Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 121573

Summary: samba with wins support enabled causing massive sandbox violations
Product: Gentoo Linux Reporter: Matthew Lane <veneroso_dc>
Component: [OLD] UnspecifiedAssignee: Sandbox Maintainers <sandbox>
Status: RESOLVED NEEDINFO    
Severity: normal CC: bruno.redondi, chris, jeromepoulin, mloyer, nurachi, pva, samba, uzytkownik2
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Matthew Lane 2006-02-04 11:09:03 UTC
Portage 2.0.54 (default-linux/x86/2005.0, gcc-3.3.6, glibc-2.3.5-r2, 2.6.14-gentoo-r5 i686)
=================================================================
System uname: 2.6.14-gentoo-r5 i686 AMD Athlon(TM) XP 3000+
Gentoo Base System version 1.6.14
dev-lang/python:     2.3.5-r2, 2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O3 -march=athlon-xp -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /var/bind /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/splash /etc/terminfo /etc/env.d"
CXXFLAGS="-O3 -march=athlon-xp -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks prelink sandbox sfperms strict"
GENTOO_MIRRORS="http://gentoo.seren.com/gentoo http://gentoo.chem.wisc.edu/gentoo/ http://gentoo.netnitco.net http://gentoo.binarycompass.org http://gentoo.eliteitminds.com http://lug.mtu.edu/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.us.gentoo.org/gentoo-portage"
USE="x86 3dnow X acl alsa apm arts audiofile avi berkdb bitmap-fonts bonobo bzip2 cdr crypt cups curl divx4linux dvd dvdr eds emboss encode esd exif expat fam ffmpeg firefox foomaticdb fortran gd gdbm gif glut gmp gnome gphoto2 gpm gstreamer gtk gtk2 gtkhtml guile idn imagemagick imlib java jpeg junit kde lcms libg++ libwww lua mad mbrola mikmod mmx mng motif mozilla mp3 mpeg ncurses nls ogg oggvorbis openal opengl oss pam pcre pdflib perl png python qt quicktime readline real recode samba sdl spell sse ssl tcltk tcpd tiff truetype truetype-fonts type1-fonts udev usb visualization vorbis win32codecs xine xml xml2 xmms xscreensaver xv xvid zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY

dev-perl/Net-DNS-0.55
-Required by spamassassin
gnome-extra/bug-buddy-2.12.1
gnome-extra/gnome-keyring-manager-2.12.0

All 3 of these ebuilds generate the same error:
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb

and then fail.

There must be something in-common with them.

Below is a snippet from gnome-keyring-manager:

Generating and caching the translation database
Generating and caching the translation database
Merging translations into gnome-keyring-manager.desktop.
Merging translations into gnome-keyring-manager.schemas.
make[2]: Leaving directory `/var/tmp/portage/gnome-keyring-manager-2.12.0/work/gnome-keyring-manager-2.12.0/data'
Making all in docs
make[2]: Entering directory `/var/tmp/portage/gnome-keyring-manager-2.12.0/work/gnome-keyring-manager-2.12.0/docs'
xsltproc -o gnome-keyring-manager-C.omf --stringparam db2omf.basename gnome-keyring-manager --stringparam db2omf.format 'docbook' --stringparam db2omf.dtd "-//OASIS//DTD DocBook XML V4.2//EN" --stringparam db2omf.lang C --stringparam db2omf.omf_dir "/usr/share/omf" --stringparam db2omf.help_dir "/usr/share/gnome/help" --stringparam db2omf.omf_in "`pwd`/./gnome-keyring-manager.omf.in" `/usr/bin/pkg-config --variable db2omf gnome-doc-utils` C/gnome-keyring-manager.xml
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
xsltproc -o gnome-keyring-manager-uk.omf --stringparam db2omf.basename gnome-keyring-manager --stringparam db2omf.format 'docbook' --stringparam db2omf.dtd "-//OASIS//DTD DocBook XML V4.2//EN" --stringparam db2omf.lang uk --stringparam db2omf.omf_dir "/usr/share/omf" --stringparam db2omf.help_dir "/usr/share/gnome/help" --stringparam db2omf.omf_in "`pwd`/./gnome-keyring-manager.omf.in" `/usr/bin/pkg-config --variable db2omf gnome-doc-utils` uk/gnome-keyring-manager.xml
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
sandbox:  Caught signal 2 in pid 8310
make[2]: *** [gnome-keyring-manager-uk.omf] Interrupt
make[2]: *** wait: No child processes.  Stop.
make[2]: *** Waiting for unfinished jobs....
make[2]: *** wait: No child processes.  Stop.
make[1]: *** [all-recursive] Error 1
make: *** [all] Interrupt

