Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 702630 - sys-devel/distcc - sandbox violation in /root/.ssh/sockets/s0rin@ by ssh distccd --inetd --enable-tcp-insecure
Summary: sys-devel/distcc - sandbox violation in /root/.ssh/sockets/s0rin@ b...
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Cluster Team
Depends on:
Reported: 2019-12-12 23:25 UTC by Guillaume Seren
Modified: 2022-05-31 07:02 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

build log of app-shells/zsh (zsh-build.log,124.22 KB, text/x-log)
2019-12-13 09:34 UTC, Guillaume Seren
portage ssh config (portage-ssh-config,201 bytes, text/plain)
2019-12-13 09:39 UTC, Guillaume Seren

Note You need to log in before you can comment on or make changes to this bug.
Description Guillaume Seren 2019-12-12 23:25:42 UTC
I use distcc for a while, basically I use it with a ssh user just like explained in the wiki page

Since a few weeks, I get a new error on some packages like app-shells/zsh,
I find a workaround by adding a package.env that disable the sandbox FEATURES.

The error appends at the end of the build, like:
 * --------------------------- ACCESS VIOLATION SUMMARY ---------------------------
 * LOG FILE: "/var/log/sandbox/sandbox-4.log"
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line

F: link
S: deny
P: /root/.ssh/sockets/s0rin@
A: /root/.ssh/sockets/s0rin@
R: /root/.ssh/sockets/s0rin@
C: ssh distccd --inetd --enable-tcp-insecure 

F: unlink
S: deny
P: /root/.ssh/sockets/s0rin@
A: /root/.ssh/sockets/s0rin@
R: /root/.ssh/sockets/s0rin@
C: ssh distccd --inetd --enable-tcp-insecure 
 * --------------------------------------------------------------------------------

Maybe there is a better way to fix this ?
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2019-12-13 08:31:03 UTC
Looks like a local (mis)configuration problem. Who is s0rin?
Comment 2 Guillaume Seren 2019-12-13 09:34:08 UTC
those are fake information to not show real information.

So this error appends during the install phase, but yes maybe it is a missconfiguration, please check the log I attached.
Comment 3 Guillaume Seren 2019-12-13 09:34:57 UTC
Created attachment 599326 [details]
build log of app-shells/zsh
Comment 4 Guillaume Seren 2019-12-13 09:39:07 UTC
I also attached a anonymized version of the portage ssh config file,
but it is very simple.
Comment 5 Guillaume Seren 2019-12-13 09:39:31 UTC
Created attachment 599328 [details]
portage ssh config
Comment 6 Guillaume Seren 2019-12-14 14:52:58 UTC
Hum maybe I did not express my issue clearly, sorry.

My objective is to be able to share cpu power from several build machine,
ideally each machine get pull some help from at least 1 other to build/upgrade faster.

Before I used a nodistcc, for the packages that didn't worked with distcc,
like gcc, and many others, but what I am trying to do is trim that list down.

So this error is coming from many of those package, and I am wondering if there is a way, configuration or disabling some FEATURE, to get rid of this specific error (link / unlink).

If a package can be build with distcc maybe we should change the ebuild of those,
to avoid that kind of error, and maybe be changed by the maintainer if the cause of the error is no more.