Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 600916 - media-gfx/blender-2.72b-r4: sandbox violation
Summary: media-gfx/blender-2.72b-r4: sandbox violation
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Jonathan Scruggs (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-11-26 13:57 UTC by Andrius Štikonas
Modified: 2017-12-25 16:09 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
build.log.xz (build.log.xz,250.57 KB, application/x-xz)
2016-11-26 19:18 UTC, Andrius Štikonas
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrius Štikonas 2016-11-26 13:57:47 UTC
I tried to install blender but during doc generation there was a sandbox violation

VERSION 1.0
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line

F: open_wr
S: deny
P: /dev/dri/renderD128
A: /dev/dri/renderD128
R: /dev/dri/renderD128
C: /var/tmp/portage/media-gfx/blender-2.72b-r4/work/blender-2.72b_build/bin/blender --background --python doc/python_api/sphinx_doc_gen.py -noaudio 

F: open_wr
S: deny
P: /dev/dri/renderD128
A: /dev/dri/renderD128
R: /dev/dri/renderD128
C: /var/tmp/portage/media-gfx/blender-2.72b-r4/work/blender-2.72b_build/bin/blender --background --python doc/python_api/sphinx_doc_gen.py -noaudio


Reproducible: Always

Steps to Reproduce:
1. set USE=doc
2. emerge blender

Actual Results:  
Sandbox violation
Comment 1 Jonas Stein gentoo-dev 2016-11-26 17:35:42 UTC
Andrius, please attach the logfiles and emerge --info.
Comment 2 Jonathan Scruggs (RETIRED) gentoo-dev 2016-11-26 18:15:08 UTC
What graphics drivers do you use? Is it the AMD or nVidia binary blobs?
Comment 3 Andrius Štikonas 2016-11-26 19:03:32 UTC
I use Intel driver, so no blob.

Portage 2.3.0 (python 3.4.5-final-0, !../../usr/portage/profiles/default/linux/amd64/13.0/desktop/plasma/systemd, gcc-5.4.0, glibc-2.22-r4, 4.4.26-gentoo x86_64)
=================================================================
System uname: Linux-4.4.26-gentoo-x86_64-Intel-R-_Core-TM-_i7-6700HQ_CPU_@_2.60GHz-with-gentoo-2.2
KiB Mem:    16383808 total,   8348044 free
KiB Swap:   16777212 total,  16777212 free
Timestamp of repository gentoo: Sat, 26 Nov 2016 12:45:01 +0000
sh bash 4.3_p48
ld GNU ld (Gentoo 2.25.1 p1.1) 2.25.1
dev-lang/python:          2.7.12::gentoo, 3.4.5::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69::gentoo
sys-devel/automake:       1.10.3-r1::gentoo, 1.11.6-r1::gentoo, 1.12.6::gentoo, 1.14.1::gentoo, 1.15::gentoo
sys-devel/binutils:       2.25.1-r1::gentoo
sys-devel/libtool:        2.4.6::gentoo
sys-kernel/linux-headers: 4.3::gentoo (virtual/os-headers)
Repositories:

kde
    location: /var/lib/layman/kde
    sync-type: laymansync
    sync-uri: git://anongit.gentoo.org/proj/kde.git
    masters: gentoo
    priority: -50

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://rsync.uk.gentoo.org/gentoo-portage

go-overlay
    location: /var/lib/layman/go-overlay
    sync-type: laymansync
    sync-uri: https://github.com/Dr-Terrible/go-overlay.git
    masters: gentoo                                                                                                                                                                                               
    priority: 50                                                                                                                                                                                                  
                                                                                                                                                                                                                  
torbrowser                                                                                                                                                                                                        
    location: /var/lib/layman/torbrowser                                                                                                                                                                          
    sync-type: laymansync                                                                                                                                                                                         
    sync-uri: git://github.com/MeisterP/torbrowser-overlay.git                                                                                                                                                    
    masters: gentoo                                                                                                                                                                                               
    priority: 50                                                                                                                                                                                                  
                                                                                                                                                                                                                  
Local-overlay                                                                                                                                                                                                     
    location: /var/lib/portage/overlay                                                                                                                                                                            
    masters: gentoo                                                                                                                                                                                               
    priority: 1000

