Created attachment 254433 [details]
sandbox violation

Comment 2 Gilles Dartiguelongue (RETIRED) 2010-11-15 22:02:18 UTC

I'm afraid this is an issue limited to your installation or we would have had tons of bug reports already.
Is there anything particular in your setup that is not represented in emerge --info ?

(In reply to comment #2)
> I'm afraid this is an issue limited to your installation or we would have had
> tons of bug reports already.
> Is there anything particular in your setup that is not represented in emerge
> --info ?
> 

Nothing peculiar, aside gentoo packages are built with the portage user.

It is declared,
portage:x:250:250:portage:/usr/portage:/bin/false

/usr/portage is portage home directory as expected. If addwrite /root/.gnome2 is needed when a package is compiled with the user root it seems quite logic to care about /usr/portage when using the user portage. 

I didn't have that issue before and the make.conf file didn't changed till now.
gnome-extra/deskbar-applet-2.30 has compiled well. Also version 2.32 is still masked.

Here are the overlays I use,

layman -l
* gamerlay                  [Git       ] (git://git.o.g.o/proj/gamerlay.git    )
* gnome                     [Git       ] (git://git.o.g.o/proj/gnome.git       )
* science                   [Git       ] (git://git.o.g.o/proj/sci.git         )
* sunrise                   [Subversion] (svn://o.g.o/proj/sunrise/reviewed/   )
* x11                       [Git       ] (git://git.o.g.o/proj/x11  

Comment 4 Pacho Ramos 2011-01-27 14:13:09 UTC

Is this still valid for you?

(In reply to comment #4)
> Is this still valid for you?
> 
unfortunately yes.

gnome-extra/deskbar-applet-2.32.0  USE="spell -eds"

LOG FILE "/var/log/sandbox/sandbox-28187.log"

VERSION 1.0
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line

F: mkdir
S: deny
P: /usr/portage/.gnome2
A: /usr/portage/.gnome2
R: /usr/portage/.gnome2
C: /usr/bin/python2.7 -c 
import sys
try:
        import gnomedesktop
except ImportError:
        sys.exit(1)
except:
        sys.exit(0)
sys.exit(0) 

# emerge --info
Portage 2.2.0_alpha19 (default/linux/amd64/10.0, gcc-4.5.2, glibc-2.12.2-r0, 2.6.37-radeon x86_64)
=================================================================
System uname: Linux-2.6.37-radeon-x86_64-AMD_Phenom-tm-_9950_Quad-Core_Processor-with-gentoo-1.12.14
Timestamp of tree: Wed, 26 Jan 2011 15:45:04 +0000
distcc 3.1 x86_64-pc-linux-gnu [enabled]
app-shells/bash:     4.1_p9
dev-java/java-config: 2.1.11-r3
dev-lang/python:     2.7.1, 3.1.3
dev-util/cmake:      2.8.3-r1
sys-apps/baselayout: 1.12.14
sys-apps/sandbox:    2.4
sys-devel/autoconf:  2.13, 2.68
sys-devel/automake:  1.9.6-r3, 1.10.3, 1.11.1
sys-devel/binutils:  2.21
sys-devel/gcc:       4.5.2
sys-devel/gcc-config: 1.5
sys-devel/libtool:   2.4-r1
sys-devel/make:      3.82
virtual/os-headers:  2.6.36.1 (sys-kernel/linux-headers)
Repositories: gentoo local
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="-bakoma @ACCEPTED-LICENSE"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=barcelona -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /etc/splash/livecd-2007.0/1280x1024.cfg /lib/rcscripts/addons /sbin/rc /sbin/splash-functions-bl1.sh /sbin/splash-functions.sh /usr/local/share/cursors/xorg-x11/default/index.theme /usr/share/hddtemp/hddtemp.db /usr/src/linux/.config /var/bind /var/lib/hsqldb /var/spool/dspam/txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=barcelona -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--jobs=8 --load-average=20.0 --with-bdeps y"
FEATURES="assume-digests binpkg-logs collision-protect compress-build-logs distcc distlocks fixlafiles fixpackages news parallel-fetch preserve-libs protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox"
FFLAGS=""
GENTOO_MIRRORS="rsync://192.168.1.13/gentoo-portage rsync://192.168.1.14/gentoo-portage rsync://192.168.1.14/local-ro ftp://ftp.free.fr/mirrors/ftp.gentoo.org/ ftp://mirror.ovh.net/gentoo-distfiles"
LANG="fr_FR.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-O1 -Wl,--as-needed -Wl,-O1 -Wl,--as-needed"
LINGUAS="fr"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext acl amd64 avahi bindist bzip2 caps cli cracklib crypt cups cxx dbus dri expat gdbm gmp gpm iconv idn ipv6 ithreads jpeg2k latex logrotate maildir mmx mmxext modules mudflap multilib ncurses nls nptl nptlonly ogg openmp pam pcre perl postgres pppd pulseaudio python readline session sse sse2 ssl ssse3 sysfs tcpd threads udev unicode userlocales vorbis xattr xinetd xorg xulrunner zlib" ALSA_CARDS="hda-intel usb-audio virmidi" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="cgid actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="worker" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" DVB_CARDS="usb-wt220u" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev wacom" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="fr" LIRC_DEVICES="devinput userspace" PHP_TARGETS="php5-3" QEMU_SOFTMMU_TARGETS="i386 x86_64" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="radeon" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

