Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 710628 - gnome-base/libgtop-2.40.0 sandbox violation
Summary: gnome-base/libgtop-2.40.0 sandbox violation
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Linux Gnome Desktop Team
URL: https://gitlab.gnome.org/GNOME/libgto...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-02-23 22:01 UTC by cyrillic
Modified: 2020-03-21 16:52 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
build.log (build.log,143.32 KB, text/plain)
2020-02-23 22:05 UTC, cyrillic
Details

Note You need to log in before you can comment on or make changes to this bug.
Description cyrillic 2020-02-23 22:01:58 UTC
gnome-base/libgtop-2.40.0 sandbox violation
 * ACCESS DENIED:  fchownat:     /usr/bin/libgtop_server2
chown: changing ownership of '/usr/bin/libgtop_server2': Permission denied

Reproducible: Always




# emerge --info
Portage 2.3.89 (python 3.7.6-final-0, default/linux/amd64/17.1/desktop/gnome/systemd, gcc-9.2.0, glibc-2.31-r1, 5.6.0-050600rc2-lowlatency x86_64)
=================================================================
System uname: Linux-5.6.0-050600rc2-lowlatency-x86_64-AMD_Ryzen_Threadripper_2970WX_24-Core_Processor-with-gentoo-2.7
KiB Mem:    65892096 total,  44976364 free
KiB Swap:          0 total,         0 free
Head commit of repository qt: 95ccc0dd616df4d0b53d6bc152c5ad7fcb7e5c04

Head commit of repository gentoo: 4fab3f40bd16ceef33ab0978f709e894080f7290

sh bash 5.0_p16
ld GNU ld (Gentoo 2.34 p1) 2.34.0
app-shells/bash:          5.0_p16::gentoo
dev-java/java-config:     2.2.0-r4::gentoo
dev-lang/perl:            5.30.1::gentoo
dev-lang/python:          2.7.17-r1::gentoo, 3.7.6::gentoo, 3.8.1::gentoo
dev-util/cmake:           3.16.4::gentoo
dev-util/pkgconfig:       0.29.2::gentoo
sys-apps/baselayout:      2.7::gentoo
sys-apps/openrc:          0.42.1::gentoo
sys-apps/sandbox:         2.18::gentoo
sys-devel/autoconf:       2.13-r1::gentoo, 2.69-r5::gentoo
sys-devel/automake:       1.13.4-r2::gentoo, 1.16.1-r2::gentoo
sys-devel/binutils:       2.34::gentoo
sys-devel/gcc:            9.2.0-r4::gentoo
sys-devel/gcc-config:     2.2.1::gentoo
sys-devel/libtool:        2.4.6-r6::gentoo
sys-devel/make:           4.3::gentoo
sys-kernel/linux-headers: 5.5::gentoo (virtual/os-headers)
sys-libs/glibc:           2.31-r1::gentoo
Repositories:

newstuff
    location: /mnt/repos/newstuff
    masters: gentoo
    priority: -1030
    eclass-overrides: fixes

redchillipadi
    location: /mnt/repos/redchillipadi
    masters: gentoo
    priority: -1029
    eclass-overrides: fixes

qt
    location: /mnt/repos/qt
    sync-type: git
    sync-uri: https://anongit.gentoo.org/git/proj/qt.git
    masters: gentoo
    priority: -1020
    eclass-overrides: fixes

gnomelive
    location: /mnt/repos/gnomelive
    masters: gentoo
    priority: -1010
    eclass-overrides: fixes

gentoo
    location: /mnt/repos/gentoo
    sync-type: git
    sync-uri: https://anongit.gentoo.org/git/repo/gentoo.git
    priority: -1000
    eclass-overrides: fixes

crossdev
    location: /mnt/repos/crossdev
    masters: gentoo
    eclass-overrides: fixes

fixes
    location: /mnt/repos/fixes
    masters: gentoo
    priority: 10
    eclass-overrides: fixes

Installed sets: @clang, @system
ACCEPT_KEYWORDS="* amd64 ~*"
ACCEPT_LICENSE="@FREE"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=nocona -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=nocona -O2 -pipe"
DISTDIR="/mnt/distfiles"
ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j48"
PKGDIR="/var/tmp/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/tmp"
USE="X a52 aac acl alsa amd64 berkdb bluetooth bluray boost bzip2 cairo caps cdr colord cpudetection cracklib css cups curl custom-cflags cxx dbus drm dts dvd eds egl encode exif expat fbcon ffmpeg flac flickr fontconfig gdbm gif glamor glib gnome gnome-keyring gpm graphite gssapi gstreamer gtk gtk3 harfbuzz ibus icu imagemagick introspection ipv6 jpeg kmod kms lcms libass libinput libnotify libsamplerate lzma mp3 nautilus ncurses networkmanager nls nptl nss numa ogg openexr opengl openmp openssl opus orc pam pango pcre pdf png policykit postproc postscript pulseaudio python readline samba speex spell split-usr ssl ssp static-analyzer svg systemd tcl theora threads tiff tk tools tracker truetype udev unicode upnp-av usb user-session utils v4l vala vorbis vpx vulkan wayland webp x264 x265 xcb xmp xscreensaver xv xvmc zlib zstd" ABI_X86="64" CPU_FLAGS_X86="mmx mmxext sse sse2 sse3" CURL_SSL="nss" ELIBC="glibc" INPUT_DEVICES="libinput wacom" KERNEL="linux" L10N="en" LLVM_TARGETS="AMDGPU BPF X86" PYTHON_SINGLE_TARGET="python3_7" PYTHON_TARGETS="python3_7" RUBY_TARGETS="ruby27" SANE_BACKENDS="*" USERLAND="GNU" VIDEO_CARDS="amdgpu intel nouveau radeon radeonsi"
Unset:  CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 cyrillic 2020-02-23 22:05:06 UTC
Created attachment 615430 [details]
build.log
Comment 2 Mart Raudsepp gentoo-dev 2020-03-02 19:24:27 UTC
d'oh, this explains why I set this bump aside long ago - to deal with this. Now when getting back to bumping this, forgot all about it :(
Comment 3 Larry the Git Cow gentoo-dev 2020-03-21 16:52:50 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9feb8a12c671244c66086921c5f029f1ff763f40

commit 9feb8a12c671244c66086921c5f029f1ff763f40
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2020-03-21 16:52:05 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2020-03-21 16:52:15 +0000

    gnome-base/libgtop: fix suid handling and reinstall sandbox violation
    
    Closes: https://bugs.gentoo.org/710628
    Package-Manager: Portage-2.3.84, Repoman-2.3.20
    Signed-off-by: Mart Raudsepp <leio@gentoo.org>

 gnome-base/libgtop/Manifest                        |  1 +
 .../libgtop/files/2.40.0-sandbox-workaround.patch  | 27 +++++++++++++
 gnome-base/libgtop/libgtop-2.40.0-r1.ebuild        | 44 ++++++++++++++++++++++
 3 files changed, 72 insertions(+)