Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 632273 - sys-auth/polkit sandbox violation
Summary: sys-auth/polkit sandbox violation
Status: RESOLVED DUPLICATE of bug 587330
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Freedesktop bugs
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 567192
  Show dependency tree
 
Reported: 2017-09-28 18:15 UTC by Michael Jones
Modified: 2017-09-30 09:25 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
build.log.gz (build.log.gz,16.44 KB, application/gzip)
2017-09-28 18:15 UTC, Michael Jones 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Jones 2017-09-28 18:15:20 UTC 
Created attachment 496969 [details]
build.log.gz

>>> Source compiled.
 * --------------------------- ACCESS VIOLATION SUMMARY ---------------------------
 * LOG FILE: "/var/log/sandbox/sandbox-17649.log"
 *
VERSION 1.0
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line

F: mkdir
S: deny
P: /home/jonesmz/.cache/g-ir-scanner
A: /home/jonesmz/.cache/g-ir-scanner
R: /home/jonesmz/.cache/g-ir-scanner
C: /usr/bin/python3.4 /usr/bin/g-ir-scanner --namespace=Polkit --nsversion=1.0 --libtool=/bin/sh ../../libtool --include=Gio-2.0 --pkg-export=polkit-gobject-1 --library=libpolkit-gobject-1.la --c-include=polkit/polkit.h --cflags-begin -D_POLKIT_COMPILATION -pthread -I/usr/include/gio-unix-2.0/ -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -D_POLKIT_COMPILATION -I.. -I../../src --cflags-end polkitenumtypes.c polkitenumtypes.h polkit.h polkitactiondescription.c polkitactiondescription.h polkitauthorityfeatures.h polkitauthorityfeatures.c polkitdetails.c polkitdetails.h polkitauthority.c polkitauthority.h polkiterror.c polkiterror.h polkitsubject.c polkitsubject.h polkitunixprocess.c polkitunixprocess.h polkitsystembusname.c polkitsystembusname.h polkitidentity.c polkitidentity.h polkitunixuser.c polkitunixuser.h polkitunixgroup.c polkitunixgroup.h polkitunixnetgroup.c polkitunixnetgroup.h polkitauthorizationresult.c polkitauthorizationresult.h polkitcheckauthorizationflags.c polkitcheckauthorizationflags.h polkitimplicitauthorization.c polkitimplicitauthorization.h polkittemporaryauthorization.c polkittemporaryauthorization.h polkitpermission.c polkitpermission.h polkitunixsession-systemd.c polkitunixsession.h libpolkit-gobject-1.la --output Polkit-1.0.gir

F: mkdir
S: deny
P: /home/jonesmz/.cache/g-ir-scanner
A: /home/jonesmz/.cache/g-ir-scanner
R: /home/jonesmz/.cache/g-ir-scanner
C: /usr/bin/python3.4 /usr/bin/g-ir-scanner --namespace=PolkitAgent --nsversion=1.0 --libtool=/bin/sh ../../libtool --include=Gio-2.0 --pkg-export=polkit-agent-1 --library=libpolkit-agent-1.la --include-uninstalled=../../src/polkit/Polkit-1.0.gir --c-include=polkitagent/polkitagent.h --cflags-begin -D_POLKIT_COMPILATION -D_POLKIT_AGENT_COMPILATION -pthread -I/usr/include/gio-unix-2.0/ -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -D_POLKIT_COMPILATION -D_POLKIT_AGENT_COMPILATION -I.. -I../../src --cflags-end marshal.stamp polkitagentenumtypes.c polkitagentenumtypes.h polkitagentmarshal.h polkitagentmarshal.c polkitagent.h polkitagenttypes.h polkitagentsession.h polkitagentsession.c polkitagentlistener.h polkitagentlistener.c polkitagenttextlistener.h polkitagenttextlistener.c libpolkit-agent-1.la --output PolkitAgent-1.0.gir
 * --------------------------------------------------------------------------------

>>> Failed to emerge sys-auth/polkit-0.113, Log file:

>>>  '/var/tmp/portage/sys-auth/polkit-0.113/temp/build.log.gz'






--------------------------------------------------------------------------------





mj200286l copycube-update # emerge --info sys-auth/polkit
Portage 2.3.8 (python 3.4.5-final-0, hardened/linux/amd64, gcc-5.4.0, glibc-2.23-r4, 4.12.12-gentoo x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-4.12.12-gentoo-x86_64-Intel-R-_Core-TM-_i7-3740QM_CPU_@_2.70GHz-with-gentoo-2.3
KiB Mem:    16393820 total,   4390584 free
KiB Swap:    4196348 total,   4196348 free
Timestamp of repository gentoo: Tue, 26 Sep 2017 23:45:39 +0000
Head commit of repository gentoo: 3bf2f0ea04b653edcdffa76a08e8271278b3153b

Head commit of repository inin-gentoo-overlay: dc0400895fe2b8c3b0813f9aa58a8736959abb7a

Head commit of repository jonesmz-public-overlay: 8fe214eb53fdd5470bfa5f7ff60e0db38b959abf

