1 |
On 2013-12-20, Grant Edwards <grant.b.edwards@×××××.com> wrote: |
2 |
> One of my systems has suddenly started displaying a lot of error |
3 |
> messages any time any package is emerged: |
4 |
> |
5 |
> >>> Emerging (1 of 1) x11-terms/rxvt-unicode-9.18 |
6 |
> * rxvt-unicode-9.18.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ... [ ok ] |
7 |
> ERROR: ld.so: object 'libsandbox.so' from LD_PRELOAD cannot be preloaded: ignored. |
8 |
> ERROR: ld.so: object 'libsandbox.so' from LD_PRELOAD cannot be preloaded: ignored. |
9 |
> >>> Unpacking source... |
10 |
> >>> Unpacking rxvt-unicode-9.18.tar.bz2 to /home/portage/tmp/portage/x11-terms/rxvt-unicode-9.18/work |
11 |
> >>> Source unpacked in /home/portage/tmp/portage/x11-terms/rxvt-unicode-9.18/work |
12 |
> ERROR: ld.so: object 'libsandbox.so' from LD_PRELOAD cannot be preloaded: ignored. |
13 |
> ERROR: ld.so: object 'libsandbox.so' from LD_PRELOAD cannot be preloaded: ignored. |
14 |
> ERROR: ld.so: object 'libsandbox.so' from LD_PRELOAD cannot be preloaded: ignored. |
15 |
> ERROR: ld.so: object 'libsandbox.so' from LD_PRELOAD cannot be preloaded: ignored. |
16 |
> [...] |
17 |
|
18 |
This seems to have been caused by my setting the NET_RAW capability on |
19 |
/usr/bin/python2.7. I maintain several Python applications that have |
20 |
to use raw sockets, and I got tired of having to use "sudo" to test |
21 |
them -- I also thought it would be safer if I tested them with the |
22 |
minimum capabilities required. But, it appears that setting that |
23 |
capability on the python executable (setting it on a .py file is |
24 |
pointless) breaks the sandbox feature used by emerge. |
25 |
|
26 |
After removing the NET_RAW capability from /usr/bin/python2.7 the |
27 |
sandbox errors went away. |
28 |
|
29 |
So now it's back to running my Python apps as root when all they |
30 |
really need is raw sockets... |
31 |
|
32 |
-- |
33 |
Grant Edwards grant.b.edwards Yow! Sign my PETITION. |
34 |
at |
35 |
gmail.com |