``` >>> Configuring source in /var/tmp/portage/app-admin/ccze-0.2.1-r4/work/ccze-0.2.1 ... * econf: updating ccze-0.2.1/config.guess with /usr/share/gnuconfig/config.guess * econf: updating ccze-0.2.1/config.sub with /usr/share/gnuconfig/config.sub ./configure --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --docdir=/usr/share/doc/ccze-0.2.1-r4 --htmldir=/usr/share/doc/ccze-0.2.1-r4/html --libdir=/usr/lib64 configure: loading site script /usr/share/config.site checking build system type... x86_64-pc-linux-gnu checking host system type... x86_64-pc-linux-gnu checking for x86_64-pc-linux-gnu-cc... x86_64-pc-linux-gnu-gcc checking for x86_64-pc-linux-gnu-gcc... (cached) x86_64-pc-linux-gnu-gcc * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp checking whether the C compiler works... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for C compiler default output file name... a.out checking for suffix of executables... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp checking whether we are cross compiling... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp no checking for suffix of object files... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp o checking whether the compiler supports GNU C... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking whether x86_64-pc-linux-gnu-gcc accepts -g... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for x86_64-pc-linux-gnu-gcc option to enable C11 features... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp none needed checking whether we are using GCC 3... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp no checking how to run the C preprocessor... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp x86_64-pc-linux-gnu-gcc -E * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp checking for a BSD-compatible install... /usr/lib/portage/python3.11/ebuild-helpers/xattr/install -c checking for stdio.h... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for stdlib.h... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for string.h... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for inttypes.h... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for stdint.h... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for strings.h... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for sys/stat.h... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for sys/types.h... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for unistd.h... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for grep that handles long lines and -e... /usr/sbin/grep checking for egrep... /usr/sbin/grep -E checking for dirent.h that defines DIR... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for library containing opendir... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp none required checking for argp.h... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for getopt.h... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for netdb.h... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for fcntl.h... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for stddef.h... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for an ANSI C-conforming const... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for working volatile... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for size_t... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking return type of signal handlers... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp void checking for GNU libc compatible malloc... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for GNU libc compatible realloc... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for strftime... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking whether lstat correctly handles trailing slash... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking whether stat accepts an empty string... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp no checking for working memcmp... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for vprintf... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking whether closedir returns void... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp no checking for alphasort... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for argp_parse... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for asprintf... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for getdelim... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for getline... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for getopt_long... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for getsubopt... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for memchr... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for memset... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for scandir... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for strcasecmp... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for strchr... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for strdup... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for strndup... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for strstr... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for initscr in -lncurses... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for library containing stdscr... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp -ltinfo checking for dlopen... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp yes checking for getopt_long... (cached) yes checking for pcre-config... /usr/sbin/pcre-config checking for PCRE... found checking for suboptarg... * ACCESS DENIED: mkdir: /run/user/1000/ccache-tmp no configure: creating ./config.status config.status: creating Rules.mk config.status: WARNING: 'Rules.mk.in' seems to ignore the --datarootdir setting config.status: creating Makefile config.status: creating doc/Makefile config.status: creating src/Makefile config.status: creating testsuite/Makefile config.status: creating system.h >>> Source configured. * ----------------------- SANDBOX ACCESS VIOLATION SUMMARY ----------------------- * LOG FILE: "/var/tmp/portage/app-admin/ccze-0.2.1-r4/temp/sandbox.log" * VERSION 1.0 FORMAT: F - Function called FORMAT: S - Access Status FORMAT: P - Path as passed to function FORMAT: A - Absolute Path (not canonical) FORMAT: R - Canonical Path FORMAT: C - Command Line F: mkdir S: deny P: /run/user/1000/ccache-tmp A: /run/user/1000/ccache-tmp R: /run/user/1000/ccache-tmp C: x86_64-pc-linux-gnu-gcc --version ```
Created attachment 838641 [details] sandbox.log
Note this isn't as severe as before or anything, because it won't affect Portage runs, just cases where you have XDG_RUNTIME_DIR set. It may work to just check if /run/user/blah is writable first?
(In reply to Sam James from comment #2) > Note this isn't as severe as before or anything, because it won't affect > Portage runs, just cases where you have XDG_RUNTIME_DIR set. > > It may work to just check if /run/user/blah is writable first? Or maybe Portage should forcefully set CCACHE_TEMPDIR to PORTAGE_TMPDIR.
