Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Mike Gilbert <floppym@g.o>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Re: emerge: 'libsandbox.so' from LD_PRELOAD cannot be preloaded
Date: Fri, 20 Dec 2013 18:08:29
Message-Id: CAJ0EP40TRpyq=Bc6SX+XV-UdYf6wUq19jq4hxUt9cWY7RUY1qQ@mail.gmail.com
In Reply to: [gentoo-user] Re: emerge: 'libsandbox.so' from LD_PRELOAD cannot be preloaded by Grant Edwards
1 On Fri, Dec 20, 2013 at 12:22 PM, Grant Edwards
2 <grant.b.edwards@×××××.com> wrote:
3 > On 2013-12-20, Grant Edwards <grant.b.edwards@×××××.com> wrote:
4 >> One of my systems has suddenly started displaying a lot of error
5 >> messages any time any package is emerged:
6 >>
7 >> >>> Emerging (1 of 1) x11-terms/rxvt-unicode-9.18
8 >> * rxvt-unicode-9.18.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ... [ ok ]
9 >> ERROR: ld.so: object 'libsandbox.so' from LD_PRELOAD cannot be preloaded: ignored.
10 >> ERROR: ld.so: object 'libsandbox.so' from LD_PRELOAD cannot be preloaded: ignored.
11 >> >>> Unpacking source...
12 >> >>> Unpacking rxvt-unicode-9.18.tar.bz2 to /home/portage/tmp/portage/x11-terms/rxvt-unicode-9.18/work
13 >> >>> Source unpacked in /home/portage/tmp/portage/x11-terms/rxvt-unicode-9.18/work
14 >> ERROR: ld.so: object 'libsandbox.so' from LD_PRELOAD cannot be preloaded: ignored.
15 >> ERROR: ld.so: object 'libsandbox.so' from LD_PRELOAD cannot be preloaded: ignored.
16 >> ERROR: ld.so: object 'libsandbox.so' from LD_PRELOAD cannot be preloaded: ignored.
17 >> ERROR: ld.so: object 'libsandbox.so' from LD_PRELOAD cannot be preloaded: ignored.
18 >> [...]
19 >
20 > This seems to have been caused by my setting the NET_RAW capability on
21 > /usr/bin/python2.7. I maintain several Python applications that have
22 > to use raw sockets, and I got tired of having to use "sudo" to test
23 > them -- I also thought it would be safer if I tested them with the
24 > minimum capabilities required. But, it appears that setting that
25 > capability on the python executable (setting it on a .py file is
26 > pointless) breaks the sandbox feature used by emerge.
27 >
28 > After removing the NET_RAW capability from /usr/bin/python2.7 the
29 > sandbox errors went away.
30 >
31 > So now it's back to running my Python apps as root when all they
32 > really need is raw sockets...
33 >
34
35 An couple of workarounds for you:
36
37 1. Create a copy of the python2.7 binary, set the NET_RAW cap on that.
38 2. Create a small wrapper in C that calls the python2.7 binary. Set
39 the NET_RAW cap on the wrapper binary.

Replies

Subject Author
[gentoo-user] Re: emerge: 'libsandbox.so' from LD_PRELOAD cannot be preloaded Grant Edwards <grant.b.edwards@×××××.com>
Report Message
Find on MARC Find on Google Groups