Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 539224 - net-libs/farstream-0.2.6 - sandbox access violation by /usr/lib64/gstreamer-1.0/gst-plugin-scanner -l in /dev/video0
Summary: net-libs/farstream-0.2.6 - sandbox access violation by /usr/lib64/gstreamer-1...
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: No maintainer - Look at if you want to take care of it
: 539944 (view as bug list)
Depends on: 570624
  Show dependency tree
Reported: 2015-02-07 12:53 UTC by Alan McKinnon
Modified: 2022-11-25 03:09 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

build.log (build.log,114.62 KB, text/x-log)
2015-02-15 15:46 UTC, Tom Li
sandbox log (sandbox-24030.log,315 bytes, text/x-log)
2015-02-15 15:46 UTC, Tom Li

Note You need to log in before you can comment on or make changes to this bug.
Description Alan McKinnon 2015-02-07 12:53:53 UTC
make[2]: Leaving directory '/var/tmp/portage/net-libs/farstream-0.2.6/work/farstream-0.2.6'
make[1]: Leaving directory '/var/tmp/portage/net-libs/farstream-0.2.6/work/farstream-0.2.6'
>>> Source compiled.
 (null)*(null) --------------------------- ACCESS VIOLATION SUMMARY ---------------------------
 (null)*(null) LOG FILE: "/var/log/sandbox/sandbox-17930.log"
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line

F: open_wr
S: deny
P: /dev/video0
A: /dev/video0
R: /dev/video0
C: /usr/lib64/gstreamer-1.0/gst-plugin-scanner -l 
 (null)*(null) --------------------------------------------------------------------------------

Reproducible: Didn't try

Steps to Reproduce:
1. emerge =net-libs/farstream-0.2.6
Actual Results:  
sandbox access violation

