Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 721728

Summary: www-client/firefox-76.0.1 sandbox violation related to python 3.7
Product: Gentoo Linux Reporter: John Helmert III <ajak>
Component: Current packagesAssignee: Mozilla Gentoo Team <mozilla>
Status: RESOLVED INVALID    
Severity: normal CC: sam, todd
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: build.log
emerge --info

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-05-09 01:32:22 UTC 
Created attachment 636916 [details]
build.log

The relevant build.log bit:

Configure complete!
Be sure to run |mach build| to pick up any changes
 * --------------------------- ACCESS VIOLATION SUMMARY ---------------------------
 * LOG FILE: "/var/tmp/portage/www-client/firefox-76.0.1/temp/sandbox.log"
 *
VERSION 1.0
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line

F: open_wr
S: deny
P: /usr/lib64/python3.7/lib2to3/Grammar3.7.7.final.0.pickle
A: /usr/lib64/python3.7/lib2to3/Grammar3.7.7.final.0.pickle
R: /usr/lib64/python3.7/lib2to3/Grammar3.7.7.final.0.pickle
C: /var/tmp/portage/www-client/firefox-76.0.1/work/firefox-76.0.1/ff/_virtualenvs/init_py3/bin/python /var/tmp/portage/www-client/firefox-76.0.1/work/firefox-76.0.1/third_party/python/psutil/setup.py build_ext --inplace

F: open_wr
S: deny
P: /usr/lib64/python3.7/lib2to3/PatternGrammar3.7.7.final.0.pickle
A: /usr/lib64/python3.7/lib2to3/PatternGrammar3.7.7.final.0.pickle
R: /usr/lib64/python3.7/lib2to3/PatternGrammar3.7.7.final.0.pickle
C: /var/tmp/portage/www-client/firefox-76.0.1/work/firefox-76.0.1/ff/_virtualenvs/init_py3/bin/python /var/tmp/portage/www-client/firefox-76.0.1/work/firefox-76.0.1/third_party/python/psutil/setup.py build_ext --inplace
 * --------------------------------------------------------------------------------
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-05-09 01:34:32 UTC 
Created attachment 636918 [details]
emerge --info
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2020-05-09 14:15:30 UTC 
Can't reproduce.

Please provide steps how to reproduce in a clean stage3.
Comment 3 Todd Walter 2020-09-15 14:28:33 UTC 
I have the same error regarding the Python pickle when emerging 'sys-apps/file' and 'dev-python/python-distutils-extra'.  It's looking for /usr/lib/python3.7/lib2to3/Grammar3.7.7.final.0.pickle when it should be 3.7.8.  Appears PC specific and I haven't been able to determine why.  You can use a symlink to get past it for now.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-09-15 16:41:27 UTC 
(In reply to Todd Walter from comment #3)
> I have the same error regarding the Python pickle when emerging
> 'sys-apps/file' and 'dev-python/python-distutils-extra'.  It's looking for
> /usr/lib/python3.7/lib2to3/Grammar3.7.7.final.0.pickle when it should be
> 3.7.8.  Appears PC specific and I haven't been able to determine why.  You
> can use a symlink to get past it for now.

I was able to resolve this issue by removing Python stuff that was installed on root outside of Portage (probably a `sudo pip install ...`).
Comment 5 Todd Walter 2020-09-15 19:56:55 UTC 
Thanks, that was it.  Why /opt is given precedence over /usr/lib escapes me but it's fixed now.