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="@FREE"
CFLAGS="-march=native -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/easy-rsa /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/games/angband/gamedata/ /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.6/ext-active/ /etc/php/cgi-php5.6/ext-active/ /etc/php/cli-php5.6/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=native -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
GENTOO_MIRRORS="http://mirror.bytemark.co.uk/gentoo/ ftp://mirror.bytemark.co.uk/gentoo/ http://mirrors.evowise.com/gentoo/"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
USE="16k_voice 1stclassmsg R X a52 aac aacs aalib accessibility acl acpi addns addressbook ads aesicm aimodules aio akonadi alsa amd64 amr analitza android androiddump aot ap apache2 apng apparmor archive atmo attica auth autoipd autoreplace autotools avahi baremetal bash-completion bazaar berkdb bindist bittorrent bl blender bluetooth bluray bogofilter bookmarks boost botan branding bs2b btrfs bugzilla bzip2 c++0x cairo cantor captcha cdb cdda cddb cdio cdr cgi chappa chatzilla chm cjk clang cli client clucene cmake color colordiff connection-sharing contactnotes context contrib contrib_cvv contrib_hdf contrib_sfm cracklib crypt cryptsetup csharp css csv cups curl custom-optimization cvs cxx cycles d d3d9 dbus dc1394 deblob declarative deflate designer designer-plugin desktopglobe device-mapper dhclient dirac djvu dmraid dnssec doc doc-pdf docbook dos dot downloadorder dpi dri dri3 drm dts dump dvb dvd dvdnav dvdr dvi dvi2tty dvipdfm dynamic eap-sim ebook edit editor egl eigen emacs embedded emboss emovix enchant encode equalizer evdev examples exif extensions extra extra-algorithms extraengine extras f2fs fakevim fam farstream fat fbcon festival ffmpeg fftw fgpanel firefox fits flac fltk fluidsynth fontconfig fontforge foomaticdb fortran fortran2003 fortran95 fpm fpx freetds ftp fuse g3dvl gadu gallium games garmin gbm gc gccgo gcj gcrypt gd gdal gdata gdbm gecko geoip geoloc geolocation gflags ghcbootstrap gif gimp git glamor gles gles1 gles2 gles3 glew glog glsl gmail gme gmp gnome-online-accounts gnuefi gnuplot gnutls go gold google gpg gphoto2 gpm gps gpssync gptfdisk gpu graphics graphite graphviz grub gsl gsm gssapi gstreamer gtk gtk3 gtkspell gtkstyle gudev gui gyroscopic gzip handbook harden hdf5 hdri hfs highlight history hscolour html hunspell hwdb i18n icedtea7 iconv icq icu id3tag ieee1394 ilbc imagemagick imaging imap imlib imlib2 inkjar inotify introspection iodbc ipc iplayer ipv6 irc jabber jadetex java javascript jbootstrap jfs jingle jit jpeg jpeg2k json kate kde kde4 kdecards kdenlive kdepim kerberos kexiv2 keymap kipi kontact kpathsea ktp lame lapack laptop lastfm latex latexmk lcms ldap legacy-systray lensfun less libass libav-aac libcaca libinput libkms libmpv libnotify libproxy libssh2 libtiger libxml2 lightning llvm lm_sensors lpsol lto lua luatex lvm lyrics lz4 lzma lzo mad magic magnetgenerator maildir marble math mathml matplotlib matroska md5sum mdadm mdnsresponder-compat meanwhile mediaplayer mediawiki melt mercurial metalink mhash midi mikmod minizip mjpeg mms mmx mmxext mng mobi mod mod_muc mod_pubsub modemmanager modplug modules mono monolithic monolithic-build monotone mount mp3 mp4 mpeg mpg123 mplayer mpx mtp multilib multitarget musepack music musicbrainz mysql mysqli mythtv nat native native-exceptions natspec ncurses netapi nethack network networkmanager new-login nftables nls nntp nptl nscd nsplugin nss ntfs ntfsprogs ntp numpy oauth objc objc++ objc-gc octave ogg ogg123 ogm okteta okular omega openal opencl opencv openexr opengl opengtl openid openimageio openinventor openldap openmp openstreetmap optimization opus otr p2p pam pango parcheck parted pcap pcmcia pcntl pcre pcre16 pdf pdfimport pdo perl phonon php pim pkcs11 plasma player plotutils png pnm policykit postgres postproc postscript ppds prediction preview-latex printsupport prison privacy private-headers privatestorage projectm ps psf pstoedit pstricks pth publishers pulseaudio pwquality pyqt4 python qalculate qml qrcode qt3support qt4 qt5 qthelp quickstarter quicktime quota qwt r600-llvm-compiler radio radius raster raw rdesktop readline realtime redeyes reencrypt reiser4 reiserfs resolvconf reviewboard rss rtmp rtsp ruby s3tc samba sandbox sasl sbcl scanner schroedinger science script scripts scripttools sdk sdl sdl2 search seccomp secure-delete semantic-desktop sensord server session sftp sha512 shapefile shared-dricore shared-glapi sip sipim skins smartcard smime snappy sndfile soap sockets socks5 solver soprano sound soundtouch sparse speex spell sql sqlite sqlite3 srt srtp sse sse2 ssh ssl staging stars startup-notification statistics strong-optimization stun subversion suhosin supernodal svc svg symlink sync-plugin-portage syslog system-boost system-cairo system-ffmpeg system-harfbuzz system-icu system-jpeg system-jsoncpp system-libevent system-libs system-libvncserver system-libvpx system-libyaml system-llvm system-lua system-mitkrb5 system-mpmath system-mupdf system-qemu system-qt system-renpy system-seabios system-snappy system-sqlite system-tbb system-uulib system-wine system-zlib systemd sysv-utils szip taglib tcl tcpd telepathy templates terminal tesseract tex4ht texteffect tfshark themedesigner themes theora thesaurus threads thumbnail thumbnails tidy tiff timidity tk tls tntc tools tor tordns touchpad translator truetype twolame udev udisks udisks2 umfpack unicode unlock-notify unzip upnp upnp-av upower usb usbredir utils v4l v8 vaapi vala valgrind vamp vc vdpau video videos videoslideshow vim vim-syntax vlc vlm vnc vorbis vpx vulkan wav wavpack wayland wayland-compositor webcam webdav webgl webkit webkit2 webm webp widgets wifi wikipedia win32 win64 winbind wma wmf word-perfect wps wxwidgets x264 x265 xa xattr xcb xcomposite xetex xface xfs xft xinerama xkb xml xmlwriter xmp xorg xpm xrandr xrender xslt xv xvfb xvid xvmc xwayland xz yahoo youtube zeroconf zip zlib" ABI_X86="32 64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="avx avx2 3dnow 3dnowext fma3 fma4 mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" CURL_SSL="nss" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="evdev synaptics keyboard mouse wacom" KERNEL="linux" L10N="lt en en-GB" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="lt en en_GB" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4" QEMU_SOFTMMU_TARGETS="x86_64 aarch64 arm" RUBY_TARGETS="ruby20 ruby21" USERLAND="GNU" VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  EMERGE_DEFAULT_OPTS, PORTAGE_BUNZIP2_COMMAND
Comment 4 Andrius Štikonas 2016-11-26 19:18:31 UTC
Created attachment 454460 [details]
build.log.xz