Comment 7 Gilles Dartiguelongue (RETIRED) 2011-01-27 16:04:36 UTC

strace -e open python2.7 ./coin.py where coin.py contains the code pasted here does not raise anything for .gnome2 :(

Comment 8 Pacho Ramos 2011-01-27 17:24:55 UTC

Maybe "env" output could be interesting :-/

(In reply to comment #8)
> Maybe "env" output could be interesting :-/
> 

# su - portage
snowman etc # env
MANPATH=:/etc/java-config-2/current-system-vm/man:/usr/local/share/man:/usr/share/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.21/man:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.5.2/man:/etc/java-config/system-vm/man/:/usr/lib64/php5.3/man/:/usr/share/postgresql-9.0/man:/usr/lib64/erlang/man
CSF_XmlOcafResource=/opt/opencascade-6.3/ros/lin/src/XmlOcafResource
SVN_HOTBACKUP_BACKUPS_NUMBER=2
FLASH_PULSEDEBUG=1
CSF_StandardDefaults=/opt/opencascade-6.3/ros/lin/src/StdResource
SHELL=/bin/bash
TERM=xterm
TMPDIR=/tmp/.private/root
CSF_XSMessage=/opt/opencascade-6.3/ros/lin/src/XSMessage
DONT_MOUNT_BOOT=1
TK_LIBRARY=/usr/lib64/tk8.5
TIX_LIBRARY=/usr/lib64/tix8.4
SDL_CDROM=/dev/cdrom:/dev/cdrom1
OLDPWD=/root
ANT_HOME=/usr/share/ant
SGML_CATALOG_FILES=/etc/sgml/sgml-docbook-4.5.cat:/etc/sgml/sgml-docbook-4.2.cat:/etc/sgml/xml-docbook-4.4.cat:/etc/sgml/xml-docbook-4.5.cat:/etc/sgml/sgml-lite.cat:/etc/sgml/sgml-docbook-4.1.cat:/etc/sgml/sgml-ent.cat:/etc/sgml/openjade-1.3.2.cat:/etc/sgml/sgml-docbook-4.0.cat:/etc/sgml/xml-simple-docbook-4.1.2.4.cat:/etc/sgml/xml-docbook-4.3.cat:/etc/sgml/sgml-docbook.cat:/etc/sgml/sgml-docbook-3.0.cat:/etc/sgml/dsssl-docbook-stylesheets.cat:/etc/sgml/xml-docbook-4.2.cat:/etc/sgml/xml-simple-docbook-1.0.cat:/etc/sgml/xml-docbook-4.1.2.cat:/etc/sgml/sgml-docbook-3.1.cat
SDL_VIDEODRIVER=x11
USER=root
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.pdf=00;32:*.ps=00;32:*.txt=00;32:*.patch=00;32:*.diff=00;32:*.log=00;32:*.tex=00;32:*.doc=00;32:*.aac=00;36:*.au=00;36:*.flac=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.axa=00;36:*.oga=00;36:*.spx=00;36:*.xspf=00;36:
PRELINK_PATH_MASK=/usr/lib64/libfreebl3.so:/usr/lib64/libnssdbm3.so:/usr/lib64/libsoftokn3.so
CSF_StandardLiteDefaults=/opt/opencascade-6.3/ros/lin/src/StdResource
GUILE_LOAD_PATH=/usr/share/guile/1.8
GDK_USE_XFT=1
CASROOT=/opt/opencascade-6.3/ros/lin
TCL_LIBRARY=/usr/lib64/tcl8.5
FLASH_FORCE_PULSEAUDIO=1
CSF_MDTVFontDirectory=/opt/opencascade-6.3/ros/lin/src/FontMFT
CSF_UnitsDefinition=/opt/opencascade-6.3/ros/lin/src/UnitsAPI/Units.dat
PAGER=/usr/bin/vimpager
CONFIG_PROTECT_MASK=/etc/sandbox.d /etc/env.d/java/ /etc/php/cli-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/apache2-php5.3/ext-active/ /etc/fonts/fonts.conf /etc/gconf /etc/terminfo /etc/eselect/postgresql /etc/ca-certificates.conf /etc/texmf/web2c /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/revdep-rebuild
