During configure: checking for php-cgi... /usr/bin/php-cgi checking /usr/bin/php-cgi supports FastCGI... ACCESS DENIED open_wr: /usr/share/snmp/mibs/.index yes checking module "error_redir"... dynamic Later I got a sandbox violation warning: --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE = "/var/log/sandbox/sandbox-12650.log" open_wr: /usr/share/snmp/mibs/.index -------------------------------------------------------------------------------- Reproducible: Always Steps to Reproduce: 1. emerge -u cherokee 2. 3. Actual Results: sandbox access violation Expected Results: to update cherokee from 0.8.1 to 0.9.0 sandbox-12650.log attached
Created attachment 174975 [details] sandbox log
I tried every possible combination of USE flags etc. and I cannot reproduce. This bug needs deeper investigation. Please, also, paste the output of "equery belongs /usr/share/snmp" .( equery is part of app-portage/gentoolkit. )
(In reply to comment #2) > I tried every possible combination of USE flags etc. and I cannot reproduce. > This bug needs deeper investigation. Please, also, paste the output of "equery > belongs /usr/share/snmp" .( equery is part of app-portage/gentoolkit. ) > # equery belongs /usr/share/snmp [ Searching for file(s) /usr/share/snmp in *... ] net-analyzer/net-snmp-5.4.2.1 (/usr/share/snmp)
do you have this problem in 0.11.6 too?
(In reply to comment #4) > do you have this problem in 0.11.6 too? > 0.11.6 is not in portage.
try again, mirrors take some time to sync
(In reply to comment #6) > try again, mirrors take some time to sync > this bug is only reproducible with php-cgi installed. cherokee's configure script greps the output of php-cgi -v looking for fcgi. this generates a session_mm.fcgi file which breaks out of gentoo's sandboxing there are two possible solutions for this that i can see 1. addpredict for this session_mm file (luckily it doesn't contain random numbers) 2. patch out the detection and use a use flag to add php to the default config 3. patch out the detection and leave php in unconditionally
(In reply to comment #7) > (In reply to comment #6) > > try again, mirrors take some time to sync > > > > this bug is only reproducible with php-cgi installed. > reproducible for me that is :)
IMHO this bug is an exact dupe of 216346 - both involve php. comment #7 has good analysis i think...
the php portion of this bug is now fixed upstream I'd suggest that folks see if they still get any snmp errors after the next ebuild comes
if the new versino have this problem reopen the bug. thanks
> if the new versino have this problem reopen the bug. I have php-cgi 5.2.8-r2 installed and I am getting this error trying to install cherokee 0.99.9
reopen bug.
I had this bug again in cherokee-0.99.15 --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE "/var/log/sandbox/sandbox-31141.log" VERSION 1.0 FORMAT: F - Function called FORMAT: S - Access Status FORMAT: P - Path as passed to function FORMAT: A - Absolute Path (not canonical) FORMAT: R - Canonical Path FORMAT: C - Command Line F: open_wr S: deny P: /usr/share/snmp/mibs/.index A: /usr/share/snmp/mibs/.index R: /usr/share/snmp/mibs/.index C: /usr/bin/php-cgi -v -d session.save_path=/tmp -------------------------------------------------------------------------------- >>> Failed to emerge www-servers/cherokee-0.99.15, Log file: >>> '/var/tmp/portage/www-servers/cherokee-0.99.15/temp/build.log'
Created attachment 194432 [details] sandbox log
I can't reproduce this bug, try new version in portage 0.99.17
(In reply to comment #16) > I can't reproduce this bug, try new version in portage 0.99.17 > Cherokee-0.99-22 from portage appears to have this bug, but renaming it to the current 0.99.24 version works for me.