(After https://github.com/ccache/ccache/commit/876509ae8b95f76adebdfa1f2380d75a49f9871d landed in 4.7.4, we thought maybe things were fine now and dropped our own patch to force usage of /tmp, but we still need to force /tmp as /run/user might exist but not be writable because of sandbox.) I'm not sure if ccache is properly respecting CCACHE_TEMPDIR, as both setting CCACHE_TEMPDIR in the environment, as well as this Portage patch do nothing to help(!): ``` --- a/bin/ebuild.sh +++ b/bin/ebuild.sh @@ -713,6 +713,13 @@ if ! has "${EBUILD_PHASE}" clean cleanrm ; then addwrite "${CCACHE_DIR}" fi + if [[ -z ${CCACHE_TEMPDIR} ]] ; then + export CCACHE_TEMPDIR="${PORTAGE_TMPDIR}"/ccache-tmp + fi + + addread "${CCACHE_TEMPDIR}" + addwrite "${CCACHE_TEMPDIR}" + [[ -n ${CCACHE_SIZE} ]] && ccache -M ${CCACHE_SIZE} &> /dev/null fi fi ```
(In reply to Sam James from comment #3) > (In reply to Sam James from comment #2) > > Note this isn't as severe as before or anything, because it won't affect > > Portage runs, just cases where you have XDG_RUNTIME_DIR set. > > > > It may work to just check if /run/user/blah is writable first? > > Or maybe Portage should forcefully set CCACHE_TEMPDIR to PORTAGE_TMPDIR. This won't help. If XDG_RUNTIME_DIR is set, ccache generates $XDG_RUNTIME_DIR/ccache-tmp and uses it as the default, and only afterwards ccache checks whether this default is overridden. IMHO, this is a bug in ccache: An actually unused directory should not be created unnecessarily. Also, setting CCACHE_TEMPDIR to PORTAGE_TMPDIR is a bad idea: The original default <cache_dir>/tmp makes much more sense, and there is no reason to change this independently of whether XDG_RUNTIME_DIR is set. I patched this conditional undesirable behavior for set XDG_RUNTIME_DIR out.
(In reply to Martin Väth from comment #5) > (In reply to Sam James from comment #3) > > (In reply to Sam James from comment #2) > > > Note this isn't as severe as before or anything, because it won't affect > > > Portage runs, just cases where you have XDG_RUNTIME_DIR set. > > > > > > It may work to just check if /run/user/blah is writable first? > > > > Or maybe Portage should forcefully set CCACHE_TEMPDIR to PORTAGE_TMPDIR. > > This won't help. > > If XDG_RUNTIME_DIR is set, ccache generates $XDG_RUNTIME_DIR/ccache-tmp and > uses it as the default, and only afterwards ccache checks whether this > default is overridden. > Well, I did note that it doesn't actually work in the comment underneath :) It should work, but it doesn't, I think. > IMHO, this is a bug in ccache: An actually unused directory should not be > created unnecessarily. > > Also, setting CCACHE_TEMPDIR to PORTAGE_TMPDIR is a bad idea: > The original default <cache_dir>/tmp makes much more sense, and there is no > reason to change this independently of whether XDG_RUNTIME_DIR is set. > I patched this conditional undesirable behavior for set XDG_RUNTIME_DIR out. I agree the original makes more sense, yes - I don't really understand the value in using XDG_RUNTIME_DIR like this at all.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e37542842e9e85c5f6d739803c6286514a3c6fb commit 8e37542842e9e85c5f6d739803c6286514a3c6fb Author: Pacho Ramos <pacho@gentoo.org> AuthorDate: 2022-12-28 09:11:34 +0000 Commit: Pacho Ramos <pacho@gentoo.org> CommitDate: 2022-12-28 09:14:41 +0000 games-arcade/blobwars: update EAPI 6 -> 8 As a side effect it also avoids bug #883799 Bug: https://bugs.gentoo.org/883799 Bug: https://bugs.gentoo.org/887019 Signed-off-by: Pacho Ramos <pacho@gentoo.org> games-arcade/blobwars/blobwars-2.00-r1.ebuild | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-)
Packages where I am observing this issue, on stable amd64: sys-apps/msr-tools-1.3 sys-process/dcron-4.5-r2 And out-of-tree www-client/palemoon::palemoon
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=257fc52ad8a0d9fa867ed72b9e714dfe5f478555 commit 257fc52ad8a0d9fa867ed72b9e714dfe5f478555 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-05-17 04:00:57 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-17 04:01:22 +0000 dev-util/ccache: avoid /run usage (again) Closes: https://bugs.gentoo.org/883799 Closes: https://bugs.gentoo.org/887019 Signed-off-by: Sam James <sam@gentoo.org> dev-util/ccache/ccache-4.8-r2.ebuild | 130 +++++++++++++++++++++ .../ccache/files/ccache-4.8-avoid-run-user.patch | 34 ++++++ 2 files changed, 164 insertions(+)