/usr/portage/gnome-extra/gnome-keyring-manager/gnome-keyring-manager-2.12.0.ebuild: src_compile aborted; exiting.

--------------------------- ACCESS VIOLATION SUMMARY ---------------------------
LOG FILE = "/var/log/sandbox/sandbox-gnome-extra_-_gnome-keyring-manager-2.12.0-8310.log"

open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
--------------------------------------------------------------------------------

And here is a sipet of bug-buddy:
Merging translations into bug-buddy.desktop.
i686-pc-linux-gnu-gcc  -O3 -march=athlon-xp -pipe   -o gnome-crash  gnome-crash.o -Wl,--export-dynamic -pthread -lgnomeui-2 -lSM -lICE -lbonoboui-2 -lgnome-keyring -lxml2 -lz -lgnomecanvas-2 -lgnome-2 -lpopt -lart_lgpl_2 -lpangoft2-1.0 -lgtk-x11-2.0 -lgdk-x11-2.0 -latk-1.0 -lgdk_pixbuf-2.0 -lpangocairo-1.0 -lpango-1.0 -lcairo -lgnomevfs-2 -lbonobo-2 -lgconf-2 -lgobject-2.0 -lbonobo-activation -lORBit-2 -lm -lgmodule-2.0 -ldl -lgthread-2.0 -lglib-2.0
make[2]: Leaving directory `/var/tmp/portage/bug-buddy-2.12.1/work/bug-buddy-2.12.1/src'
Making all in bugzilla
make[2]: Entering directory `/var/tmp/portage/bug-buddy-2.12.1/work/bug-buddy-2.12.1/bugzilla'
Making all in gnome
make[3]: Entering directory `/var/tmp/portage/bug-buddy-2.12.1/work/bug-buddy-2.12.1/bugzilla/gnome'
make[3]: Nothing to be done for `all'.
make[3]: Leaving directory `/var/tmp/portage/bug-buddy-2.12.1/work/bug-buddy-2.12.1/bugzilla/gnome'
Making all in ximian
make[3]: Entering directory `/var/tmp/portage/bug-buddy-2.12.1/work/bug-buddy-2.12.1/bugzilla/ximian'
make[3]: Nothing to be done for `all'.
make[3]: Leaving directory `/var/tmp/portage/bug-buddy-2.12.1/work/bug-buddy-2.12.1/bugzilla/ximian'
make[3]: Entering directory `/var/tmp/portage/bug-buddy-2.12.1/work/bug-buddy-2.12.1/bugzilla'
make[3]: Nothing to be done for `all-am'.
make[3]: Leaving directory `/var/tmp/portage/bug-buddy-2.12.1/work/bug-buddy-2.12.1/bugzilla'
make[2]: Leaving directory `/var/tmp/portage/bug-buddy-2.12.1/work/bug-buddy-2.12.1/bugzilla'
Making all in docs
make[2]: Entering directory `/var/tmp/portage/bug-buddy-2.12.1/work/bug-buddy-2.12.1/docs'
xsltproc -o bug-buddy-C.omf --stringparam db2omf.basename bug-buddy --stringparam db2omf.format 'docbook' --stringparam db2omf.dtd "-//OASIS//DTD DocBook XML V4.2//EN" --stringparam db2omf.lang C --stringparam db2omf.omf_dir "/usr/share/omf" --stringparam db2omf.help_dir "/usr/share/gnome/help" --stringparam db2omf.omf_in "`pwd`/./bug-buddy.omf.in" `/usr/bin/pkg-config --variable db2omf gnome-doc-utils` C/bug-buddy.xml
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
xsltproc -o bug-buddy-es.omf --stringparam db2omf.basename bug-buddy --stringparam db2omf.format 'docbook' --stringparam db2omf.dtd "-//OASIS//DTD DocBook XML V4.2//EN" --stringparam db2omf.lang es --stringparam db2omf.omf_dir "/usr/share/omf" --stringparam db2omf.help_dir "/usr/share/gnome/help" --stringparam db2omf.omf_in "`pwd`/./bug-buddy.omf.in" `/usr/bin/pkg-config --variable db2omf gnome-doc-utils` es/bug-buddy.xml
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb
sandbox:  Caught signal 2 in pid 16271
make[2]: *** [bug-buddy-C.omf] Interrupt
make[2]: *** [bug-buddy-es.omf] Interrupt
make[1]: *** [all-recursive] Interrupt
make: *** [all] Interrupt