XDG_CONFIG_DIRS=/etc/xdg
FLTK_DOCDIR=/usr/share/doc/fltk-2.0_pre6970-r1/html
CSF_STEPDefaults=/opt/opencascade-6.3/ros/lin/src/XSTEPResource
MMGT_CLEAR=1
CSF_IGESDefaults=/opt/opencascade-6.3/ros/lin/src/XSTEPResource
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.5.2
HG=/usr/bin/hg
CD_ROOT=/media/UT2004_DVD
TCLHOME=/usr/bin
DISTCC_LOG=
PWD=/etc
JAVA_HOME=/etc/java-config-2/current-system-vm
SDL_VIDEO_X11_DGAMOUSE=0
LIBXCB_ALLOW_SLOPPY_LOCK=1
CSF_GraphicShr=/opt/opencascade-6.3/ros/lin/lib64/libTKOpenGl.so
JAVAC=/etc/java-config-2/current-system-vm/bin/javac
TCLLIBPATH=/usr/lib64
EDITOR=/usr/bin/vim
CSF_EXCEPTION_PROMPT=1
QUICKPKG_DEFAULT_OPTS=--include-config=y --include-unmodified-config=y
LANG=fr_FR.UTF-8
CSF_PluginDefaults=/opt/opencascade-6.3/ros/lin/src/StdResource
GSETTINGS_BACKEND=gconf
TZ=Europe/Paris
FLASH_AUDIODEBUG=1
DISTCC_VERBOSE=0
DCCC_PATH=/usr/lib64/distcc/bin
CSF_LANGUAGE=us
TEXINPUTS=/usr/lib64/ocaml/ocamldoc:
JDK_HOME=/etc/java-config-2/current-system-vm
SHLVL=1
HOME=/root
SDL_AUDIODRIVER=pulse
LANGUAGE=fr:en
JAVACC_HOME=/usr/share/javacc/
CSF_UnitsLexicon=/opt/opencascade-6.3/ros/lin/src/UnitsAPI/Lexi_Expr.dat
SCHEME_LIBRARY_PATH=/usr/share/slib/
LESS=-R -M --shift 5
LOGNAME=root
TMP=/tmp/.private/root
GCC_SPECS=
CVS_RSH=ssh
XDG_DATA_DIRS=/usr/local/share:/usr/share:/usr/share/games:/usr/share/gdm
LESSOPEN=|lesspipe.sh %s
CSF_XCAFDefaults=/opt/opencascade-6.3/ros/lin/src/StdResource
BROWSER=firefox:icecat
INFOPATH=/usr/share/info:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.21/info:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.5.2/info
DISPLAY=:0.0
USB_DEVFS_PATH=/dev/bus/usb
RUBYOPT=-rauto_gem
OPENGL_PROFILE=xorg-x11
LADSPA_PATH=/usr/lib64/ladspa
CSF_MDTVTexturesDirectory=/opt/opencascade-6.3/ros/lin/src/Textures
XSESSION=Gnome
SANE_CONFIG_DIR=/etc/sane.d
LC_TIME=fr_FR.UTF-8
ITK_LIBRARY=/usr/lib64/itk3.4
ITCL_LIBRARY=/usr/lib64/itcl3.4
CONFIG_PROTECT=/var/bind /var/lib/hsqldb /var/spool/dspam/txt /sbin/rc /usr/share/hddtemp/hddtemp.db /etc/splash/livecd-2007.0/1280x1024.cfg /usr/local/share/cursors/xorg-x11/default/index.theme /usr/src/linux/.config /lib/rcscripts/addons /sbin/splash-functions.sh /sbin/splash-functions-bl1.sh
CSF_SHMessage=/opt/opencascade-6.3/ros/lin/src/SHMessage
XAUTHORITY=/root/.xauthdGEe88
COLORTERM=gnome-terminal
_=/usr/bin/env

Created attachment 260923 [details]
portage user set output

(In reply to comment #10)
> Created an attachment (id=260923) [details]
> portage user set output
> 

I seed differences between a shell /bin/bash and /bin/false for portage user but nothing relevant.
The shell was in interactive mode.

