Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 220983

Summary: gnome-extra/gnome-media-2.22.0 Sandbox access violation
Product: Gentoo Linux Reporter: Graham Murray <graham>
Component: [OLD] GNOMEAssignee: Gentoo Linux Gnome Desktop Team <gnome>
Status: RESOLVED FIXED    
Severity: normal CC: a
Priority: High    
Version: 2008.0   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: /var/log/sandbox/sandbox-16692.log
build.log
config.log
strace.gst-inspect.log

Description Graham Murray 2008-05-08 18:35:36 UTC 
>>> Source compiled.
--------------------------- ACCESS VIOLATION SUMMARY ---------------------------
LOG FILE = "/var/log/sandbox/sandbox-27892.log"

open_wr:   /root/.gconf/.testing.writeability
unlink:    /root/.gconf/.testing.writeability
open_wr:   /root/.gconfd/saved_state
open_wr:   /root/.gconfd/saved_state
open_wr:   /root/.gconfd/saved_state
open_wr:   /root/.gconfd/saved_state
open_wr:   /root/.gconfd/saved_state
open_wr:   /root/.gconfd/saved_state
open_wr:   /root/.gconfd/saved_state
open_wr:   /root/.gconfd/saved_state
open_wr:   /root/.gconfd/saved_state
open_wr:   /root/.gconfd/saved_state.tmp

emerge --info
Portage 2.1.5_rc7 (default/linux/x86/2008.0/desktop, gcc-4.2.3, glibc-2.7-r2, 2.6.25-gentoo-r2 i686)
=================================================================
System uname: 2.6.25-gentoo-r2 i686 Intel(R) Core(TM)2 CPU 6700 @ 2.66GHz
Timestamp of tree: Thu, 08 May 2008 16:45:01 +0000
app-shells/bash:     3.2_p39
dev-java/java-config: 1.3.7, 2.1.6
dev-lang/python:     2.4.4-r11, 2.5.2-r2
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 2.0.0
sys-apps/openrc:     0.2.3
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.62
sys-devel/automake:  1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1-r1
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   2.2.4
virtual/os-headers:  2.6.25-r1
ACCEPT_KEYWORDS="x86 ~x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=native -mtune=native -pipe -ggdb"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/bind /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-O2 -march=native -mtune=native -pipe -ggdb"
DISTDIR="/usr/portage/distfiles"
FEATURES="buildsyspkg distlocks installsources parallel-fetch sandbox sfperms splitdebug strict unmerge-orphans userfetch"
GENTOO_MIRRORS="http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ http://gentoo.blueyonder.co.uk http://gentoo.tiscali.nl/ http://gentoo.mirror.solnet.ch http://pandemonium.tiscali.de/pub/gentoo/"
LANG="en_GB.UTF-8"
LC_ALL="en_GB.UTF-8"
LDFLAGS=""
LINGUAS="en_GB en"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/layman/musicbrainz /usr/portage/local/layman/sunrise /usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="X a52 aac aalib acl acpi aim alsa apache2 arts audiofile avi bash-completion berkdb bluetooth bonobo branding browserplugin bzip2 bzlib cairo caps cddb cdparanoia cdr cjk cli cracklib crypt cups curl cvs cxx dbus directfb doc dri dts dvd dvdr dvdread eds emacs emboss encode esd ethereal evo examples exif expat fam fbcon ffmpeg fftw firefox flac foomaticdb fortran ftp gcj gd gdbm gif glut gmp gnome gnome-keyring gnutls gphoto2 gpm graphviz gstreamer gtk gtk2 gtkhtml guile hal iconv icq idn ieee1394 imagemagick imlib ipv6 isdnlog jabber jack java javascript jbig jce jpeg jpeg2k junit kde kdehiddenvisibility kerberos ladspa latex lcms ldap leim libgda libnotify libsamplerate libwww lirc lm_sensors logrotate lua m17n-lib mad matroska mbox midi mikmod milter mime mmap mmx mng modplug mono mp3 mpeg mpi mplayer msn mudflap musepack ncurses nls nptl nptlonly nsplugin odbc offensive ogg oggvorbis openal opengl openmp oscar oss pam pcntl pcre pdf perl png postgres ppds pppd profile pulseaudio python qt3 qt3support qt4 quicktime readline recode reflection ruby sasl sdl seamonkey session sharedmem sndfile snmp sockets sox speex spell spl sqlite3 sse sse2 ssl startup-notification subversion svg sysvipc tcl tcltk tcpd tetex theora threads tiff tk truetype uicktime unicode usb v4l v4l2 vim-syntax vorbis win32codecs wmf wxwindows x264 x86 xattr xcb xface xine xml xml2 xorg xulrunner xv xvid yahoo zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="worker" CAMERAS="canon ptp2" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_GB en" LIRC_DEVICES="asusdh" USERLAND="GNU" VIDEO_CARDS="radeon vesa fbdev vga"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Andrew Gaydenko 2008-05-08 19:18:17 UTC 
The same on ~amd64.
Comment 2 Gilles Dartiguelongue (RETIRED) gentoo-dev 2008-05-08 19:36:00 UTC 
my bad, this can't be reproduced with FEATURES="usersandbox userpriv". Added the addpredict back.

@herd, I'd be curious to know which damn make rule tries to touch /root/.gconf while I explicitely added --disable-schemas-install. If we could fix it, we could remove this ugly hack from a couple of ebuilds.
Comment 3 Pacho Ramos gentoo-dev 2008-05-09 08:48:04 UTC 
Created attachment 152589 [details]
/var/log/sandbox/sandbox-16692.log
Comment 4 Pacho Ramos gentoo-dev 2008-05-09 08:48:42 UTC 
Created attachment 152591 [details]
build.log
Comment 5 Pacho Ramos gentoo-dev 2008-05-09 08:51:18 UTC 
Created attachment 152593 [details]
config.log
Comment 6 RĂ©mi Cardona (RETIRED) gentoo-dev 2008-05-09 10:57:22 UTC 
Created attachment 152605 [details]
strace.gst-inspect.log

The culprit is configure.ac which runs gst-inspect-0.10 on gconfaudiosink and gconfaudiosrc, both of which load gconf which then spawns gconfd for root.

Attached is the log of running "strace -f gst-inspect-0.10 gconfaudiosrc 2>&1 | grep gconf"

I'm not really sure what to do about that... Maybe we could patch configure.ac not to run gst-inspect as we already make sure that things are there in the first place? Maybe just a comment above the sandbox addpredict stuff is enough?

@herd, thoughts, comments?
Comment 7 Daniel Gryniewicz (RETIRED) gentoo-dev 2008-05-09 13:50:15 UTC 
In general, I'd say we should leave these types of checks in, as a belt-and-suspenders type thing.  However, these deps are directly in the package, and gst-inspect has been one of the worst offenders in the tree for sandbox violations for as long as I can remember, so it'd be nice to do *something*.

I vaguely remember someone doing what was necessary to make it use a dummy homedir for this kind of thing; is that possible?
Comment 8 Archimedes Trajano 2008-09-23 05:43:51 UTC 
How was this fixed?