/usr/portage/gnome-extra/bug-buddy/bug-buddy-2.12.1.ebuild: src_compile aborted; exiting.

--------------------------- ACCESS VIOLATION SUMMARY ---------------------------
LOG FILE = "/var/log/sandbox/sandbox-gnome-extra_-_bug-buddy-2.12.1-16271.log"

open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
--------------------------------------------------------------------------------

And finally a snipit from Net-DNS:
Calculating dependencies ...done!
>>> emerge (1 of 1) dev-perl/Net-DNS-0.55 to /
>>> md5 files   ;-) Net-DNS-0.49.ebuild
>>> md5 files   ;-) Net-DNS-0.48.ebuild
>>> md5 files   ;-) Net-DNS-0.53.ebuild
>>> md5 files   ;-) Net-DNS-0.55.ebuild
>>> md5 files   ;-) Net-DNS-0.53-r1.ebuild
>>> md5 files   ;-) files/digest-Net-DNS-0.53
>>> md5 files   ;-) files/digest-Net-DNS-0.55
>>> md5 files   ;-) files/digest-Net-DNS-0.48
>>> md5 files   ;-) files/digest-Net-DNS-0.49
>>> md5 files   ;-) files/digest-Net-DNS-0.53-r1
>>> md5 src_uri ;-) Net-DNS-0.55.tar.gz
>>> Unpacking source...
>>> Unpacking Net-DNS-0.55.tar.gz to /var/tmp/portage/Net-DNS-0.55/work
>>> Source unpacked.
 * Using ExtUtils::MakeMaker


The libraries needed to support IPv6 transport have not been found.
You will need recent versions of the IO::Socket::INET6 and Socket6
libraries (from CPAN).

Testing if you have a C compiler and the needed header files....
cc -O3 -march=athlon-xp -pipe   -c -o compile.o compile.c
You have a working compiler.
ACCESS DENIED  open_wr:   /var/cache/samba/gencache.tdb

You appear to be directly connected to the Internet.  I have some tests
that try to query live nameservers.