Here we go again with the same problem, I need to understand why it happens. >>> Source compiled. --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE "/var/log/sandbox/sandbox-30710.log" VERSION 1.0 FORMAT: F - Function called FORMAT: S - Access Status FORMAT: P - Path as passed to function FORMAT: A - Absolute Path (not canonical) FORMAT: R - Canonical Path FORMAT: C - Command Line F: open_wr S: deny P: /usr/share/snmp/mibs/.index A: /usr/share/snmp/mibs/.index R: /usr/share/snmp/mibs/.index C: /usr/bin/php-cgi -v -d session.save_path=/tmp -------------------------------------------------------------------------------- >>> Failed to emerge www-servers/cherokee-0.99.24, Log file: >>> '/var/tmp/portage/www-servers/cherokee-0.99.24/temp/build.log' This is how I try to install: # emerge --buildpkgonly '='cherokee-0.99.24 -pv These are the packages that would be built, in order: Calculating dependencies... done! [ebuild U ] www-servers/cherokee-0.99.24 [0.99.15] USE="admin fastcgi%* mysql nls%* pam ssl threads -coverpage -debug -ffmpeg -geoip -ipv6 -ldap -static" 0 kB Total: 1 package (1 upgrade), Size of downloads: 0 kB I'm not used to deal with sandbox, so I have no idea about how to solve this. Any clue is appreciated.
*** Bug 294771 has been marked as a duplicate of this bug. ***
# emerge -pv cherokee These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild U ] www-servers/cherokee-0.99.24 [0.99.15] USE="admin fastcgi%* mysql nls%* pam ssl threads -coverpage -debug -ffmpeg -geoip -ipv6 -ldap -static" 0 kB Total: 1 package (1 upgrade), Size of downloads: 0 kB
# emerge --info Portage 2.1.6.13 (default/linux/x86/10.0, gcc-4.3.4, glibc-2.9_p20081201-r2, 2.6.29-gentoo-r5 i686) ================================================================= System uname: Linux-2.6.29-gentoo-r5-i686-Pentium_III_-Coppermine-with-gentoo-1.12.13 Timestamp of tree: Fri, 27 Nov 2009 04:45:01 +0000 distcc 3.1 i686-pc-linux-gnu [enabled] app-shells/bash: 4.0_p28 dev-lang/python: 2.4.6, 2.5.4-r3, 2.6.2-r1 dev-python/pycrypto: 2.0.1-r8 sys-apps/baselayout: 1.12.13 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.63-r1 sys-devel/automake: 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium3 -O2 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-march=pentium3 -O2 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="distcc distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://gentoo.mirror.dkm.cz/pub/gentoo/ http://mirror.switch.ch/ftp/mirror/gentoo/ http://mirror.qubenet.net/mirror/gentoo/ http://gentoo-euetib.upc.es/mirror/gentoo/" LDFLAGS="-Wl,-O1" MAKEOPTS="-j6" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" Portage 2.1.6.13 (default/linux/x86/10.0, gcc-4.3.4, glibc-2.9_p20081201-r2, 2.6 .29-gentoo-r5 i686) ================================================================= System uname: Linux-2.6.29-gentoo-r5-i686-Pentium_III_-Coppermine-with-gentoo-1. 12.13 Timestamp of tree: Fri, 27 Nov 2009 04:45:01 +0000 distcc 3.1 i686-pc-linux-gnu [enabled] app-shells/bash: 4.0_p28 dev-lang/python: 2.4.6, 2.5.4-r3, 2.6.2-r1 dev-python/pycrypto: 2.0.1-r8 sys-apps/baselayout: 1.12.13 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.63-r1 sys-devel/automake: 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium3 -O2 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc"
Created attachment 211337 [details] strace -o php-cgi-strace.txt php-cgi -v -d session.save=/tmp I attached a "php-cgi -v -d session.save=/tmp" strace. This is the command run by configure. Sandbox says that this command accesses to /usr/share/mibs/.index to write. But as I see in strace it just accesses with O_RDONLY.
I could install cherokee-0.9.24 with no fastcgi USE flag. It is a workaround but It would be emerged with fastcgi support if we need this.
