Summary: | media-gfx/imagemagick-7.0.9.8 build fails at the end: sandbox violation for 'identify -list Configure' | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | segmentation fault <segmentation-fault> |
Component: | Current packages | Assignee: | Andreas K. Hüttel <dilfridge> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | jstein, sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
segmentation fault
2020-03-28 11:31:10 UTC
Workaround ---------- DID NOT WORK: FEATURES='-sandbox' emerge -1av media-gfx/imagemagick DID NOT WORK: FEATURES='-usersandbox' emerge -1av media-gfx/imagemagick DID NOT WORK: FEATURES='-network-sandbox' emerge -1av media-gfx/imagemagick WORKED: FEATURES='-sandbox -usersandbox -network-sandbox' emerge -1av media-gfx/imagemagick This, of course, defies the purpose of a sandbox... Thank you for the report. We need to have all information at hand before ticket assignment. That is why I ask you to * attach the logs and * paste the emerge info as described on https://wiki.gentoo.org/wiki/Attach_the_logs_to_the_bug_ticket Finally, I can report some progress: The reason for this problem is that I use a special $MAGICK_TMPDIR: MAGICK_TMPDIR=/zram/imagemagick /zram is on a compressed RAM disk managed by the zram kernel module. Works like a charm. There are two true solutions here (the rest, like disabling sandbox, are workarounds): either you modify the ebuild to NOT use the value of $MAGICK_TMPDIR, if that value points outside the sandbox (in my case sanbox is inside /zram/portage, so clearly /zram/imagemagick is outside the sandbox), or the user must modify his sandbox to allow write access to $MAGICK_TMPDIR. Here is how to do the latter: Open /etc/sandbox.d/00default and add your $MAGICK_TMPDIR to the SANDBOX_WRITE variable: SANDBOX_WRITE="/usr/tmp/conftest:/usr/lib/conftest:/usr/lib32/conftest:/usr/lib64/conftest:/usr/tmp/cf:/usr/lib/cf:/usr/lib32/cf:/usr/lib64/cf:/full/path/to/your/special/imagemagick/tmpdir" Now, somebody might ask, what is the "right" solution here: modify the ebuild to use a MAGICK_TMPDIR that lies inside the sandbox, or modify the sandbox to allow write access to a MAGICK_TMPDIR outside its usual paths? Very philosophical question - to which I have no answer. Maybe the sandbox gurus can tells us what is the "right" way here... Sorry but this falls under "then don*t do that"... |