Do you want to enable these tests? [y] y
Checking if your kit is complete...
Looks good
Writing Makefile for Net::DNS
cp lib/Net/DNS/RR/A.pm blib/lib/Net/DNS/RR/A.pm
cp lib/Net/DNS/Resolver/Win32.pm blib/lib/Net/DNS/Resolver/Win32.pm
cp lib/Net/DNS/RR/Unknown.pm blib/lib/Net/DNS/RR/Unknown.pm
cp lib/Net/DNS/RR/EID.pm blib/lib/Net/DNS/RR/EID.pm
cp lib/Net/DNS/RR/ISDN.pm blib/lib/Net/DNS/RR/ISDN.pm
cp lib/Net/DNS/RR/MX.pm blib/lib/Net/DNS/RR/MX.pm
cp lib/Net/DNS/Header.pm blib/lib/Net/DNS/Header.pm
cp lib/Net/DNS/RR/SOA.pm blib/lib/Net/DNS/RR/SOA.pm
cp lib/Net/DNS/RR/OPT.pm blib/lib/Net/DNS/RR/OPT.pm
cp lib/Net/DNS/RR/NIMLOC.pm blib/lib/Net/DNS/RR/NIMLOC.pm
cp lib/Net/DNS/RR/TXT.pm blib/lib/Net/DNS/RR/TXT.pm
cp lib/Net/DNS/RR/DNAME.pm blib/lib/Net/DNS/RR/DNAME.pm
cp lib/Net/DNS/RR/AAAA.pm blib/lib/Net/DNS/RR/AAAA.pm
cp lib/Net/DNS.pm blib/lib/Net/DNS.pm
cp lib/Net/DNS/RR/X25.pm blib/lib/Net/DNS/RR/X25.pm
cp lib/Net/DNS/RR/RP.pm blib/lib/Net/DNS/RR/RP.pm
cp lib/Net/DNS/Resolver/Recurse.pm blib/lib/Net/DNS/Resolver/Recurse.pm
cp lib/Net/DNS/Resolver/Cygwin.pm blib/lib/Net/DNS/Resolver/Cygwin.pm
cp lib/Net/DNS/RR/PTR.pm blib/lib/Net/DNS/RR/PTR.pm
cp lib/Net/DNS/RR/NS.pm blib/lib/Net/DNS/RR/NS.pm
cp lib/Net/DNS/RR/TSIG.pm blib/lib/Net/DNS/RR/TSIG.pm
cp lib/Net/DNS/Update.pm blib/lib/Net/DNS/Update.pm
cp lib/Net/DNS/Resolver.pm blib/lib/Net/DNS/Resolver.pm
cp lib/Net/DNS/RR/PX.pm blib/lib/Net/DNS/RR/PX.pm
cp lib/Net/DNS/Nameserver.pm blib/lib/Net/DNS/Nameserver.pm
cp lib/Net/DNS/RR/NULL.pm blib/lib/Net/DNS/RR/NULL.pm
cp lib/Net/DNS/RR/LOC.pm blib/lib/Net/DNS/RR/LOC.pm
cp lib/Net/DNS/RR/SRV.pm blib/lib/Net/DNS/RR/SRV.pm
cp lib/Net/DNS/RR/RT.pm blib/lib/Net/DNS/RR/RT.pm
cp lib/Net/DNS/RR/AFSDB.pm blib/lib/Net/DNS/RR/AFSDB.pm
cp lib/Net/DNS/RR/MINFO.pm blib/lib/Net/DNS/RR/MINFO.pm
cp lib/Net/DNS/RR/MR.pm blib/lib/Net/DNS/RR/MR.pm
cp lib/Net/DNS/FAQ.pod blib/lib/Net/DNS/FAQ.pod
cp lib/Net/DNS/RR/CNAME.pm blib/lib/Net/DNS/RR/CNAME.pm
cp lib/Net/DNS/Question.pm blib/lib/Net/DNS/Question.pm
cp lib/Net/DNS/RR/SSHFP.pm blib/lib/Net/DNS/RR/SSHFP.pm
cp lib/Net/DNS/RR/NAPTR.pm blib/lib/Net/DNS/RR/NAPTR.pm
cp lib/Net/DNS/Packet.pm blib/lib/Net/DNS/Packet.pm
cp lib/Net/DNS/RR.pm blib/lib/Net/DNS/RR.pm
cp lib/Net/DNS/RR/HINFO.pm blib/lib/Net/DNS/RR/HINFO.pm
cp lib/Net/DNS/RR/MG.pm blib/lib/Net/DNS/RR/MG.pm
cp lib/Net/DNS/RR/TKEY.pm blib/lib/Net/DNS/RR/TKEY.pm
cp lib/Net/DNS/RR/NSAP.pm blib/lib/Net/DNS/RR/NSAP.pm
cp lib/Net/DNS/RR/CERT.pm blib/lib/Net/DNS/RR/CERT.pm
cp lib/Net/DNS/Resolver/UNIX.pm blib/lib/Net/DNS/Resolver/UNIX.pm
cp lib/Net/DNS/RR/MB.pm blib/lib/Net/DNS/RR/MB.pm
cp lib/Net/DNS/Resolver/Base.pm blib/lib/Net/DNS/Resolver/Base.pm
i686-pc-linux-gnu-gcc -c   -fno-strict-aliasing -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O3 -march=athlon-xp -pipe   -DVERSION=\"0.55\" -DXS_VERSION=\"0.55\" -fPIC "-I/usr/lib/perl5/5.8.7/i686-linux/CORE"   netdns.c
ar cr netdns.a netdns.o
: netdns.a
/usr/bin/perl5.8.7 /usr/lib/perl5/5.8.7/ExtUtils/xsubpp  -typemap /usr/lib/perl5/5.8.7/ExtUtils/typemap  DNS.xs > DNS.xsc && mv DNS.xsc DNS.c
i686-pc-linux-gnu-gcc -c   -fno-strict-aliasing -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O3 -march=athlon-xp -pipe   -DVERSION=\"0.55\" -DXS_VERSION=\"0.55\" -fPIC "-I/usr/lib/perl5/5.8.7/i686-linux/CORE"   DNS.c
Running Mkbootstrap for Net::DNS ()
chmod 644 DNS.bs
rm -f blib/arch/auto/Net/DNS/DNS.so
LD_RUN_PATH="" i686-pc-linux-gnu-gcc  -shared -L/usr/local/lib DNS.o  -o blib/arch/auto/Net/DNS/DNS.so netdns.a
chmod 755 blib/arch/auto/Net/DNS/DNS.so
cp DNS.bs blib/arch/auto/Net/DNS/DNS.bs
chmod 644 blib/arch/auto/Net/DNS/DNS.bs
--------------------------- ACCESS VIOLATION SUMMARY ---------------------------
LOG FILE = "/var/log/sandbox/sandbox-dev-perl_-_Net-DNS-0.55-19135.log"

