Gentoo Archives: gentoo-user

From: Mick <michaelkintzios@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Music player being run from an emerge
Date: Wed, 10 Jul 2019 10:09:44
Message-Id: 5835260.WPQNLSennV@localhost
In Reply to: [gentoo-user] Music player being run from an emerge by Andrew Lowe
1 On Tuesday, 9 July 2019 19:10:52 BST Andrew Lowe wrote:
2 > Hi all,
3 > This all happens on an up to date openrc machine with the profile
4 > default/linux/amd64/17.0/desktop/plasma
5 >
6 > I've added a few hooks to the emerge process via the bashrc that is
7 in
8 > /etc/portage. One of the things I do upon emerge failure is kill vlc,
9 > which would have been playing a random song, and then attempt to start
10 > alsaplayer[1] with a specific song. This means that I can be pottering
11 > around the house/shed and if the "failure song" starts playing, I know
12 > something is up. The problem is getting the failure song to play.
13 >
14 > If I log in as my usual user, alsaplayer will run the song. If I
15 then
16 > "su" into root, I'm in wheel, alsaplayer will play the song. The problem
17 > is that when the emerge runs, then fails, alsaplayer can't appear to
18 > fire up.
19
20 Is this because the emerge runs as portage:portage and it does not have access
21 rights to alsaplayer?
22
23
24 > When an emerge fails, I get the usual error listings then the
25 > following:
26 >
27 > * ACCESS DENIED: open_wr: /dev/snd/controlC0
28 > * ACCESS DENIED: open_wr: /dev/snd/controlC0
29 > ALSA lib
30 > /var/tmp/portage/media-libs/alsa-lib-1.1.9/work/alsa-lib-1.1.9/src/confmisc.
31 > c:674:(snd_determine_driver) could not open control for card 0
32 > ALSA lib
33 > /var/tmp/portage/media-libs/alsa-lib-1.1.9/work/alsa-lib-1.1.9/src/conf.c:35
34 > 72:(snd_config_hooks_call) function snd_config_hook_load_for_all_cards
35 > returned error: Permission denied
36
37 Unless the above output was from emerging alsa-lib, your hooks should not be
38 looking in /var/tmp/portage/, but I may not have understood what your
39 mechanism is for launching alsa correctly. Also the above could be a
40 sandboxing limitation?
41
42
43 > Amongst this stuff is a line:
44 >
45 > LOG FILE: "/var/log/sandbox/sandbox-20431.log"
46 >
47 > which I think confirms my suspicions that something is wrong with my
48 > sandbox as I also get this error when the email fails and just before
49 > the failure hook, running alsaplayer, is run:
50 >
51 > ERROR: ld.so: object 'libsandbox.so' from LD_PRELOAD cannot be preloaded
52 > (cannot open shared object file): ignored.
53 >
54 > Are there any emerge/sandbox gurus out there who might have an idea
55 as
56 > to what's going on? Any thoughts are greatly apreciated,
57 >
58 > Andrew
59 >
60 >
61 > [1] vlc won't play as root hence I tried alsaplayer
62
63 I'm not versed in the the details of emerge - I just use it with my limited
64 knowledge as a package manager. Nevertheles, here's some ideas others more
65 knowledgeable could contributed to and correct as necessary:
66
67 Your emerge hooks should 'sudo su - whatever_user' has access to cvlc and run
68 that, instead of vlc, or even alsaplayer. If the emerge process is sandboxed,
69 then the user access rights would be limited, therefore you'll need to expand
70 these with sudo.
71
72 Use full paths for executables in your hook commands and add some traps to see
73 the step at which they fail.
74
75 Running a script with conditionals may be a better way to run emerge and catch
76 a failure code, which will then trigger cvlc.
77
78 I would be reluctant to extend privileges to processes which were designed to
79 do one thing (e.g. emerge) in order to do something else, e.g. read areas of
80 the filesystem they're not meant to meddle in. Choose to use the lowest level
81 of access rights necessary to perform what you're after and no higher.
82
83 I hope the above leads you closer to what you want to achieve.
84 --
85 Regards,
86
87 Mick

Attachments

File name MIME type
signature.asc application/pgp-signature