Head commit of repository steam-overlay: 751e07fb078c9b125b27d6f756e5689eca9ab55f

sh bash 4.3_p48-r1
ld GNU ld (Gentoo 2.28.1 p1.0) 2.28.1
distcc 3.2rc1 x86_64-pc-linux-gnu [disabled]
app-shells/bash:          4.3_p48-r1::gentoo
dev-lang/perl:            5.24.1-r2::gentoo
dev-lang/python:          2.7.12::gentoo, 3.4.5::gentoo
dev-util/cmake:           3.7.2::gentoo
dev-util/pkgconfig:       0.28-r2::gentoo
sys-apps/baselayout:      2.3::gentoo
sys-apps/openrc:          0.28::gentoo
sys-apps/sandbox:         2.10-r3::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69::gentoo
sys-devel/automake:       1.11.6-r1::gentoo, 1.15-r2::gentoo
sys-devel/binutils:       2.28.1::gentoo
sys-devel/gcc:            5.4.0-r3::gentoo
sys-devel/gcc-config:     1.7.3::gentoo
sys-devel/libtool:        2.4.6-r3::gentoo
sys-devel/make:           4.2.1::gentoo
sys-kernel/linux-headers: 4.4::gentoo (virtual/os-headers)
sys-libs/glibc:           2.23-r4::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/gentoo
    priority: -1000

inin-gentoo-overlay
    location: /usr/portage-overlays/inin-gentoo-overlay
    sync-type: git
    sync-uri: https://jonesmz@bitbucket.org/jonesmz/inin-gentoo-overlay.git
    masters: gentoo

jonesmz-public-overlay
    location: /usr/portage-overlays/jonesmz-public-overlay
    sync-type: git
    sync-uri: https://github.com/jonesmz/gentoo-overlay.git
    masters: gentoo

steam-overlay
    location: /usr/local/portage/steam-overlay
    sync-type: git
    sync-uri: https://github.com/anyc/steam-overlay.git
    masters: gentoo
    priority: 50

Installed sets: @amd64-desktop-applications, @archive, @lxqt, @pc-base-system, @portage, @vcs, @virt-client
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=x86-64 -mtune=generic -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -pipe -O2 -pipe -march=x86-64 -mtune=generic -O2 -pipe"
DISTDIR="/usr/portage-distfiles"
EMERGE_DEFAULT_OPTS=" --jobs --keep-going --newuse --deep --backtrack=3000 --complete-graph --with-bdeps=y"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs buildpkg clean-logs compress-build-logs compressdebug config-protect-if-modified distlocks ebuild-locks fixlafiles installsources merge-sync multilib-strict news parallel-fetch parallel-install preserve-libs protect-owned sandbox sfperms split-elog split-log splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j10"
PKGDIR="/usr/portage-packages"
PORTAGE_COMPRESS="xz"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="X a52 aac acl acpi alsa amd64 apng avahi branding bzip2 cairo cdda cdr clang cli cracklib crypt cxx dbus dri dts dvd egl emboss encode exif fam ffmpeg flac gd gdbm gif gnome-keyring gpm gstreamer gtk gtk3 gudev hardened iconv icu ipv6 jpeg justify kmod lcms libnotify libsecret lm_sensors minizip modules mp3 mp4 mpeg multilib ncurses networkmanager nls nptl ogg opengl openmp pam pango pax_kernel pcre pdf perforce pie png policykit pulseaudio python qt5 readline samba sdl seccomp session sound spell sqlite ssl ssp startup-notification svg systemd tcpd text theora threads tiff truetype udev udisks unicode upower urandom usb vaapi vorbis wayland widevine wifi x264 xattr xcb xinerama xml xtpax xv xvid zeroconf zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx sse sse2 mmxext" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="coreboot efi-64 emu qemu pc" INPUT_DEVICES="libinput" KERNEL="linux" L10N="en en-US" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en en_US" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" POSTGRES_TARGETS="postgres9_5" PYTHON_SINGLE_TARGET="python3_4" PYTHON_TARGETS="python2_7 python3_4" QEMU_SOFTMMU_TARGETS="arm aarch64 x86_64" QEMU_USER_TARGETS="arm aarch64 x86_64" RUBY_TARGETS="ruby22 ruby20 ruby21" USERLAND="GNU" VIDEO_CARDS="vesa modesetting qxl nouveau intel" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

=================================================================
                        Package Settings
=================================================================

sys-auth/polkit-0.113::gentoo was built with the following:
USE="gtk introspection nls pam systemd -examples -jit -kde (-selinux) -test" ABI_X86="(64)"
Comment 1 Ben Kohler gentoo-dev 2017-09-28 18:35:19 UTC 
This happens because of some XDG_* vars leaking from the user environment into the root user's emerge environment.  If you use "su -" or "sudo -i" to get a clean root login, this probably won't happen.  See tracker bug 567192 for details.

So this is probably a valid bug, but only triggered when you get a root shell in an "unclean" way.
Comment 2 Gilles Dartiguelongue (RETIRED) gentoo-dev 2017-09-30 09:25:14 UTC 
Please look for duplicate, especially when there is a tracker available.

*** This bug has been marked as a duplicate of bug 587330 ***