# diff -ruN /var/tmp/set-with-bash.output /tmp/set.output 
--- /var/tmp/toto	2011-01-28 14:35:43.284055893 +0100
+++ /tmp/set.output	2011-01-28 14:29:57.976915892 +0100
@@ -1,6 +1,6 @@
 ANT_HOME=/usr/share/ant
 BASH=/bin/bash
-BASHOPTS=checkwinsize:cmdhist:expand_aliases:extglob:extquote:force_fignore:histappend:interactive_comments:login_shell:progcomp:promptvars:sourcepath
+BASHOPTS=cdspell:checkwinsize:cmdhist:expand_aliases:extglob:extquote:force_fignore:histappend:interactive_comments:login_shell:progcomp:promptvars:sourcepath
 BASH_ALIASES=()
 BASH_ARGC=()
 BASH_ARGV=()
@@ -12,7 +12,9 @@
 BASH_SOURCE=()
 BASH_VERSINFO=([0]="4" [1]="1" [2]="9" [3]="2" [4]="release" [5]="x86_64-pc-linux-gnu")
 BASH_VERSION='4.1.9(2)-release'
+BROWSER=firefox:icecat
 CASROOT=/opt/opencascade-6.3/ros/lin
+CD_ROOT=/media/UT2004_DVD
 COLORTERM=gnome-terminal
 COLUMNS=80
 COMP_WORDBREAKS=$' \t\n"\'@><=;|&(:'
@@ -42,7 +44,7 @@
 DISTCC_VERBOSE=0
 DONT_MOUNT_BOOT=1
 EDITOR=/usr/bin/vim
-EUID=250
+EUID=0
 FLASH_AUDIODEBUG=1
 FLASH_FORCE_PULSEAUDIO=1
 FLASH_PULSEDEBUG=1
@@ -53,10 +55,10 @@
 GSETTINGS_BACKEND=gconf
 GUILE_LOAD_PATH=/usr/share/guile/1.8
 HG=/usr/bin/hg
-HISTFILE=/usr/portage/.bash_history
+HISTFILE=/root/.bash_history
 HISTFILESIZE=500
 HISTSIZE=500
-HOME=/usr/portage
+HOME=/root
 HOSTNAME=snowman
 HOSTTYPE=x86_64
 IFS=$' \t\n'
@@ -74,31 +76,33 @@
 LESS='-R -M --shift 5'
 LESSOPEN='|lesspipe.sh %s'
 LIBXCB_ALLOW_SLOPPY_LOCK=1
-LINES=44
-LOGNAME=portage
+LINES=24
+LOGNAME=root
 LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.pdf=00;32:*.ps=00;32:*.txt=00;32:*.patch=00;32:*.diff=00;32:*.log=00;32:*.tex=00;32:*.doc=00;32:*.aac=00;36:*.au=00;36:*.flac=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.axa=00;36:*.oga=00;36:*.spx=00;36:*.xspf=00;36:'
 MACHTYPE=x86_64-pc-linux-gnu
 MAILCHECK=60
-MANPATH=/etc/java-config-2/current-system-vm/man:/usr/local/share/man:/usr/share/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.21/man:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.5.2/man:/etc/java-config/system-vm/man/:/usr/lib64/php5.3/man/:/usr/share/postgresql-9.0/man:/usr/lib64/erlang/man
+MANPATH=:/etc/java-config-2/current-system-vm/man:/usr/local/share/man:/usr/share/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.21/man:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.5.2/man:/etc/java-config/system-vm/man/:/usr/lib64/php5.3/man/:/usr/share/postgresql-9.0/man:/usr/lib64/erlang/man
 MMGT_CLEAR=1
+OLDPWD=/root
 OPENGL_PROFILE=xorg-x11
 OPTERR=1
 OPTIND=1
 OSTYPE=linux-gnu
-PAGER=/usr/bin/less
-PATH=/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.5.2:/opt/opencascade-6.3/ros/lin/bin:/usr/games/bin