Expected Results:  
no sandbox access violation

                         System Settings
System uname: Linux-3.16.5-gentoo-x86_64-Intel-R-_Core-TM-_i7-4930MX_CPU_@_3.00GHz-with-gentoo-2.2
KiB Mem:    16408840 total,   3252360 free
KiB Swap:    1048572 total,    607452 free
Timestamp of tree: Sat, 07 Feb 2015 04:30:01 +0000
sh bash 4.3_p33-r1
ld GNU ld (Gentoo 2.24 p1.4) 2.24
app-shells/bash:          4.3_p33-r1
dev-java/java-config:     2.2.0
dev-lang/perl:            5.20.1-r4
dev-lang/python:          2.7.9-r1, 3.3.5-r1
dev-util/cmake:           3.1.0
dev-util/pkgconfig:       0.28-r2
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.13.8
sys-apps/sandbox:         2.6-r1
sys-devel/autoconf:       2.13, 2.69
sys-devel/automake:       1.11.6-r1, 1.13.4, 1.15
sys-devel/binutils:       2.24-r3
sys-devel/gcc:            4.8.4, 4.9.2
sys-devel/gcc-config:     1.8
sys-devel/libtool:        2.4.5
sys-devel/make:           4.1-r1
sys-kernel/linux-headers: 3.18 (virtual/os-headers)
sys-libs/glibc:           2.20-r1
Repositories: gentoo soehest alan
Installed sets: @alan-fonts, @alan-gkrellm, @alan-kde, @alan-tools
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA dlj-1.1 sun-bcla-java-vm skype-eula PUEL googleearth google-talkplugin AdobeFlash-10 AdobeFlash-10.1"
CFLAGS="-march=native -O2 -pipe"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/themes/oxygen-gtk/gtk-2.0 /usr/share/themes/oxygen-gtk/gtk-3.0 /var/lib/hsqldb /var/rancid/.cloginrc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=native -O2 -pipe"
EMERGE_DEFAULT_OPTS="--with-bdeps=y --autounmask=n --jobs=4 --load-average=8"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs buildsyspkg collision-protect config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync metadata-transfer news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j9 -l8"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTDIR_OVERLAY="/var/lib/layman/soehest /home/alanm/gentoo/overlay"
USE="X a52 aac aalib acl acpi adns aes alsa amd64 ao apache2 archive audiofile avahi avx avx2 bash-completion berkdb bittorrent bluetooth bluray branding bzip2 cairo cdda cddb cdr cli consolekit cracklib crypt cups curl curlwrappers cvs cxx dbus dbx device-mapper dga dirac djvu dri dts dv dvb dvd dvdr emotion encode evo exif expat ffmpeg flac fma3 fontconfig fortran freetds ftp fuse gallium gd gdbm gif gimp glib gnome-keyring gpm gps graphviz gs gstreamer gtk handbook iconv icu id3tag ieee1394 imagemagick imap innodb introspection ipc ipod iproute2 ipv6 jabber java java6 javascript jbig jce jpeg jpeg2k kde keyring kig-scripting kipi lame lcms lesstif libass libc_glibc libcaca libnotify libsamplerate libv4l libwww lm_sensors lua lzma mad maildir mailwrapper man matroska mbox milter mime mms mmx mmxext mng modules mp3 mp3tunes mp4 mpeg mplayer mtp multilib musepack musicbrainz mysql mysqli ncurses netboot network networkmanager nfs nls nptl nsplugin ntp odbc offensive ogg openexr opengl openmp openssl openvpn opus pam pango passwordsave pch pcre pdf perl phonon plasma plotutils pmu png policykit popcnt posix postscript ppds pppd projectm pulseaudio qt3support qt4 quicktime raw readline reflection resolvconf rtmp samba sasl savedconfig scanner schroedinger sdl session slp smi sms solver sound speex spell spl sql sqlite sqlite3 sse sse2 sse3 sse4_1 sse4_2 ssl ssse3 startup-notification subversion svg symlink syslog sysvipc taglib tbb testbed theora threads thumbnail tidy tiff truetype udev udisks udisks2 unicode upnp usb utempter v4l vaapi vcd video vim-syntax vlc vnc vorbis vpx wavpack webkit webp wifi win32codecs wma wmf x264 xattr xcomposite xinerama xml xorg xpm xrandr xrender xulrunner xv xvid xvmc zeroconf zip zlib" ABI_X86="64" ALSA_CARDS="hda-intel" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="author braindump flow karbon kexi krita sheets stage words" CAMERAS="adc65 agfa_cl20 aox ax203 barbie canon casio_qv clicksmart310 digigr8 digita dimagev dimera3500 directory enigma13 fuji gsmart300 hp215 iclick jamcam jd11 jl2005a kodak_dc120 kodak_dc210 kodak_dc240 kodak_dc3200 kodak_ez200 konica konica_qm150 largan lg_gsm mars mustek panasonic_coolshot panasonic_dc1000 panasonic_dc1580 panasonic_l859 pccam300 pccam600 polaroid_pdc320 polaroid_pdc640 polaroid_pdc700 ptp2 ricoh ricoh_g3 samsung sierra sipix_blink sipix_blink2 sipix_web2 smal sonix sony_dscf1 sony_dscf55 soundvision spca50x sq905 st2205 stv0674 stv0680 sx330z template topfield toshiba_pdrm11" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 fma3 mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" ENLIGHTENMENT_MODULES="access appmenu backlight battery bluez4 clock comp conf-applications conf-comp conf-dialogs conf-display conf-edgebindings conf-interaction conf-intl conf-keybindings conf-menus conf-paths conf-performance conf-randr conf-shelves conf-theme conf-wallpaper2 conf-window-manipulation conf-window-remembers contact cpufreq dropshadow everything fileman fileman-opinfo gadman ibar ibox illume2 mixer msgbus music-control notification pager physics quickaccess shot start syscon systray tasks teamwork temperature tiling winlist wizard wl-desktop-shell wl-screenshot xkbswitch" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="pc" INPUT_DEVICES="evdev synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en en_GB en_US en_ZA" NETBEANS_MODULES="apisupport cnd dlight ergonomics extide groovy java php profiler webcommon websvccommon" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3" QEMU_SOFTMMU_TARGETS="i386 x86_64" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby19 ruby20 ruby21 ruby22" SANE_BACKENDS="epson epson2" USERLAND="GNU" VIDEO_CARDS="intel i965 modesetting vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Comment 1 Garri 2015-02-07 13:59:34 UTC
I've got same failure. Additionally, the compile stage reports following error:

(gst-plugin-scanner:26018): GStreamer-CRITICAL **: gst_structure_new_empty: assertion 'gst_structure_validate_name (name)' failed
 * ACCESS DENIED:  open_wr:      /dev/video0
No protocol specified

(gst-plugin-scanner:26018): Clutter-CRITICAL **: Unable to initialize Clutter: Unable to open display ':0'

As a workaround, I used:

