Summary: | emerge <something> just exits to command prompt only when sandbox is enabled | ||
---|---|---|---|
Product: | Portage Development | Reporter: | Simon Cooper <thecoop> |
Component: | Sandbox | Assignee: | Sandbox Maintainers <sandbox> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | rick, ruud |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://forums.gentoo.org/viewtopic.php?t=290694 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
emerge.log from my hardened server
Log detailing a bit when stuff breaks. |
Description
Simon Cooper
2005-02-06 13:44:46 UTC
emerge only works if you disable the sandbox for each compile (FEATURES="-sandbox" emerge <whatever>). If the sandbox is enabled emerge just exits Several reports confirming this. last time we saw this was when there was a segfault problem with sandbox ... i think it was when i reported about the ia64 problems emerge sandboxshell does that or any scripts within it work? What are any reported error messages? seems to work fine. It loads anyway... tachyon / # sandboxshell * Loading sandboxed shell * Log File: /tmp/sandboxme-08.02.2005-19.14.52.log * Debug Log File: /tmp/sandboxme-08.02.2005-19.14.52.log.debug * sandboxon: turn sandbox on * sandboxoff: turn sandbox off * addread <path>: allow <path> to be read * addwrite <path>: allow <path> to be written * adddeny <path>: deny access to <path> * addpredict <path>: allow fake access to <path> [s]tachyon / # adddeny / [s]tachyon / # touch /test ACCESS DENIED execve: /usr/bin/touch SECURITY BREACH SANDBOX_LOG /tmp/sandboxme-08.02.2005-19.16.21.log isn't allowed via SANDBOX_WRITE ACCESS DENIED open_rd: /usr/bin/touch bash: /usr/bin/touch: Success [s]tachyon / # Anything new from: emerge -d portage Is ebuild.sh executable? Its suddenly decided to start working again now, no idea why... last update, i emerged pam-0.77-r8, opengl-update-2.1.0-r1, dbus-0.23-r3, gstreamer-0.8.9, libcap-1.10-r5 and synaptics-0.14. Apart from that I havent done anything else to portage Just close the bug for now then an reopen if the problem occures again. ok its started happening again, completely randomly (afaict) tachyon simon # emerge -d portage Calculating dependencies Parent: None Depstring: sys-apps/portage Candidates: ['sys-apps/portage'] ebuild: sys-apps/portage-2.0.51-r15 binpkg: None - Parent: ebuild / sys-apps/portage-2.0.51-r15 merge Depstring: !bootstrap? ( sys-devel/patch ) !bootstrap? ( sys-devel/patch ) !build? ( >=sys-apps/sed-4.0.5 dev-python/python-fchksum >=dev-lang/python-2.2.1 sys-apps/debianutils >=app-shells/bash-2.05a ) selinux? ( >=dev-python/python-selinux-2.15 ) Candidates: [] Exiting... ebuild / sys-apps/portage-2.0.51-r15 merge Exiting... None ...done! >>> emerge (1 of 1) sys-apps/portage-2.0.51-r15 to / + dyn_clean + '[' GNU == BSD ']' + rm -rf /var/tmp/portage/portage-2.0.51-r15/image + hasq keeptemp autoaddcvs autoconfig ccache digest distlocks fixpackages sandbox sfperms + local x + local me=keeptemp + shift + for x in '"$@"' + '[' autoaddcvs == keeptemp ']' + for x in '"$@"' + '[' autoconfig == keeptemp ']' + for x in '"$@"' + '[' ccache == keeptemp ']' + for x in '"$@"' + '[' digest == keeptemp ']' + for x in '"$@"' + '[' distlocks == keeptemp ']' + for x in '"$@"' + '[' fixpackages == keeptemp ']' + for x in '"$@"' + '[' sandbox == keeptemp ']' + for x in '"$@"' + '[' sfperms == keeptemp ']' + return 1 + rm -rf /var/tmp/portage/portage-2.0.51-r15/temp + hasq keepwork autoaddcvs autoconfig ccache digest distlocks fixpackages sandbox sfperms + local x + local me=keepwork + shift + for x in '"$@"' + '[' autoaddcvs == keepwork ']' + for x in '"$@"' + '[' autoconfig == keepwork ']' + for x in '"$@"' + '[' ccache == keepwork ']' + for x in '"$@"' + '[' digest == keepwork ']' + for x in '"$@"' + '[' distlocks == keepwork ']' + for x in '"$@"' + '[' fixpackages == keepwork ']' + for x in '"$@"' + '[' sandbox == keepwork ']' + for x in '"$@"' + '[' sfperms == keepwork ']' + return 1 + rm -rf /var/tmp/portage/portage-2.0.51-r15/.unpacked + rm -rf /var/tmp/portage/portage-2.0.51-r15/.compiled + rm -rf /var/tmp/portage/portage-2.0.51-r15/.tested + rm -rf /var/tmp/portage/portage-2.0.51-r15/.installed + rm -rf /var/tmp/portage/portage-2.0.51-r15/.packaged + rm -rf /var/tmp/portage/portage-2.0.51-r15/build-info + rm -rf /var/tmp/portage/portage-2.0.51-r15/work + '[' -f /var/tmp/portage/portage-2.0.51-r15/.unpacked ']' ++ find /var/tmp/portage/portage-2.0.51-r15 -mindepth 1 -maxdepth 1 + '[' -z '' ']' + rmdir /var/tmp/portage/portage-2.0.51-r15 + true + set +x >>> md5 src_uri ;-) portage-2.0.51-r15.tar.bz2 + dyn_setup + '[' GNU == Linux ']' + pkg_setup + return + set +x tachyon simon # setup is without sandbox. unpack is in sandbox. You're able to run without sandbox, but as soon as it starts, you exit. ldd /lib/libsandbox.so ldd /usr/lib/portage/bin/sandbox /usr/lib/portage/bin/sandbox touch /foo exit Also, the output stops abrubtly in the middle of ebuild.sh. The following line would have been: export SANDBOX_ON="0" Still an issue? no, its been sorted for some time now, but i still dont know what caused it initially :/ Reopen if it happens again and we'll get to the bottom of it. Still a problem with sandbox-1.2.1. wanted to paste a log to add to this bug after jstubbs notified me of it's existance. One of my hardened servers experienced the same bug after updating binutils-config i believe. After the biuntils-config update consistantly sandboxed builds would consistantly fail. After updating both portage and sandbox to 1.2.1.r2 the failure was still apparent. attaching a logs to my addition. Created attachment 57236 [details]
emerge.log from my hardened server
uberboxen / # emerge info Portage 2.0.51.19 (default-linux/x86/2005.0, gcc-3.4.3, glibc-2.3.4.20050125-r1, 2.6.11-hardened-r1 i686) ================================================================= System uname: 2.6.11-hardened-r1 i686 AMD Athlon(tm) XP 3000+ Gentoo Base System version 1.6.10 Python: dev-lang/python-2.3.5 [2.3.5 (#1, Mar 4 2005, 02:57:21)] distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.4 [enabled] dev-lang/python: 2.3.5 sys-devel/autoconf: 2.59-r6, 2.13 sys-devel/automake: 1.7.9-r1, 1.8.5-r3, 1.5, 1.4_p6, 1.6.3, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r7 sys-devel/libtool: 1.5.14 virtual/os-headers: 2.6.8.1-r4 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CFLAGS="-march=athlon-xp -mtune=athlon-xp -O2 -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-xp -mtune=athlon-xp -O2 -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig buildpkg ccache distlocks fixpackages sandbox sfperms strict" GENTOO_MIRRORS="ftp://ftp.gentoo.mesh-solutions.com/gentoo/ http://ftp.snt.utwente.nl/pub/os/linux/gentoo ftp://mir.zyrianes.net/gentoo/" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="x86 3dnow X509 acl acpi adns alsa apache2 authdaemond bash-completion berkdb bzlib ccache cdr chroot cluster crypt ctype curl curlwrappers dba dio emboss encode erandom fam fortran freetds ftp gd gdbm hardened hardenedphp imagemagick imap imlib innodb ipv6 kerberos ldap libg++ libwww maildir memlimit mmx mp3 mpi mysql nagios-dns nagios-ntp nagios-ping nagios-ssh ncurses nls nptl objc odbc pam pcntl pcre perl pg-hier pg-intdatetime pg-vacuumdelay php pic pie png posix postgres python readline sasl sdl sendfile session sftplogging shaper shared sharedmem snmp sockets softquota spell sse ssl sysvipc szip tcpd tiff unicode vda vhosts virus-scan xml xml2 xmlrpc xsl zlib" Unset: ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY i rebuilt the base system dependancies previous to gcc in my server with FEATURES="-sandbox" and this bug seems to have fixed itself. fyi for anyone affected. Useing FEATURES="-sandbox" doesn't fix anything for me. What happened is that I was updating a lot of kde stuff and while it was going on it seemed to have synced. Besides kde stuff got updated: x11-libs/qt-4.1.2 app-crypt/pinentry-0.7.2-r2 dev-libs/libical-0.24_rc4-r1 app-text/enscript-1.6.4-r2 sys-apps/usbutils-0.71-r1 dev-libs/libusb-0.1.10a app-crypt/gpgme-1.1.2-r1 media-libs/faad2-2.0-r11 media-libs/libmp4v2-1.4.1 app-crypt/gnupg-1.9.20-r3 dev-libs/libassuan-0.6.10 dev-libs/libksba-0.9.13 It seems to break right after ebuild.sh got called. I know that because I altered ebuild.sh to say '#!