open_wr:   /var/cache/samba/gencache.tdb
--------------------------------------------------------------------------------


The commonality is probably sandbox.
Comment 1 Matthew Lane 2006-02-04 11:11:52 UTC
I have this version of sandbox installed:

[ebuild   R   ] sys-apps/sandbox-1.2.12
Comment 2 Jakub Moc (RETIRED) gentoo-dev 2006-02-04 11:29:16 UTC
Please, check your filesystem for errors. Also, try with sandbox-1.2.17. And finally - are you using prelink by chance?
Comment 3 Matthew Lane 2006-02-04 17:09:37 UTC
Yes I am using prelink.

I will do a full fsck shortly.
Comment 4 Matthew Lane 2006-02-04 20:57:45 UTC
My disks are free of errors.

I tried sandbox-1.2.17, I still recieve the same access violation errors.

I rolled back to the stable version, and still the same errors.
Comment 5 Jakub Moc (RETIRED) gentoo-dev 2006-02-05 01:42:20 UTC
(In reply to comment #3)
> Yes I am using prelink.

Hmmm, bingo...
Comment 6 Brian Harring gentoo-dev 2006-02-05 02:38:10 UTC
prelink may make it easier to trigger, but it's not at fault- file in question is a samba cache, and I'd *bet* all of you have wins enabled for local host lookup.

That the case?
Comment 7 Brian Harring gentoo-dev 2006-02-05 02:45:46 UTC
question is how to add this in a clean manner; I'm personally inclined to have packages install their own "exempt me from sandbox restrictions" file somewhere rather then hardcoding more crap into portage..
Comment 8 Matthew Lane 2006-02-05 14:25:49 UTC
I have wins support enabled in smb.conf.
Comment 9 Jakub Moc (RETIRED) gentoo-dev 2006-02-20 15:56:49 UTC
*** Bug 123555 has been marked as a duplicate of this bug. ***
Comment 10 Matthew Lane 2006-02-20 16:04:09 UTC
Well, as you can see by my duplicate bug...

