Created attachment 519584 [details] emerge --info sys-devel/patch-2.7.6-r1 Emerging sys-devel/patch incur in a sandbox violation after configure phase is completed, notice that the system is using experimental 17.1 profiles
MAKEOPTS=-j1 emerge -1 -j1 patch Calculating dependencies... done! >>> Verifying ebuild manifests >>> Emerging (1 of 1) sys-devel/patch-2.7.6-r1::gentoo * patch-2.7.6.tar.xz BLAKE2B SHA512 size ;-) ... [ ok ] >>> Unpacking source... >>> Unpacking patch-2.7.6.tar.xz to /var/tmp/portage/sys-devel/patch-2.7.6-r1/work >>> Source unpacked in /var/tmp/portage/sys-devel/patch-2.7.6-r1/work >>> Preparing source in /var/tmp/portage/sys-devel/patch-2.7.6-r1/work/patch-2.7.6 ... * Applying patch-2.7.6-fix-test-suite.patch ... [ ok ] >>> Source prepared. >>> Configuring source in /var/tmp/portage/sys-devel/patch-2.7.6-r1/work/patch-2.7.6 ... * econf: updating patch-2.7.6/build-aux/config.sub with /usr/share/gnuconfig/config.sub * econf: updating patch-2.7.6/build-aux/config.guess with /usr/share/gnuconfig/config.guess ./configure --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/ma n --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --disable-d ependency-tracking --disable-silent-rules --docdir=/usr/share/doc/patch-2.7.6-r1 --htmldir=/usr/share/d oc/patch-2.7.6-r1/html --libdir=/usr/lib64 --enable-xattr --program-prefix= checking for a BSD-compatible install... /usr/lib/portage/python3.6/ebuild-helpers/xattr/install [...] checking for long file names... * ACCESS DENIED: MKDIR: /usr/tmp/cf703 yes [...] config.status: creating src/Makefile [88/1380]config.status: creating tests/Makefile config.status: creating config.h config.status: executing depfiles commands >>> Source configured. * --------------------------- ACCESS VIOLATION SUMMARY --------------------------- * LOG FILE: "/var/log/sandbox/sandbox-574.log" * VERSION 1.0 FORMAT: F - Function called FORMAT: S - Access Status FORMAT: P - Path as passed to function FORMAT: A - Absolute Path (not canonical) FORMAT: R - Canonical Path FORMAT: C - Command Line F: MKDIR S: deny P: /usr/tmp/cf703 A: /usr/tmp/cf703 R: /usr/tmp/cf703 C: mkdir /usr/tmp/cf703
*** Bug 678494 has been marked as a duplicate of this bug. ***
*** Bug 678492 has been marked as a duplicate of this bug. ***
*** Bug 678566 has been marked as a duplicate of this bug. ***
*** Bug 678574 has been marked as a duplicate of this bug. ***
*** Bug 678582 has been marked as a duplicate of this bug. ***
You have a lot of outdated system packages including sandbox itself. Did you try upgrading sandbox?
The configure script attempts to create a directory "/usr/tmp/cf$$" only if /usr/tmp already exists and is writable. /usr/tmp does not exist on a normal system. You should either remove /usr/tmp, or add it to SANDBOX_WRITE in /etc/sandbox.conf.
This resolution does not make sense. If /usr/tmp exists, that is a local error and regarded as invalid, but then you open a bug report asking for /usr/tmp to be exempted from sandbox violation? The new bug report validates this one.
I'm not sure what the proper resolution for this bug would be; there's no bug to be fixed in sys-devel/patch. The new bug I filed is more an enhancement request to handle a mis-configuration that a user might unwittingly create.
Ok, apparently we already whitelist /usr/tmp/cf in sys-apps/sandbox. Per comment 8 please upgrade sandbox. Also make sure that /etc/sandbox.d/00default has that path in SANDBOX_WRITE.
Whitelisting /usr/tmp/cf is not enough, because the temporary directory the package tries to create is /usr/tmp/cf1234, not /usr/tmp/cf/1234. Which of these two should the package use? sys-devel/patch-2.7.5 had no sandbox problem, it appeared in newer versions. To fix I tried to add /usr/tmp/cf* and /usr/tmp/cf.* to SANDBOX_WRITE in /etc/sandbox.d/00default, but it didn't work. I guess sandbox does not support patterns or regular expressions. I added /usr/tmp to SANDBOX_WRITE in /etc/sandbox.d/00default, and it did work. This can be considered a work-around. Another work-around is: FEATURES=-usersandbox emerge -1 =sys-devel/patch-2.7.6-r2
I noticed Mike's comment that /usr/tmp should normally be absent. I had it on my system: lrwxrwxrwx 1 root root 8 Sep 14 2012 /usr/tmp -> /var/tmp I removed it: # rm /usr/tmp Now the package emerges. I don't know why I had it. I hope the removal is safe and my system won't misbehave without /usr/tmp?
Here's a simple test if you still have a /usr/tmp directory: > sandbox test -w /usr/tmp/. ; echo $? This should output 1 with a default sandbox config. If this outputs 0, then there may be a bug in the sandbox code.
(In reply to Mike Gilbert from comment #15) > Here's a simple test if you still have a /usr/tmp directory: > > > sandbox test -w /usr/tmp/. ; echo $? > > This should output 1 with a default sandbox config. If this outputs 0, then > there may be a bug in the sandbox code. sys-apps/sandbox-2.15 with all /etc config files of the package untouched: --- # sandbox test -w /usr/tmp/. ; echo $? 0 ---
