I get a sandbox violation during xorg-x11-6.8.0-r3 ebuild install on amd64: It seems it tries to access ~/.bash_history during this phase: # cat /tmp/sandbox-x11-base_-_xorg-x11-6.8.0-r3-15023.log open_wr: /root/.bash_history I can post the complete build log if needed. I don't for now as I can see no other valuable info inside... Reproducible: Always Steps to Reproduce: 1. 2. 3. Here are my emerge infos: # emerge --info Portage 2.0.51-r3 (default-linux/amd64/2004.3/lib64, gcc-3.3.3, glibc-2.3.4.20041102-r0, 2.6.10-rc1 x86_64) ================================================================= System uname: 2.6.10-rc1 x86_64 AMD Athlon(tm) 64 Processor 3000+ Gentoo Base System version 1.6.6 ccache version 2.3 [enabled] Autoconf: sys-devel/autoconf-2.59-r5 Automake: sys-devel/automake-1.8.5-r1 Binutils: sys-devel/binutils-2.15.92.0.2-r1 Headers: sys-kernel/linux26-headers-2.6.8.1-r1 Libtools: sys-devel/libtool-1.5.2-r7 ACCEPT_KEYWORDS="amd64 ~amd64" AUTOCLEAN="yes" CFLAGS="-O2 -funroll-loops -pipe -fexpensive-optimizations" CHOST="x86_64-pc-linux-gnu" COMPILER="" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -funroll-loops -pipe -fexpensive-optimizations" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig buildpkg ccache cvs digest sandbox severe strict userpriv usersandbox" GENTOO_MIRRORS="ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://mirrors.sec.informatik.tu-darmstadt.de/gentoo/ http://gentoo.mirror.sdv.fr http://ftp.gentoo.skynet.be/pub/gentoo/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://gentoo.tiscali.nl/gentoo/ http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/ http://ftp.linux.ee/pub/gentoo/distfiles/ http://gentoo.osuosl.org http://www.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j 1" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="amd64 X Xaw3d aalib acl acpi adns aim alsa apache2 apm audiofile avi berkdb bidi bitmap-fonts bonobo caps cdr crypt cscope cups curl dga directfb divx4linux doc dvd dvdr emacs emacs-w3 encode esd evo f77 fam fastcgi fbcon fftw flac fortran gb gd gdbm ggi gif ginac gmp gnome gnutls gphoto2 gpm gps gstreamer gtk gtk2 gtkhtml guile icq imagemagick imap imlib ipv6 jabber jack jp2 jpeg junit ladcca lcms ldap leim libg++ libgda libwww lzw lzw-tiff mad maildir matrox mbox mcal memlimit mikmod motif mozilla mpeg msn multilib nas ncurses netcdf nls odbc offensive oggvorbis opengl oscar oss pam pcre pdflib perl pic plotutils png ppds python quicktime readline ruby sasl scanner sdl slang slp snmp speekx speex ssl svg szip tcltk tcpd tetex theora tiff truetype unicode usb userlocales vhosts videos wmf wxwindows xface xinerama xml xml2 xmms xosd xpm xrandr xv xvid yahoo yaz zlib"
All I can find on this is an emerge --debug log on bug #62589 showing that /root/.bash_history should be in SANDBOX_WRITE. But presumably that's not the case with FEATURES=userpriv. Not sure how to resolve this. Portage guys got some idea?
Hey, I don't want this process to write into my bash history ! This file is used to store interractive root command line history and it would, in my opinion, be absolutelly unsafe to let other processes than interractive root bash shell write into it. The problem may be there: isn't there a interractive bash launched by the install process ? Another way to (badly) solve the problem would be to unset HISTFILE during install...
This isn't a portage problem... It's a very strange build problem.
No direction or new information for this bug. Reopen if it recurrs.
I am experiencing the same on one specific machine, no matter whatever package I am emerging. Now this was strange. I tried using FEATURES="-userpriv" emerge ... but it did not help. Then I tried FEATURES="-*" emerge ... and it worked. Since that, it also works without specifying FEATURES in the environment I guess something has been reset or changed when running with FEATURES="-*". Any ideas?
(In reply to comment #5) > I guess something has been reset or changed when running with FEATURES="-*". > Any ideas? FEATURES="-*" would have disabled both sandbox and and userpriv, so that would have allowed the build have write access to /root/.bash_history. Normally, the value of $HOME is overridden in the ebuild environment so that that only reason something would go for /root is if it's hard coded somewhere in the build system of the package. You can check the /var/db/pkg/*/*/environment.bz2 files to verify that $HOME is correctly set.
Closing time or still valid?
It's either fixed, never was a portage bug or would need more information to be solved.
From time to time I experience this in unpack stage about portage trying to write to my normal users ~/.bash_history. This happens when using sudo as the normal user and also when I su to root before (even there the _users_ history file is accessed). The problem goes away if i remove my ~/.bash_history or change it. Changing means removing a line. What is strange that adding content to the file wont help. So it seems to have nothing to do with the content of the file as it works when removing a random line. Also I do not have FEATURES="userpriv" set. Maybe worth to mention this also happened before the new sandbox-1.6 went stable.
Created attachment 189633 [details] emerge.info
Created attachment 189635 [details] sample ebuild output
Do you have anything in /etc/portage/bashrc? Please attach the environment file from a failed build. It's path relative to the build directory is temp/environment.
Created attachment 189647 [details] environment (In reply to comment #12) > Do you have anything in /etc/portage/bashrc? Please attach the environment file > from a failed build. It's path relative to the build directory is > temp/environment. > No /etc/portage/bashrc. environment file attached.
Created attachment 189659 [details, diff] filter the HISTFILE variable Please try this patch to see if it helps. If it is saved as /tmp/histfile.patch, then it can be applied as follows: patch /usr/lib/portage/pym/portage/__init__.py /tmp/histfile.patch
(In reply to comment #14) > Created an attachment (id=189659) [edit] > filter the HISTFILE variable This is in svn r13403.
(In reply to comment #15) Excluding the histfile stops the sandbox issues. Thanks.
This is fixed in 2.1.6.12 and 2.2_rc32.