Attaching build.log now. Sorry I didn't attach it first time around. Something happened to the build dir and it disappeared... I rebuilt blender and got the build.log now.
Comment 5 Andrius Štikonas 2016-12-04 00:15:33 UTC
ok, this is not blender specific. I have the same bug with vlc.
Comment 6 Andrius Štikonas 2016-12-04 00:32:10 UTC
As a workaround I added SANDBOX_WRITE="/dev/dri/renderD128" to /etc/sandbox.conf on my system... Although I'm not sure why this is necessary.
Comment 7 Jonathan Scruggs (RETIRED) gentoo-dev 2017-01-31 14:53:12 UTC
I traced this to a new version of ImageMagick wanting to use hardware rendering. Enblend had the same issue as well. Doc building uses latex files with compile images as well as text. I will need to update all Blender ebuilds to allow this. That's the problem when a depend of a depend gets updated, you don't really test a recompile.
Comment 8 Jonathan Scruggs (RETIRED) gentoo-dev 2017-12-24 18:22:47 UTC
This is fixed in the new 2.79 ebuild, but I won't be updating 2.72b as it's too old to maintain. It will be deleted soon.
Comment 9 Larry the Git Cow gentoo-dev 2017-12-25 16:09:40 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d874e5a73532b74bdeed992a7c0f75b4d12bd561

commit d874e5a73532b74bdeed992a7c0f75b4d12bd561
Author:     Jonathan Scruggs <j.scruggs@gmail.com>
AuthorDate: 2017-12-24 17:24:26 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2017-12-25 16:09:12 +0000

    media-gfx/blender: Version bump to 2.79
    
    Version bump to 2.79
    Closes: https://bugs.gentoo.org/630820
    
    Allow CUDA v9 to be used for GCC 6.4 compatibility.
    Closes: https://bugs.gentoo.org/641244
    
    Call cmake-utils_src_prepare explicity.
    Closes: https://bugs.gentoo.org/640194
    
    Depend on virtual/jack.
    Closes: https://bugs.gentoo.org/612022
    
    Allow DRI to be writable to avoid sandbox violations.
    Closes: https://bugs.gentoo.org/600916
    Closes: https://github.com/gentoo/gentoo/pull/6620

 media-gfx/blender/Manifest            |   1 +
 media-gfx/blender/blender-2.79.ebuild | 287 ++++++++++++++++++++++++++++++++++
 media-gfx/blender/metadata.xml        |   6 +
 3 files changed, 294 insertions(+)