FEATURES="-sandbox -usersandbox" emerge -av1 farstream
Comment 2 Pacho Ramos gentoo-dev 2015-02-07 17:35:22 UTC
On my system the culprit is the v4l2 plugin:
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2015-02-13 09:26:58 UTC
*** Bug 539944 has been marked as a duplicate of this bug. ***
Comment 4 Pacho Ramos gentoo-dev 2015-02-13 11:29:46 UTC
Still fails with:
        sed -i -e \
                's/GST_INSPECT = $(GST_TOOLS_DIR)\/gst-inspect-$(GST_API_VERSION)/GST_INSPECT = $(type -P true)/' \
                common/check.mak tests/check/ || die
        sed -i -e '/GST_PLUGIN_SCANNER/d' common/m4/gst-check.m4 || die
Comment 5 Pacho Ramos gentoo-dev 2015-02-13 11:37:17 UTC
+  13 Feb 2015; Pacho Ramos <> -farstream-0.2.6.ebuild,
+  farstream-0.2.7.ebuild:
+  Prevent sandbox violations, bug #539224
Comment 6 Juergen Rose 2015-02-14 13:40:28 UTC
farstream-0.2.7 fails again with sandbox VIOLATION:
make[1]: Leaving directory '/var/tmp/portage/net-libs/farstream-0.2.7/work/farstream-0.2.7'
>>> Source compiled.
 * --------------------------- ACCESS VIOLATION SUMMARY ---------------------------
 * LOG FILE: "/var/log/sandbox/sandbox-31287.log"
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line

F: open_wr
S: deny
P: /dev/radio0
A: /dev/radio0
R: /dev/radio0
C: /usr/lib64/gstreamer-1.0/gst-plugin-scanner -l 

F: open_wr
S: deny
P: /dev/vbi0
A: /dev/vbi0
R: /dev/vbi0
C: /usr/lib64/gstreamer-1.0/gst-plugin-scanner -l 

F: open_wr
S: deny
P: /dev/video1
A: /dev/video1
R: /dev/video1
C: /usr/lib64/gstreamer-1.0/gst-plugin-scanner -l 
 * --------------------------------------------------------------------------------

>>> Failed to emerge net-libs/farstream-0.2.7, Log file:
Comment 7 Alan McKinnon 2015-02-14 15:58:53 UTC
Works for me with this USE:

Calculating dependencies... done!
[ebuild     U  ] net-libs/farstream-0.2.7:0.2/5 [0.2.6:0.2/0.2] USE="introspection msn upnp {-test}" 0 KiB

Thanks for the fix
Comment 8 Juergen Rose 2015-02-14 16:38:14 UTC
(In reply to Alan McKinnon from comment #7)
> Works for me with this USE:
> Calculating dependencies... done!
> [ebuild     U  ] net-libs/farstream-0.2.7:0.2/5 [0.2.6:0.2/0.2]
> USE="introspection msn upnp {-test}" 0 KiB
> Thanks for the fix

Where is the fix? 'USE="msn upnp"  emerge -v1 farstream' fails here as before.
Comment 9 Alan McKinnon 2015-02-14 17:15:42 UTC
What can I say? I'm the bug reporter, I --synced, re-merged and now it works.
Comment 10 Tom Li 2015-02-15 15:45:27 UTC
The issue is still exist on my system.

$ emerge "=net-libs/farstream-0.2.7"

When a webcam is connected to the system, gst-plugin-scanner tries to access /dev/video1 which is crazy, and causes access violation errors.

/usr/bin/g-ir-scanner   --namespace=Farstream --nsversion=0.2 --libtool="/bin/sh ../libtool"  --include=GObject-2.0 --include=Gst-1.0 --symbol-prefix=fs --identifier-prefix=Fs --add-init-section="gst_init(NULL,NULL);" --pkg-export=farstream-0.2 --c-include=fs-candidate.h --c-include=fs-codec.h --c-include=fs-participant.h --c-include=fs-session.h --c-include=fs-stream.h --c-include=fs-conference.h --c-include=fs-utils.h --cflags-begin -I.. -I.. --cflags-end -lgstreamer-1.0 -lgobject-2.0 -lglib-2.0  fs-candidate.c fs-codec.c fs-participant.c fs-session.c fs-stream.c fs-conference.c fs-transmitter.c fs-stream-transmitter.c fs-plugin.c fs-element-added-notifier.c fs-utils.c fs-rtp.c fs-private.h fs-enumtypes.h fs-candidate.h fs-codec.h fs-participant.h fs-session.h fs-stream.h fs-conference.h fs-transmitter.h fs-stream-transmitter.h fs-plugin.h fs-element-added-notifier.h fs-utils.h fs-rtp.h --output Farstream-0.2.gir
g-ir-scanner: compile: cc -Wno-deprecated-declarations -pthread -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -march=native -O2 -pipe -I/usr/include/gstreamer-1.0 -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -c -o /var/tmp/portage/net-libs/farstream-0.2.7/work/farstream-0.2.7/farstream/tmp-introspect0E9aKw/Farstream-0.2.o /var/tmp/portage/net-libs/farstream-0.2.7/work/farstream-0.2.7/farstream/tmp-introspect0E9aKw/Farstream-0.2.c
g-ir-scanner: link: /bin/sh ../libtool --mode=link --tag=CC cc -o /var/tmp/portage/net-libs/farstream-0.2.7/work/farstream-0.2.7/farstream/tmp-introspect0E9aKw/Farstream-0.2 -export-dynamic -march=native -O2 -pipe -Wl,-O1 -Wl,--as-needed /var/tmp/portage/net-libs/farstream-0.2.7/work/farstream-0.2.7/farstream/tmp-introspect0E9aKw/Farstream-0.2.o -L. -lgstreamer-1.0 -lgobject-2.0 -lglib-2.0 -lgio-2.0 -lgobject-2.0 -Wl,--export-dynamic -lgmodule-2.0 -pthread -lglib-2.0
libtool: link: cc -o /var/tmp/portage/net-libs/farstream-0.2.7/work/farstream-0.2.7/farstream/tmp-introspect0E9aKw/.libs/Farstream-0.2 -march=native -O2 -pipe -Wl,-O1 /var/tmp/portage/net-libs/farstream-0.2.7/work/farstream-0.2.7/farstream/tmp-introspect0E9aKw/Farstream-0.2.o -Wl,--export-dynamic -pthread -Wl,--export-dynamic  -Wl,--as-needed -L. ./.libs/ -lgthread-2.0 -lgstbase-1.0 -lgstreamer-1.0 -lgio-2.0 -lgobject-2.0 -lgmodule-2.0 -lglib-2.0 -pthread
 * ACCESS DENIED:  open_wr:      /dev/video1
No protocol specified

