sys-devel/gettext fails emerge. Sandbox Access Violation

[Mrat]

After using 'emerge --update --deep --newuse --ask --verbose @world', the package gettext (which I disabled its 'doc' flag) refuses to compile.

This is what it shows:

[krinn]

check perms of /usr/tmp if it cannot use it.

[Mrat]

[krinn]

[fedeliallalinea]

[Mrat]

[Hu]

Since this is a sandbox violation, actual permissions do not matter. What matters is that the package is attempting to write to an area that the sandbox (rightly) disallows. The package should not be writing to any of the system tmp directories, not /tmp, nor /usr/tmp, nor /var/tmp. It should be writing to the reserved temporary directory in the ebuild work area. What package command is causing the mkdir in /usr/tmp?

[Mrat]

[Hu]

The package is sys-devel/gettext, yes, we see that from your earlier output. The package command (that is, the command executed by the package) is some specific command that is blocked by sandbox. We need to know the command and how it is constructed, so that we can determine why it is invoked incorrectly.

[Mrat]

[Hu]

Start by posting the two log files that the output should have told you to post: build.log and config.log. You probably need to put them in a pastebin; wgetpaste can help with this.

[Mrat]

[Hu]

This appears to be a negative interaction between the sandbox and the upstream package, but something in your system is provoking it while most other systems silently tolerate this quirk. Someone thought it would be a good idea to try to write to various live filesystem directories (this is not a good idea), but only if the directory's permissions appear to permit it (and this is simply pointless - just try it and let it fail). Sandbox lets the real permissions show through, so the test believes that it can write there. Sandbox then rightly denies the write. The question then becomes, why is your system reporting this when no one else does? What is the output of ls -ld /usr/tmp for you?

[Mrat]

[Hu]

That is as I expected, and is different from standard. I have /usr/tmp as a symbolic link to /var/tmp. Based on an earlier comment, so does fedeliallalinea. I believe the link is the traditional form. This explains why most people do not hit this gettext configure quirk. You can bypass the failure by replacing your directory /usr/tmp with a symbolic link.

[Mrat]

[Mrat]

I don't know if bumping is allowed on this forum. If it isn't, sorry, but I need help with this

Bump

[genterminl]

I don't know if it will work here, but there are two things I have found sometimes work when an emerge fails with this type of sandbox violation.

1) either log in as root or do "su -" instead of just su or sudo. I don't think it's the case here, but sometimes leftover environment variables cause emerge to try to do things in areas the sandbox blocks.

2) the error may have aborted the emerge, but the ebuild phase might have been marked as completed. If so, then you can manually do the rest of the ebuild phases. For example, your first post started with "Source configured." You can try "ebuild /path/to/ebuildfile comiple" then install, then qmerge. I have a package where I almost always need to do this (although the sandbox error is different from yours) and it always works.

[Hu]

If you still have a problem, please pastebin the current failure. I have dealt with far too many users who say they have "the same" problem when the problem is completely different, so I would rather not speculate further until confirming your problem truly is unchanged.

[Mrat]

[Massimo B.]

Hi, has this been solved in 2018?
Today I came across this issue again when following the
2024-03-22 Profile upgrade to version 23.0 available
news. Not sure it the issue is still the same, but emerge --emptytree fails here:

[Josef.95]

@Massimo B.,
best is probably remove the old /usr/tmp symlink
see the tip in https://bugs.gentoo.org/647678#c9