Yay. --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE "/var/log/sandbox/sandbox-22716.log" VERSION 1.0 FORMAT: F - Function called FORMAT: S - Access Status FORMAT: P - Path as passed to function FORMAT: A - Absolute Path (not canonical) FORMAT: R - Canonical Path FORMAT: C - Command Line F: open_wr S: deny P: /usr/share/snmp/mibs/.index A: /usr/share/snmp/mibs/.index R: /usr/share/snmp/mibs/.index C: /usr/bin/php-cgi -v -d session.save_path=/tmp --------------------------------------------------------------------------------
Sanbox violation the same as above, with newer version of cherokee. >>> Source compiled. --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE "/var/log/sandbox/sandbox-22261.log" VERSION 1.0 FORMAT: F - Function called FORMAT: S - Access Status FORMAT: P - Path as passed to function FORMAT: A - Absolute Path (not canonical) FORMAT: R - Canonical Path FORMAT: C - Command Line F: open_wr S: deny P: /usr/share/snmp/mibs/.index A: /usr/share/snmp/mibs/.index R: /usr/share/snmp/mibs/.index C: /usr/bin/php-cgi -v -d session.save_path=/tmp -------------------------------------------------------------------------------- >>> Failed to emerge www-servers/cherokee-0.99.42, Log file:
>>> Source compiled. --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE "/var/log/sandbox/sandbox-9041.log" VERSION 1.0 FORMAT: F - Function called FORMAT: S - Access Status FORMAT: P - Path as passed to function FORMAT: A - Absolute Path (not canonical) FORMAT: R - Canonical Path FORMAT: C - Command Line F: open_wr S: deny P: /usr/share/snmp/mibs/.index A: /usr/share/snmp/mibs/.index R: /usr/share/snmp/mibs/.index C: /usr/bin/php-cgi -v -d session.save_path=/tmp -------------------------------------------------------------------------------- >>> Failed to emerge www-servers/cherokee-0.99.44, Log file: >>> '/var/lib/entropy/logs/www-servers:cherokee-0.99.44:20100424-080110.log'
Try to deactivate fastcgi USE flag for cherokee. (In reply to comment #26) > >>> Source compiled. > --------------------------- ACCESS VIOLATION SUMMARY > --------------------------- > LOG FILE "/var/log/sandbox/sandbox-9041.log" > > VERSION 1.0 > FORMAT: F - Function called > FORMAT: S - Access Status > FORMAT: P - Path as passed to function > FORMAT: A - Absolute Path (not canonical) > FORMAT: R - Canonical Path > FORMAT: C - Command Line > > F: open_wr > S: deny > P: /usr/share/snmp/mibs/.index > A: /usr/share/snmp/mibs/.index > R: /usr/share/snmp/mibs/.index > C: /usr/bin/php-cgi -v -d session.save_path=/tmp > -------------------------------------------------------------------------------- > > >>> Failed to emerge www-servers/cherokee-0.99.44, Log file: > > >>> '/var/lib/entropy/logs/www-servers:cherokee-0.99.44:20100424-080110.log' >
removing fastcgi had no impact for me on 1.0.5. It seems from what I can tell that unrelated to fastcgi use flag, the cherokee script will call php to see if its fastcgi compatible? Doesn't really make sense to me but I had remove snmp support from php to get it updated.
Maybe php herd can help on this. :)
(In reply to comment #29) > Maybe php herd can help on this. :) > This is a general issue with binaries linking to snmp. We had to add an "addpredict /usr/share/snmp/mibs/.index" to the PHP ebuilds because of this. You can see more details in bug 324739.
*** Bug 356911 has been marked as a duplicate of this bug. ***
It is not much that can be done about this from the PHP side. The only solution I know of to this problem is to use addpredict. Sorry.
I'm the person who opened Bug 356911 The solution which worked for me: change the session directory from /tmp to /dev/shm by adding (or changing) the following line: session.save_path = "/dev/shm" It should also make sessions go much faster if you have enough memory available. Good luck :)
*** This bug has been marked as a duplicate of bug 249496 ***
This bug affected me after emerging cherokee-1.2.1 I emerged it once with no problems. I emerged PHP afterward.. no problems. For unrelated purposes, I unmerged cherokee and then attempted to emerge it again, and the above problem occured. Comment #5 was a good workaround for me.
*** Bug 394593 has been marked as a duplicate of this bug. ***
