/gentoo http://distfiles.gentoo.org" LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-O1 -Wl,--hash-style=gnu -Wl,--enable-new-dtags" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_EXTRA_OPTS="--timeout=10" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="X acl alsa amd64 bzip2 cairo consolekit crypt cups cxx dbus dri dri3 egl flac fontconfig gif glamor hardened iconv ipv6 jpeg kde libtirpc lm-sensors mp3 multilib ncurses nls nptl ogg opengl openmp pam pcre pie png policykit qt3support qt5 readline seccomp split-usr ssl ssp tiff truetype udisks unicode upower vaapi vorbis xattr xcb xkb xtpax zlib" ABI_X86="64" ADA_TARGET="gnat_2018" ALSA_CARDS="hda-intel" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" CAMERAS="canon" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="pc" INPUT_DEVICES="evdev wacom libinput" KERNEL="linux" L10N="en en-US en-GB sv sv-SE" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" NETBEANS_MODULES="apisupport cnd groovy gsf harness ide identity j2ee java mobility nb php profiler soa visualweb webcommon websvccommon xml" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-2" POSTGRES_TARGETS="postgres10 postgres11" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python2_7 python3_6 python3_7 python3_8" QEMU_SOFTMMU_TARGETS="i386 x86_64" RUBY_TARGETS="ruby26" SANE_BACKENDS="hp" USERLAND="GNU" VIDEO_CARDS="intel i965" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS ================================================================= Package Settings ================================================================= net-im/signal-desktop-bin-1.28.0::gentoo was built with the following: USE="" ABI_X86="(64)"
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84262603c3ed5a0e2c5367544de7851060c1c9f8 commit 84262603c3ed5a0e2c5367544de7851060c1c9f8 Author: Robert Siebeck <gentoo.2019@r123.de> AuthorDate: 2019-12-10 09:13:55 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2019-12-10 17:25:29 +0000 net-im/signal-desktop-bin: replace absolute paths for pax-mark Closes: https://bugs.gentoo.org/702386 Signed-off-by: Robert Siebeck <gentoo.2019@r123.de> Closes: https://github.com/gentoo/gentoo/pull/13934 Signed-off-by: Joonas Niilola <juippis@gentoo.org> net-im/signal-desktop-bin/signal-desktop-bin-1.29.0.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