(gst-plugin-scanner:24454): Clutter-CRITICAL **: Unable to initialize Clutter: Unable to open display ':0'
/usr/bin/g-ir-compiler  --includedir=. Farstream-0.2.gir -o Farstream-0.2.typelib
Comment 11 Tom Li 2015-02-15 15:46:32 UTC
Created attachment 396508 [details]
Comment 12 Tom Li 2015-02-15 15:46:57 UTC
Created attachment 396510 [details]
sandbox log
Comment 13 Pacho Ramos gentoo-dev 2015-02-15 16:14:32 UTC
What would be highly appreciated is to try to know what else needs to be changed apart of comment #4 to not run gst-plugin-scanner at all

If any of you could help on finding that it would be really nice

Comment 14 Alexandre Rostovtsev (RETIRED) gentoo-dev 2015-02-17 23:27:47 UTC
What we need to figure out is where in the build process gst-plugin-scanner is being called and why. Unfortunately, there are no explicit references to it in farstream's code or configure or makefiles, so it's probably a side effect, either of some gstreamer tool (called during configure or make check or make install) or some API call (called during introspection bindings generation).

If you are experiencing this issue, please check if USE=-introspection works.
Comment 15 Alexandre Rostovtsev (RETIRED) gentoo-dev 2015-02-17 23:32:50 UTC
(In reply to Alexandre Rostovtsev from comment #14)

Never mind, can't read, comment #10 shows it's introspection's fault :)

I wonder if our usual "unset DISPLAY" trick would work...
Comment 16 Alexandre Rostovtsev (RETIRED) gentoo-dev 2015-02-18 00:26:54 UTC
I can see two ways to fix this:

(1) make a fake gst-plugin-scanner executable, export it via GST_PLUGIN_SCANNER_1_0 env variable. This is difficult to get right because gst libraries communicate with gst-plugin-scanner via pipes, and expect the right binary response to binary queries in an undocumented internal format, otherwise the whole thing either freezes forever or errors out and calls /usr/lib64/gstreamer-1.0/gst-plugin-scanner. Something trivial like /bin/true or #/bin/sh\nread won't work here :)

(2) in the ebuild, compile a dummy library implementing gst_update_registry() which always returns true, force it to be used via LD_PRELOAD. This will work as long as the only path via which gst_init(0, 0) spawns plugin scanner remains gst_update_registry().

I personally think option 2 is the better way to go.
Comment 17 Alexandre Rostovtsev (RETIRED) gentoo-dev 2015-02-18 04:47:44 UTC
(In reply to Alexandre Rostovtsev from comment #16)

On further testing, option (2) will not work because libgstreamer is built with -Bsymbolic-functions, so we can't override its individual functions using LD_PRELOAD :/
Comment 18 Pacho Ramos gentoo-dev 2015-02-18 09:31:21 UTC
If you have enough knowledge... maybe the fix would be in changing:

To filter all access to /dev
Comment 19 Pacho Ramos gentoo-dev 2015-04-30 08:35:48 UTC
Maybe exporting LIBGL_ALWAYS_INDIRECT=1 and LIBGL_ALWAYS_SOFTWARE=1 could help :/