-PIPESTATUS=([0]="1")
-PPID=3582
+PAGER=/usr/bin/vimpager
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.5.2
+PIPESTATUS=([0]="0")
+PPID=2016
 PRELINK_PATH_MASK=/usr/lib64/libfreebl3.so:/usr/lib64/libnssdbm3.so:/usr/lib64/libsoftokn3.so
 PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/$HOME/~}\007"'
-PS1='\[\033[01;32m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] '
+PS1='\[\033[01;31m\]\h\[\033[01;34m\] \W \$\[\033[00m\] '
 PS2='> '
 PS4='+ '
-PWD=/usr/portage
+PWD=/etc
 QUICKPKG_DEFAULT_OPTS='--include-config=y --include-unmodified-config=y'
 RUBYOPT=-rauto_gem
 SANE_CONFIG_DIR=/etc/sane.d
 SCHEME_LIBRARY_PATH=/usr/share/slib/
+SDL_AUDIODRIVER=pulse
 SDL_CDROM=/dev/cdrom:/dev/cdrom1
 SDL_VIDEODRIVER=x11
 SDL_VIDEO_X11_DGAMOUSE=0
@@ -114,13 +118,13 @@
 TEXINPUTS=/usr/lib64/ocaml/ocamldoc:
 TIX_LIBRARY=/usr/lib64/tix8.4
 TK_LIBRARY=/usr/lib64/tk8.5
-TMP=/tmp/.private/portage
-TMPDIR=/tmp/.private/portage
+TMP=/tmp/.private/root
+TMPDIR=/tmp/.private/root
 TZ=Europe/Paris
-UID=250
+UID=0
 USB_DEVFS_PATH=/dev/bus/usb
-USER=portage
-XAUTHORITY=/root/.xauth24SRHh
+USER=root
+XAUTHORITY=/root/.xauthdGEe88
 XDG_CONFIG_DIRS=/etc/xdg
 XDG_DATA_DIRS=/usr/local/share:/usr/share:/usr/share/games:/usr/share/gdm
 XSESSION=Gnome
@@ -5366,6 +5370,57 @@
 { 
     eval echo "$1" 2> /dev/null
 }
+emerge_wrapper () 
+{ 
+    local locker='/var/lock/LCK..esync';
+    if ( set -C;
+    exec 2>&-;
+    : > ${locker} ); then
+        command emerge $*;
+        rm -i -f ${locker};
+    else
+        echo "ERROR: locker ${locker} is set";
+    fi
+}
+oemerge () 
+{ 
+    local extra="$(overlay '/usr/local/portage/extra')";
+    local layman="$(overlay '/var/lib/layman')";
+    PORTDIR_OVERLAY="$PORTDIR_OVERLAY ${layman} ${extra} /usr/local/portage";
+    export PORTDIR_OVERLAY;
+    emerge_wrapper $*
+}
+overlay () 
+{ 
+    local overlay;
+    find $* -mindepth 1 -maxdepth 2 -type d -name "profiles" | while read overlay; do
+        echo ${overlay%profiles};
+    done
+}
+oworld () 
+{ 
+    local extra="$(overlay '/usr/local/portage/extra')";
+    local layman="$(overlay '/var/lib/layman')";
+    PORTDIR_OVERLAY="$PORTDIR_OVERLAY /usr/local/portage ${layman} ${extra}";
+    export PORTDIR_OVERLAY;
+    emerge_wrapper -uDvabN @world
+}
+pumpoff () 
+{ 
+    command pump --shutdown;
+    local cnt=5;
+    until [ x${PATH} = x${PATH#${DCCC_PATH}} -o ${cnt} -eq 0 ]; do
+        PATH=${PATH#${DCCC_PATH}:};
+        let cnt--;
+    done;
+    export PATH
+}
+pumpon () 
+{ 
+    [ x${PATH} = x${PATH#${DCCC_PATH}} ] || return 1;
+    echo 'pump mode on';
+    eval $(command pump --startup)
+}
 quote () 
 { 
     echo \'${1//\'/\'\\\'\'}\'
~ # 

