[paludis-dev] [Paludis] #1321: paludis/cave needs write access to /var/log/sandbox

Paludis trac-paludis at exherbo.org
Tue Jan 20 12:07:49 UTC 2015


#1321: paludis/cave needs write access to /var/log/sandbox
-------------------------+--------------------------
    Reporter:  cmuelle8  |       Type:  defect
      Status:  new       |   Priority:  Sometime
   Milestone:            |  Component:  clients/cave
     Version:  2.2.0     |   Keywords:
  Blocked By:            |   Blocking:
Distribution:  N/A       |
-------------------------+--------------------------
 The default install of sandbox uses root.root permissions for the
 directory

 /var/log/sandbox

 This will probably work well for portage emerges, but does not for paludis
 builds, since paludis drops privileges to the user 'paludisbuild'.

 If a sandbox is in effect and cannot write to /var/log/sandbox the
 sandboxed process (and the sandbox) will be aborted and no log file will
 be written resulting in the build to fail.


 TEST CASE:
 sudo -u paludisbuild sandbox bash
 paludisbuild at coltrane /etc/sandbox.d $ echo 1 > /proc/mtrr
  * ACCESS DENIED:  open_wr:      /proc/mtrr
  * ISE:write_logfile: unable to append logfile:
 /var/log/sandbox/sandbox-16870.log
  * ../../sandbox-2.6/libsandbox/libsandbox.c:check_syscall():879: failure
 (Ungültiger Dateideskriptor):
  * ISE:
         abs_path: /proc/mtrr
         res_path: /proc/mtrr
 /usr/lib64/libsandbox.so(+0xa252)[0x7f863fa76252]
 /usr/lib64/libsandbox.so(+0xa368)[0x7f863fa76368]
 /usr/lib64/libsandbox.so(+0x46e3)[0x7f863fa706e3]
 /usr/lib64/libsandbox.so(open+0x6c)[0x7f863fa74bcc]
 bash[0x47a552]
 bash(do_redirections+0x52)[0x450ab2]
 bash[0x451abd]
 bash(execute_command_internal+0xc5e)[0x452c7e]
 bash(execute_command+0x4e)[0x45450e]
 bash(reader_loop+0x202)[0x479602]
 /proc/16871/cmdline: bash

 Sandboxed process killed by signal: Aborted

 SEE ALSO:
 https://bugs.gentoo.org/show_bug.cgi?id=537124

-- 
Ticket URL: <http://paludis.exherbo.org/trac/ticket/1321>
Paludis <http://paludis.exherbo.org/>
Paludis, the Other Package Mangler


More information about the paludis-dev mailing list