Bug 832188

Summary:	app-containers/cosign-1.5.0 sandbox violation: ACCESS DENIED: fopen_wr: /dev/stderr
Product:	Gentoo Linux	Reporter:	Agostino Sarubbo <ago>
Component:	Current packages	Assignee:	William Hubbs <williamh>
Status:	RESOLVED FIXED
Severity:	normal	CC:	vapier
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	build.log.xz

Description Agostino Sarubbo gentoo-dev

2022-01-28 08:54:14 UTC

https://blogs.gentoo.org/ago/2020/07/04/gentoo-tinderbox/

Issue: app-containers/cosign-1.5.0 sandbox violation.
Discovered on: amd64 (internal ref: ci)

Comment 1 Agostino Sarubbo gentoo-dev

2022-01-28 08:54:17 UTC

Created attachment 763781 [details]
build.log.xz

build log and emerge --info (compressed because it exceeds attachment limit, use 'xzless' to read it)

Comment 2 Agostino Sarubbo gentoo-dev

2022-01-28 08:54:18 UTC

Error(s) that match a know pattern:


/bin/sh: line 1: goimports: command not found
fatal: not a git repository (or any parent up to mount point /var/tmp)

Comment 3 William Hubbs gentoo-dev

2022-02-05 21:09:34 UTC

This works for me with stable sandbox, so I imagine it is an issue with
the version of sandbox you are using.
I'm assigning this to the sandbox maintainers.

Comment 4 SpanKY gentoo-dev

2022-02-06 23:03:10 UTC

make sure your system has a valid /dev/stderr and it's a symlink to a fd/ path (which should also exist under /dev/)

Comment 5 Agostino Sarubbo gentoo-dev

2022-02-07 07:37:59 UTC

chroot comes with dev mounted like:

mount -o bind /dev "${CHROOT_DIR}"/dev

so in the chroot I have:


$ ls /dev/stderr -la
lrwxrwxrwx 1 root root 15 Dec  3 13:03 /dev/stderr -> /proc/self/fd/2

Comment 6 William Hubbs gentoo-dev

2022-03-19 22:55:14 UTC

This version has been removed from the tree,
Also, I am closing due to lack of activity.