Comment 12 Pacho Ramos 2011-02-24 17:55:57 UTC

Gnome 2.32 was fully stabilized on amd64, could you retry on an updated system? If still failing, I would try to stop building packages as "portage" with that HOME and use defaults instead to confirm if it's the real problem

Comment 13 Pacho Ramos 2011-03-11 21:37:40 UTC

(In reply to comment #12)
> Gnome 2.32 was fully stabilized on amd64, could you retry on an updated system?
> If still failing, I would try to stop building packages as "portage" with that
> HOME and use defaults instead to confirm if it's the real problem

(In reply to comment #12)
> Gnome 2.32 was fully stabilized on amd64, could you retry on an updated system?
> If still failing, I would try to stop building packages as "portage" with that
> HOME and use defaults instead to confirm if it's the real problem

I don't use portage directly but through usersandbox feature.

without  usersandbox it works as expected, but without feature usersandbox activated emerge fails.

FEATURES='-usersandbox sandbox' emerge -av =gnome-extra/deskbar-applet-2.32.0
is ok, ...

# emerge -av =gnome-extra/deskbar-applet-2.32.0 is not.
>>> Source configured.
--------------------------- ACCESS VIOLATION SUMMARY ---------------------------
LOG FILE "/var/log/sandbox/sandbox-23701.log"

VERSION 1.0
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line

F: mkdir
S: deny
P: /usr/portage/.gnome2
A: /usr/portage/.gnome2
R: /usr/portage/.gnome2
C: /usr/bin/python2.7 -c 
import sys
try:
        import gnomedesktop
except ImportError:
        sys.exit(1)
except:
        sys.exit(0)
sys.exit(0)

(In reply to comment #14)

> without  usersandbox it works as expected, but without feature usersandbox
> activated emerge fails.

typo

without  usersandbox it works as expected.
With usersandbox feature emerge fails.

Comment 16 Pacho Ramos 2011-03-14 21:16:22 UTC

OK, looks like something related with "usersandbox" and "python" as I can see in all provided sandbox logs

Comment 17 Zac Medico 2011-03-14 21:34:13 UTC

(In reply to comment #3)
> Nothing peculiar, aside gentoo packages are built with the portage user.
> 
> It is declared,
> portage:x:250:250:portage:/usr/portage:/bin/false
> 
> /usr/portage is portage home directory as expected.

Well, the default home directory for the portage user is supposed to be /var/tmp/portage, so that explains the difference. In ebuild.sh, portage explicitly calls addwrite "${PORTAGE_TMPDIR}", so users with default settings won't experience this bug.

Comment 18 Zac Medico 2011-03-14 21:46:16 UTC

After seeing bug #128289, comment #22, I looked up the relevant gnome-base/gnome-vfs-2.24.4 code in libgnomevfs/gnome-vfs-init.c:

  dirname = g_build_filename (g_get_home_dir (), ".gnome2", NULL);

Then I looked up that g_get_home_dir function:

  http://library.gnome.org/devel/glib/unstable/glib-Miscellaneous-Utility-Functions.html#g-get-home-dir

The documentation suggests a usage like this:

  const char *homedir = g_getenv ("HOME");
   if (!homedir)
      homedir = g_get_home_dir ();

So, it seems like gnome-vfs might be slightly misusing the function, since it fails to check the HOME environment variable before falling back to the g_get_home_dir function.

Comment 19 Gilles Dartiguelongue (RETIRED) 2011-03-15 11:28:38 UTC

gnome-vfs is patched with http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/gnome-base/gnome-vfs/files/gnome-vfs-2.24.4-home_dir_fakeroot.patch?view=markup.

Note that g_get_homedir function is ignoring $HOME on purpose. It caused us some headaches already with gtk+ and pygtk testsuite. portage default home dir should really be left to default if it has been altered by the user as it seems to be the case here.

I would close this bug as invalid then.

(In reply to comment #19)
> gnome-vfs is patched with
> http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/gnome-base/gnome-vfs/files/gnome-vfs-2.24.4-home_dir_fakeroot.patch?view=markup.
> 
> Note that g_get_homedir function is ignoring $HOME on purpose. It caused us
> some headaches already with gtk+ and pygtk testsuite. portage default home dir
> should really be left to default if it has been altered by the user as it seems
> to be the case here.
> 
> I would close this bug as invalid then.

PORTDIR _IS_ the default as stated in make.conf manual and in /etc/passwd file: /usr/portage. I didn't modify it.
It is PORTDIR_OVERLAY that has been changed and 
PORTDIR_OVERLAY='' emerge -av =gnome-extra/deskbar-applet-2.32.0
fails too.