/bin/bash -x'. When I try to emerge say perl it will run through ebuild.sh, show the info about the checksums and then quit. I've included a file that has the log of emerging perl when the source isn't present and /var/tmp/portage/perl* doesn't exist. ----- Portage 2.0.54 (default-linux/x86/2006.0, gcc-3.4.5, glibc-2.3.6-r3, 2.6.15.5 i686) ================================================================= System uname: 2.6.15.5 i686 AMD Athlon(tm) Processor Gentoo Base System version 1.6.14 dev-lang/python: 2.4.2 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=athlon-mp -O3 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-mp -O3 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="ftp://ftp.surfnet.nl/pub/os/Linux/distr/gentoo ftp://ftp.snt.utwente.nl/pub/os/linux/gentoo http://gentoo.oregonstate.edu http://www.ibiblio.org/pub/Linux/distributions/gentoo" LANG="en_US.utf8" LC_ALL="en_US.utf8" MAKEOPTS="-j1" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="x86 3dnow 3dnowext X a52 aac aalib acpi aim audiofile avi bash-completion berkdb bitmap-fonts browserplugin bzip2 cdr cli crypt cups dri eds emboss encode esd exif expat fam ffmpeg flac foomaticdb fortran gd gdbm gif gimpprint glibc-omitfp glut gmp gnome gpgme gstreamer gtk gtk2 gtkhtml icq idn imagemagick imap imlib ipv6 irc isdnlog jabber java javascript jpeg junit kde lcms ldap libg++ libwww live lua mad mbox mhash mikmod mmx mmxext mng motif mozilla mozsvg mp3 mpeg msn mysql ncurses nls nntp nptl nptlonly nsplugin ogg pam pascal pcre pdflib perl php png pop ppds pppd python qt quicktime readline real recode reflection rtc ruby sdl session slang smime spell spl sql sse ssl subversion tcltk tcpd tetex tga theora threads tiff truetype truetype-fonts type1-fonts udev unicode usb utf8 vcd vorbis win32codecs xine xml xml2 xorg xprint xvid zlib userland_GNU kernel_linux elibc_glibc" Unset: CTARGET, INSTALL_MASK, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTAGE_RSYNC_OPTS, PORTDIR_OVERLAY Created attachment 87709 [details]
Log detailing a bit when stuff breaks.
Using portage-2.1 (manually installed) I get some more info. When trying to emerge -d pax-utils I get the following error: myaction None myopts ['--debug'] Calculating dependencies Parent: None Depstring: app-misc/pax-utils Candidates: ['app-misc/pax-utils'] ebuild: app-misc/pax-utils-0.1.13 binpkg: None -Parent: ebuild / app-misc/pax-utils-0.1.13 merge Depstring: caps? ( sys-libs/libcap ) caps? ( sys-libs/libcap ) Exiting... None ... done! >>> Emerging (1 of 1) app-misc/pax-utils-0.1.13 to / !!! PORTAGE_WORKDIR_MODE is unset, using 0700. + dyn_clean + '[' -z /var/tmp/portage/pax-utils-0.1.13 ']' + type -p chflags + rm -rf /var/tmp/portage/pax-utils-0.1.13/image /var/tmp/portage/pax-utils-0.1.13/homedir + hasq keeptemp autoconfig distlocks sandbox sfperms strict + [[ autoconfig distlocks sandbox sfperms strict == *\ \k\e\e\p\t\e\m\p\ * ]] + rm -rf /var/tmp/portage/pax-utils-0.1.13/temp + hasq keepwork autoconfig distlocks sandbox sfperms strict + [[ autoconfig distlocks sandbox sfperms strict == *\ \k\e\e\p\w\o\r\k\ * ]] + rm -rf /var/tmp/portage/pax-utils-0.1.13/.unpacked + rm -rf /var/tmp/portage/pax-utils-0.1.13/.compiled + rm -rf /var/tmp/portage/pax-utils-0.1.13/.tested + rm -rf /var/tmp/portage/pax-utils-0.1.13/.installed + rm -rf /var/tmp/portage/pax-utils-0.1.13/.packaged + rm -rf /var/tmp/portage/pax-utils-0.1.13/build-info + rm -rf /var/tmp/portage/pax-utils-0.1.13/work + '[' -f /var/tmp/portage/pax-utils-0.1.13/.unpacked ']' + rm -rf /var/tmp/portage/pax-utils-0.1.13/distdir ++ find /var/tmp/portage/pax-utils-0.1.13 -mindepth 1 -maxdepth 1 + '[' -z '' ']' + rmdir /var/tmp/portage/pax-utils-0.1.13 + true + set +x !!! PORTAGE_WORKDIR_MODE is unset, using 0700. >>> checking ebuild checksums ;-) >>> checking auxfile checksums ;-) >>> checking miscfile checksums ;-) >>> checking pax-utils-0.1.13.tar.bz2 ;-) + dyn_setup ++ type -t pre_pkg_setup + '[' '' == function ']' + pkg_setup + return ++ type -t post_pkg_setup + '[' '' == function ']' + set +x Does this ring any bells with anyone? (In reply to comment #24) > Using portage-2.1 (manually installed) I get some more info. Why did you manually install it? For this bug, emerge is supposed to work when you have FEATURES="-sandbox". If that's not the case, then your problem is unrelated. (In reply to comment #25) > (In reply to comment #24) > > Using portage-2.1 (manually installed) I get some more info. > > Why did you manually install it? For this bug, emerge is supposed to work when > you have FEATURES="-sandbox". If that's not the case, then your problem is > unrelated. Depends on how you look at it. The summary states that the problem is when emerge just quits to prompt, which exactly is the problem. A problem where a work-a-round doesn't work. latest version should be OK ... at least, we wont get anywhere now |