Has anyone got a work around for this?

Is there a way to rebuild sandbox to avoid this

Do I need to remove a use flag?

Is this a samba error?

Can I fix this without re-rolling my gentoo?

Is there a santa claus?
Comment 11 Martin Schlemmer (RETIRED) gentoo-dev 2006-02-20 22:32:53 UTC
The problem is, I do not want to keep on adding stuff to write allow or whatever.  Only other way I am willing to compromise, is maybe install a default /etc/sandbox.conf with say a /etc/sandbox.d/ that some packages like samba can install a file to add some path's to write or predict path.
Comment 12 Brian Harring gentoo-dev 2006-02-20 22:54:57 UTC
(In reply to comment #11)
> The problem is, I do not want to keep on adding stuff to write allow or
> whatever.
Agreed.

> Only other way I am willing to compromise, is maybe install a
> default /etc/sandbox.conf with say a /etc/sandbox.d/ that some packages like
> samba can install a file to add some path's to write or predict path.
Works for me- I just didn't have a good suggestion for the location/format :)

Not sure if sandbox should be handling the parsing or if portage should be doing it; makes sense to me for sandbox to use the pkg installed lists (sandbox is used outside of portage) but I dislike the overhead of re-parsing every exec.

That and those files merged, need to be unmerged on updates (no config_protect interaction there).
Comment 13 Martin Schlemmer (RETIRED) gentoo-dev 2006-02-20 23:24:44 UTC
(In reply to comment #12)

> > Only other way I am willing to compromise, is maybe install a
> > default /etc/sandbox.conf with say a /etc/sandbox.d/ that some packages like
> > samba can install a file to add some path's to write or predict path.
> Works for me- I just didn't have a good suggestion for the location/format :)
> 
> Not sure if sandbox should be handling the parsing or if portage should be
> doing it; makes sense to me for sandbox to use the pkg installed lists (sandbox
> is used outside of portage) but I dislike the overhead of re-parsing every
> exec.
> 

Would only need to parse for each time sandbox is run .. for each exec inside th e sandbox, it should be already setup ... so one/two calls per package merge should not be too high, and it being C and I think using mmap should not have too much overhead.

> That and those files merged, need to be unmerged on updates (no config_protect
> interaction there).
> 

Sure - just add /etc/sandbox.d/ to CONFIG_PROTECT_MASK I think.
Comment 14 Matthew Lane 2006-02-28 14:11:04 UTC
Has anyone done any work to resolve this?

Is there a workaround available?

Its been a few weeks and the number of out-of-date applications is increasing.

Thanks.
Comment 15 Martin Schlemmer (RETIRED) gentoo-dev 2006-03-01 01:23:36 UTC
Sure:

1) Disable WINS name resolution for now
2) Disable Sandbox in make.conf for now
Comment 16 Jakub Moc (RETIRED) gentoo-dev 2006-03-14 07:14:17 UTC
*** Bug 119551 has been marked as a duplicate of this bug. ***
Comment 17 Jakub Moc (RETIRED) gentoo-dev 2006-03-15 01:16:21 UTC
*** Bug 126265 has been marked as a duplicate of this bug. ***
Comment 18 Jakub Moc (RETIRED) gentoo-dev 2006-10-04 09:15:39 UTC
*** Bug 120204 has been marked as a duplicate of this bug. ***
Comment 19 Jakub Moc (RETIRED) gentoo-dev 2006-11-28 06:41:38 UTC
*** Bug 156510 has been marked as a duplicate of this bug. ***
Comment 20 SpanKY gentoo-dev 2007-03-25 05:17:56 UTC
as noted, not prelink's fault
Comment 21 Chris Smith 2007-10-10 17:47:37 UTC
Prevents vlc emerge.