I assume usersandbox has set it to /usr/portage.

Have I missed something ?

(In reply to comment #19)
> gnome-vfs is patched with
> http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/gnome-base/gnome-vfs/files/gnome-vfs-2.24.4-home_dir_fakeroot.patch?view=markup.
> 
> Note that g_get_homedir function is ignoring $HOME on purpose. It caused us
> some headaches already with gtk+ and pygtk testsuite. portage default home dir
> should really be left to default if it has been altered by the user as it seems
> to be the case here.
> 
> I would close this bug as invalid then.

I have it... I guess

emerge -av =gnome-extra/deskbar-applet-2.32. = no go

emerge -d -av =gnome-extra/deskbar-applet-2.32 = ok <--- surprising !

/usr/portage/.gnome2 has been created !!

emerge -C =gnome-extra/deskbar-applet-2.32
emerge -av =gnome-extra/deskbar-applet-2.32 = ok

and
rm /usr/portage/.gnome2
emerge -av =gnome-extra/deskbar-applet-2.32. = fails again

A missing /usr/portage/.gnome2 makes the lot fail

Also emerge in debug mode does create /usr/portage/.gnome2 but not emerge in default mode.

Comment 22 Zac Medico 2011-03-15 20:28:13 UTC

(In reply to comment #20)
> PORTDIR _IS_ the default as stated in make.conf manual and in /etc/passwd file:
> /usr/portage. I didn't modify it.

Parallel universe? I don't see any reference to that in make.conf docs, and all the default /etc/passwd files that I've seen refer to /var/tmp/portage rather than /usr/portage.

(In reply to comment #19)
> gnome-vfs is patched with
> http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/gnome-base/gnome-vfs/files/gnome-vfs-2.24.4-home_dir_fakeroot.patch?view=markup.
> 
> Note that g_get_homedir function is ignoring $HOME on purpose. It caused us
> some headaches already with gtk+ and pygtk testsuite. portage default home dir
> should really be left to default if it has been altered by the user as it seems
> to be the case here.

I'd guess that it would be lot cleaner to make those testsuites work with the current $HOME setting. Shrug :)

> I would close this bug as invalid then.

Barring use of $HOME, it would be safer to do a real query of /etc/passwd rather than hardcode /root/.gnome2 in the eclass. For example, you could query it with python like this:

python -c 'import os, sys, pwd ; sys.stdout.write(pwd.getpwuid(os.getuid()).pw_dir)'

(In reply to comment #22)
> (In reply to comment #20)
> > PORTDIR _IS_ the default as stated in make.conf manual and in /etc/passwd file:
> > /usr/portage. I didn't modify it.
> 
> Parallel universe? I don't see any reference to that in make.conf docs, and all

I'm certainly in the twilight zone :)

man make.conf

      PORTDIR = [path]
          Defines  the  location  of  the Portage tree. This is the
          repository for all profile information  as  well  as  all
          ebuilds.  If  you  change  this,  you  must  update  your
          /etc/make.profile symlink accordingly.
          Defaults to /usr/portage.
                      ^^^^^^^^^^^^
> the default /etc/passwd files that I've seen refer to /var/tmp/portage rather
> than /usr/portage.
> 

Sorry I missed this one. I have changed it for a while because of the PORDIR default statement I read in the man page.

As for security concerns, /var/tmp/portage alias $PORTAGE_TMPDIR doesn't always exist in a system. /var/tmp is often declared as a tmpfs filesystem.

Also pwck complains if $HOME is declared in /etc/passwd but does not exist.

> Barring use of $HOME, it would be safer to do a real query of /etc/passwd
> rather than hardcode /root/.gnome2 in the eclass. For example, you could query
> it with python like this:
> 
> python -c 'import os, sys, pwd ;
> sys.stdout.write(pwd.getpwuid(os.getuid()).pw_dir)'

That would be great thanks ZacM :)

Comment 24 Jonathan Callen (RETIRED) 2011-03-16 05:38:32 UTC

(In reply to comment #22)
> Barring use of $HOME, it would be safer to do a real query of /etc/passwd
> rather than hardcode /root/.gnome2 in the eclass. For example, you could query
> it with python like this:
> 
> python -c 'import os, sys, pwd ;
> sys.stdout.write(pwd.getpwuid(os.getuid()).pw_dir)'

As I understand it, this can also be done in pure bash like

addwrite "$(unset HOME; echo ~)/.gnome2"

