The nullmailer-1.00 ebuild gets a sandbox violation when it tries to do chmod on the /usr/bin/mailq symlink in the build area. This symlink properly points to /usr/sbin/sendmail (i.e., a real absolute path outside of the sandbox), as it should when the mailwrapper USE flag is on. Doing chmod on a symlink is a bit odd, but it seems that this line in the ebuild is intended for the case when /usr/bin/mailq is a real file. Reproducible: Always Steps to Reproduce: 1.emerge nullmailer Actual Results: The ebuild failed with a sandbox violation. Expected Results: Nullmailer should have been successfully emerged. Here are the error lines from the emerge output (the first and 4th line are the surrounding context, lines 2 and 3 are the error): --------------------------------------------------------- make[1]: Leaving directory `/extra/var/tmp/portage/nullmailer-1.00/work/nullmailer-1.00' ACCESS DENIED chmod: /extra/var/tmp/portage/nullmailer-1.00/image/usr/bin/mailq chmod: changing permissions of `/extra/var/tmp/portage/nullmailer-1.00/image//usr/bin/mailq': Permission denied * Please ensure you have selected nullmailer in your /etc/mailer.conf --------------------------------------------------------- Here is the emerge failure message that gets appended at the end: --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE = "/tmp/sandbox-mail-mta_-_nullmailer-1.00-1471.log" chmod: /extra/var/tmp/portage/nullmailer-1.00/image/usr/bin/mailq (symlink to /usr/sbin/sendmail) -------------------------------------------------------------------------------- Finally, here is the "emerge info" output for my system: --------------------------------------------------------- Gentoo Base System version 1.6.12 Portage 2.0.51.22-r1 (default-linux/x86/2005.0, gcc-3.4.4, glibc-2.3.5-r0, 2.6.8.1-co-0.6.2-pre1 i686) ================================================================= System uname: 2.6.8.1-co-0.6.2-pre1 i686 Intel(R) Pentium(R) M processor 1100MHz dev-lang/python: 2.2.3-r1, 2.3.5 sys-apps/sandbox: 1.2.8 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.16-r1 sys-devel/libtool: 1.5.18 virtual/os-headers: 2.6.11-r1 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium4 -O2 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/texmf/web2c /etc/env.d" CXXFLAGS="-march=pentium4 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig candy distlocks moo sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.blueyonder.co.uk ftp://gentoo.blueyonder.co.uk/mirrors/gentoo" MAKEOPTS="" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/extra/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X Xaw3d acl apache2 bitmap-fonts bonobo crypt emacs emacs-w3 emboss escreen esd etwin fam fortran fpx gcj gd gd-external gif glitz graphviz gtk gtk2 guile imagemagick imlib ipv6 java jbig jpeg latex lcms leim libg++ libwww lua lzw-tiff mad mailwrapper md5sum mmx motif mozdevelop mozilla mozsvg mozxmlterm mp3 mpeg ncurses nodrm nptl objc ogg oggvorbis opengl pam pam_chroot pam_console pam_timestamp perl php png python readline samba sdk slang snmp socks5 spell sse ssl tcltk tcpd tetex tiff truetype truetype-fonts type1-fonts unicode vorbis wmf xinerama xml2 xmms xprint xv zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS
This is because chmod follows the symlink, and tries to chmod the actual /usr/bin/sendmail. The Makefile should be patched to not do this. If you need more info, add me to CC.
There is indeed a line in the Makefile that could do the chmod, but I think it is not being invoked. I suspect the guilty chmod is the one in the ebuild script.
Created attachment 63591 [details, diff] nullmailer-1.00.ebuild.diff well i couldnt reproduce the problem but i think this patch could help you...
I did produce this problem and Marco's patch works.
fixed in cvs.