I just updated hplip from 3.20.3 to 3.20.6 and got a sandbox violation out of the blue. Looking at other bug reports it seems to me that quite a bit changed in this seemingly little version bump? Reproducible: Always Steps to Reproduce: 1. emerge hplip 2. observe Actual Results: Sandbox violation Expected Results: The package should just merge fine. Relevant piece of sandbox.log: VERSION 1.0 FORMAT: F - Function called FORMAT: S - Access Status FORMAT: P - Path as passed to function FORMAT: A - Absolute Path (not canonical) FORMAT: R - Canonical Path FORMAT: C - Command Line F: symlinkat S: deny P: /usr/lib64/x86_64-linux-gnu/sane/ A: /usr/lib64/x86_64-linux-gnu/sane R: /usr/lib64/sane C: ln -sf /usr/lib64/sane/libsane-hpaio.so /usr/lib64/x86_64-linux-gnu/sane/ F: symlinkat S: deny P: /usr/lib64/x86_64-linux-gnu/sane/ A: /usr/lib64/x86_64-linux-gnu/sane R: /usr/lib64/sane C: ln -sf /usr/lib64/sane/libsane-hpaio.so.1 /usr/lib64/x86_64-linux-gnu/sane/ --- emerge --info: Portage 3.0.4 (python 3.7.8-final-0, default/linux/amd64/17.1/desktop/plasma, gcc-9.3.0, glibc-2.31-r6, 5.4.60-gentoo-richBOOK x86_64) ================================================================= System uname: Linux-5.4.60-gentoo-richBOOK-x86_64-Intel-R-_Core-TM-_i5-2500K_CPU_@_3.30GHz-with-gentoo-2.7 KiB Mem: 16278272 total, 4814752 free KiB Swap: 16777212 total, 16668156 free Timestamp of repository gentoo: Fri, 04 Sep 2020 20:05:27 +0000 Head commit of repository gentoo: 501a0b617411e3d730e8c32583d716c5316a15e5 Head commit of repository chain: 186a3ac253f3e431c5b4c145b0e345dbb1cc0b63 Timestamp of repository dotnet: Wed, 02 Sep 2020 11:06:34 +0000 Head commit of repository dotnet: a3826f569466c130dec457920e110fe0df3d2096 Head commit of repository tlp: ced908095a1bafc1af3583efc4a24b39e2ab8c12 sh bash 5.0_p18 ld GNU ld (Gentoo 2.33.1 p2) 2.33.1 app-shells/bash: 5.0_p18::gentoo dev-java/java-config: 2.3.1::gentoo dev-lang/perl: 5.30.3::gentoo dev-lang/python: 2.7.18-r1::gentoo, 3.7.8-r2::gentoo, 3.8.5::gentoo dev-util/cmake: 3.16.5::gentoo sys-apps/baselayout: 2.7::gentoo sys-apps/openrc: 0.42.1::gentoo sys-apps/sandbox: 2.18::gentoo sys-devel/autoconf: 2.13-r1::gentoo, 2.69-r5::gentoo sys-devel/automake: 1.13.4-r2::gentoo, 1.16.1-r1::gentoo sys-devel/binutils: 2.33.1-r1::gentoo sys-devel/gcc: 9.3.0-r1::gentoo sys-devel/gcc-config: 2.3.1::gentoo sys-devel/libtool: 2.4.6-r6::gentoo sys-devel/make: 4.2.1-r4::gentoo sys-kernel/linux-headers: 5.4-r1::gentoo (virtual/os-headers) sys-libs/glibc: 2.31-r6::gentoo Repositories: gentoo location: /var/db/repos/gentoo sync-type: git sync-uri: https://github.com/gentoo-mirror/gentoo.git priority: -1000 chain location: /var/db/repos/chain sync-type: git sync-uri: https://chain@git.rpgfiction.net/portage-overlay.git masters: gentoo dotnet location: /var/db/repos/dotnet sync-type: git sync-uri: https://github.com/gentoo-mirror/dotnet.git masters: gentoo tlp location: /var/db/repos/tlp sync-type: git sync-uri: git://github.com/dywisor/tlp-portage.git masters: gentoo crossdev location: /var/db/repos/portage-crossdev masters: gentoo priority: 10 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="@FREE" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php7.4/ext-active/ /etc/php/cgi-php7.4/ext-active/ /etc/php/cli-php7.4/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/var/cache/distfiles" EMERGE_DEFAULT_OPTS="--quiet-build=y" ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs candy clean-logs config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms split-log strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://distfiles.gentoo.org" LANG="de_AT.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="de" MAKEOPTS="-j4" PKGDIR="/var/cache/binpkgs" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/tmp" USE="X a52 aac acl acpi activities alsa amd64 berkdb bluetooth bluray bzip2 cairo cdda cdr cli crypt cups dbus declarative dri dts dvd dvdr elogind emboss encode exif flac fortran gdbm gif gpm gui iconv icu ipv6 jack jpeg kde kipi kwallet lcms libglvnd libnotify libtirpc mad minimal mng mp3 mp4 mpeg multilib ncurses netboot networkmanager nls nocd nptl ogg opengl openmp pam pango pcre pdf phonon plasma png policykit ppds pulseaudio qml qt5 readline sdl seccomp smp split-usr sse3 ssl ssse3 startup-notification svg tcpd threads tiff truetype udev udisks unicode upower usb vaapi vorbis wayland widgets wifi wxwidgets x264 xattr xcb xinerama xml xv xvid xvmc zlib" ABI_X86="64" ADA_TARGET="gnat_2018" ALSA_CARDS="hda-intel" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev synaptics void wacom" KERNEL="linux" L10N="de" LCD_DEVICES="serialpos" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-2 php7-3 php7-4" POSTGRES_TARGETS="postgres10 postgres11" PYTHON_SINGLE_TARGET="python3_7" PYTHON_TARGETS="python3_7" QEMU_SOFTMMU_TARGETS="arm i386 x86_64" QEMU_USER_TARGETS="arm i386 x86_64" RUBY_TARGETS="ruby25" USERLAND="GNU" VIDEO_CARDS="intel i965" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Created attachment 658414 [details] build log
I can not reproduce this error! It looks like you have a directory /usr/lib64/x86_64-linux-gnu/sane/ which I don't have. Can you check if this is the case and if yes to which packages it belongs.