(In reply to comment #24)
> (In reply to comment #22)
> > Barring use of $HOME, it would be safer to do a real query of /etc/passwd
> > rather than hardcode /root/.gnome2 in the eclass. For example, you could query
> > it with python like this:
> > 
> > python -c 'import os, sys, pwd ;
> > sys.stdout.write(pwd.getpwuid(os.getuid()).pw_dir)'
> 
> As I understand it, this can also be done in pure bash like
> 
> addwrite "$(unset HOME; echo ~)/.gnome2"

I encountered a similar problem when using a new default /etc/gconf/gconf.local.xml.defaults directory for gnome. If I remember well , it was orca that refuse to emerge.
As a workaround I added it in /etc/sandbox.d/99local and sandbox stopped complaining about it.

Could be easier to add ~/.gnome2 as well?

Comment 26 Pacho Ramos 2011-07-15 11:55:25 UTC

Maybe using this debian patch for glib:
http://patch-tracker.debian.org/patch/series/view/glib2.0/2.28.6-2/04_homedir_env.patch

and setting G_HOME properly could solve this issue

Comment 27 Zac Medico 2011-07-15 17:39:27 UTC

(In reply to comment #24)
> (In reply to comment #22)
> > Barring use of $HOME, it would be safer to do a real query of /etc/passwd
> > rather than hardcode /root/.gnome2 in the eclass.
>
> As I understand it, this can also be done in pure bash like
> 
> addwrite "$(unset HOME; echo ~)/.gnome2"

Meanwhile, I've just added this trick to gnome2.eclass since it seems to work and it shouldn't hurt:

http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/eclass/gnome2.eclass?view=log#rev1.98

Comment 28 Pacho Ramos 2011-08-24 10:10:58 UTC

(In reply to comment #27)
> (In reply to comment #24)
> > (In reply to comment #22)
> > > Barring use of $HOME, it would be safer to do a real query of /etc/passwd
> > > rather than hardcode /root/.gnome2 in the eclass.
> >
> > As I understand it, this can also be done in pure bash like
> > 
> > addwrite "$(unset HOME; echo ~)/.gnome2"
> 
> Meanwhile, I've just added this trick to gnome2.eclass since it seems to work
> and it shouldn't hurt:
> 
> http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/eclass/gnome2.eclass?view=log#rev1.98

But, if we are all ok with current change in eclass, we can probably leave this as-is (if it works) as I am unsure about debian patch from comment #26 is much better :-/

Comment 29 Pacho Ramos 2011-09-12 15:58:13 UTC

Will close this bug next week if nobody disagrees since current workaround looks to be less complicated than debian one and looks like no fix is available

Comment 30 Ulrich Müller 2011-10-12 09:50:37 UTC

(In reply to comment #29)
> Will close this bug next week if nobody disagrees since current workaround
> looks to be less complicated than debian one and looks like no fix is available

Creating spurious files outside of the build environment is not a good solution. That undermines the whole purpose of the sandbox.

Comment 31 Pacho Ramos 2011-10-16 21:38:03 UTC

(In reply to comment #26)
> Maybe using this debian patch for glib:
> http://patch-tracker.debian.org/patch/series/view/glib2.0/2.28.6-2/04_homedir_env.patch
> 
> and setting G_HOME properly could solve this issue

glib-2.30.1-r1 includes this (as Gilles was ok with applying it per a past conversation with him)

Comment 32 Gilles Dartiguelongue (RETIRED) 2011-10-17 07:45:17 UTC

Thanks Pacho. I think it's ok to backport this to older releases too if we do a stabilization pass before gnome 3.2 so we can start using this variable in eclass.

Comment 33 Pacho Ramos 2011-10-17 09:47:15 UTC

My plan was to modify eclass for using G_HOME when glib-2.30.1-r1 or newer is installed and old addwrite way for older. As glib-2.30.1-r1 could go to stable "soon" (well, looks to work ok with Gnome2... but will wait until tinderbox run to fix broken packages due deprecations)

The problem for backporting it is that I wouldn't really check if patch works with older glib versions (I mean, I would still run glib-2.30 here on my box), and allowing the "compat way" in eclass will also help people upgrading from older systems if they have older glib versions than those currently available in the tree

Comment 34 Pacho Ramos 2011-11-22 00:18:48 UTC

gnome2.eclass is already fixing env to proper values, but you will need at least glib-2.30.1-r1