Source compiled.
--------------------------- ACCESS VIOLATION SUMMARY
---------------------------
LOG FILE =
"/var/log/sandbox/sandbox-media-video_-_vlc-0.9.0_alpha20071009-6095.log"

open_wr:   /var/cache/samba/gencache.tdb
--------------------------------------------------------------------------------
Comment 22 VinnieNZ 2008-05-22 00:14:59 UTC
And sci-mathematics/pari-2.3.2 (current version)



>>> Source compiled.
--------------------------- ACCESS VIOLATION SUMMARY ---------------------------
LOG FILE = "/var/log/sandbox/sandbox-15904.log"

open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
open_wr:   /var/cache/samba/gencache.tdb
--------------------------------------------------------------------------------
Comment 23 SpanKY gentoo-dev 2008-12-23 12:22:10 UTC
are people still hitting this ?  can anyone outline exactly how to reproduce ?  in other words, what USE flags to use when building samba/etc... and config options to enable in samba.conf/nsswitch.conf/etc...
Comment 24 Berend Dekens 2011-01-19 20:55:06 UTC
(In reply to comment #23)
> are people still hitting this ?  can anyone outline exactly how to reproduce ? 
> in other words, what USE flags to use when building samba/etc... and config
> options to enable in samba.conf/nsswitch.conf/etc...
> 

I hate to resurrect an old thread like this but all the bug reports I find on this are inconclusive: the problem stems from the 'wins' keyword in the hosts line in nsswitch.conf. Every now and then I need to remove this, emerge stuff, and put it back. The downside is that with large updates (like @world) I have to babysit portage as I'm bound to forget to disable wins lookups.

Alternatively I found 'USE="-sandbox"' to be a quick hack to get portage going, but it ain't pretty...

Example which still triggers the sandbox violation anno 2011: k3b-9999. I'm not sure why this hasn't been fixed yet but it sure is annoying...
Comment 25 Bruno Redondi 2012-06-04 12:55:47 UTC
Adding SANDBOX_PREDICT="/var/cache/samba/gencache.tdb:/var/cache/samba/gencache_notrans.tdb"
fixes the issue.

Since this issue is triggered by using nss_wins (installed by samba with USE=winbind) I think that net-fs/samba should install a file in /etc/sandbox.d when emerged with winbind support.
Comment 26 Jérôme Poulin 2012-06-04 13:36:49 UTC
Are you seriously telling me this isn't fixed and is still happening after 6 years?
Comment 27 Bruno Redondi 2012-06-04 13:53:45 UTC
Today I was installing eclipse-sdk-3.7.1-r7 from seden overlay, and emerge failed due to this bug.
Adding /var/cache/samba/gencache.tdb and /var/cache/samba/gencache_notrans.tdb to SANDBOX_PREDICT, I was able to emerge it correctly.
Comment 28 Dominik Goracy 2013-06-04 06:45:36 UTC
I hit his bug today while emerging erlang 15.2.3.1
Got it done by adding file "/etc/sandbox.d/99samba" containing

SANDBOX_PREDICT="/var/cache/samba/gencache.tdb:/var/cache/samba/gencache_notrans.tdb"
Comment 29 Maciej Piechotka 2015-05-31 17:50:21 UTC
I have reproduced the bug this week on samba 4. Solution proposed by Bruno works for my.

(In reply to SpanKY from comment #23)
> are people still hitting this ?  can anyone outline exactly how to reproduce
> ?  in other words, what USE flags to use when building samba/etc... and
> config options to enable in samba.conf/nsswitch.conf/etc...

1. Setup a AD controller (Windows Server or samba)
2. Make a Samba join a domain
3. Add 'wins' to hosts line in nsswitch.conf
Comment 30 SpanKY gentoo-dev 2015-06-01 04:36:42 UTC
(In reply to Maciej Piechotka from comment #29)

i have no idea how to set up an AD instance as i've never needed one.  is there no shortcut there ?
Comment 31 Maciej Piechotka 2015-06-01 15:33:53 UTC
(In reply to SpanKY from comment #30)
> (In reply to Maciej Piechotka from comment #29)
> 
> i have no idea how to set up an AD instance as i've never needed one.  is
> there no shortcut there ?

I'm not sure - maybe using a name resolution in workgroups will work as well.