(In reply to Daniel Pielmeier from comment #2) > I can not reproduce this error! > It looks like you have a directory /usr/lib64/x86_64-linux-gnu/sane/ which I > don't have. Can you check if this is the case and if yes to which packages > it belongs. Sure can do! A simple ls gives me a lot of files, all with the same timestamp. # equery b /usr/lib64/x86_64-linux-gnu/sane/ * Searching for /usr/lib64/x86_64-linux-gnu/sane/ ... media-gfx/sane-backends-1.0.30-r2 (/usr/lib64/sane) net-print/hplip-3.20.3 (/usr/lib64/sane) Which is not really surprising to me, because I have/had another scanner which I used to use. Not anymore, so I could uninstall same-backends for testings sake, but how did it work until now?
(In reply to Richard H. from comment #3) > (In reply to Daniel Pielmeier from comment #2) > > I can not reproduce this error! > > It looks like you have a directory /usr/lib64/x86_64-linux-gnu/sane/ which I > > don't have. Can you check if this is the case and if yes to which packages > > it belongs. > > Sure can do! A simple ls gives me a lot of files, all with the same > timestamp. > > # equery b /usr/lib64/x86_64-linux-gnu/sane/ > * Searching for /usr/lib64/x86_64-linux-gnu/sane/ ... > media-gfx/sane-backends-1.0.30-r2 (/usr/lib64/sane) > net-print/hplip-3.20.3 (/usr/lib64/sane) > > Which is not really surprising to me, because I have/had another scanner > which I used to use. Not anymore, so I could uninstall same-backends for > testings sake, but how did it work until now? Is /usr/lib64/x86_64-linux-gnu/sane/ a link to /usr/lib64/sane or /usr/lib64/x86_64-linux-gnu/ to /usr/lib64?
Wait a moment. /usr/lib64/x86_64-linux-gnu is a symlink to /usr/lib64 on my machine. Do you have that one as well? It's from 2014, so it looks fishy to me. I don't know where it comes from, equery doesn't show anything. Just saw your comment. As it stands, the symlink would overwrite itself I guess. Is that right?
(In reply to Richard H. from comment #5) > Wait a moment. > > /usr/lib64/x86_64-linux-gnu is a symlink to /usr/lib64 on my machine. Do you > have that one as well? It's from 2014, so it looks fishy to me. > > I don't know where it comes from, equery doesn't show anything. > > Just saw your comment. > > > As it stands, the symlink would overwrite itself I guess. Is that right? I don't have it. Looks indeed fishy. Pretty sure it is some leftovers from some non portage operations/stuff. I am not 100% sure if it is save to remove but if you know how to recover from a potential non-booting system you can give it a try. The problem is it tries to execute the following command: ln -sf /usr/lib64/sane/libsane-hpaio.so /usr/lib64/x86_64-linux-gnu/sane/ this is essentially ln -sf /usr/lib64/sane/libsane-hpaio.so /usr/lib64/sane/ due to the symlink. As this directory exists on the live system the sandbox trigger an error.
(In reply to Daniel Pielmeier from comment #6) > (In reply to Richard H. from comment #5) > > Wait a moment. > > > > /usr/lib64/x86_64-linux-gnu is a symlink to /usr/lib64 on my machine. Do you > > have that one as well? It's from 2014, so it looks fishy to me. > > > > I don't know where it comes from, equery doesn't show anything. > > > > Just saw your comment. > > > > > > As it stands, the symlink would overwrite itself I guess. Is that right? > > I don't have it. Looks indeed fishy. Pretty sure it is some leftovers from > some non portage operations/stuff. I am not 100% sure if it is save to > remove but if you know how to recover from a potential non-booting system > you can give it a try. > > The problem is it tries to execute the following command: > ln -sf /usr/lib64/sane/libsane-hpaio.so /usr/lib64/x86_64-linux-gnu/sane/ > this is essentially > ln -sf /usr/lib64/sane/libsane-hpaio.so /usr/lib64/sane/ > due to the symlink. > > As this directory exists on the live system the sandbox trigger an error. Sorry, it took so long. I wanted and needed to cross-check on my systems. Indeed it is only this one system, which has this symlink. And I am pretty sure where it might have come from. On this system I have installed the plugins/blobs myself in some dark ages where it simply wouldn't work. I needed to create this symlink myself back then. I guess now it is included as well and therefore plugins should also work out of the box. I deleted the symlink and it installed fine now. Sorry for all the noise. Exactly, I just now printed out this very bug LaserJet M1120n MFP (binary plugin needed!). Finally everything just works out of the box. Thank you all for your hard work!
