On 2013-12-20, Grant Edwards <[email protected]> wrote:
> One of my systems has suddenly started displaying a lot of error
> messages any time any package is emerged:
>
> >>> Emerging (1 of 1) x11-terms/rxvt-unicode-9.18
> * rxvt-unicode-9.18.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...
> [ ok ]
> ERROR: ld.so: object 'libsandbox.so' from LD_PRELOAD cannot be preloaded:
> ignored.
> ERROR: ld.so: object 'libsandbox.so' from LD_PRELOAD cannot be preloaded:
> ignored.
> >>> Unpacking source...
> >>> Unpacking rxvt-unicode-9.18.tar.bz2 to
> >>> /home/portage/tmp/portage/x11-terms/rxvt-unicode-9.18/work
> >>> Source unpacked in
> >>> /home/portage/tmp/portage/x11-terms/rxvt-unicode-9.18/work
> ERROR: ld.so: object 'libsandbox.so' from LD_PRELOAD cannot be preloaded:
> ignored.
> ERROR: ld.so: object 'libsandbox.so' from LD_PRELOAD cannot be preloaded:
> ignored.
> ERROR: ld.so: object 'libsandbox.so' from LD_PRELOAD cannot be preloaded:
> ignored.
> ERROR: ld.so: object 'libsandbox.so' from LD_PRELOAD cannot be preloaded:
> ignored.
> [...]
This seems to have been caused by my setting the NET_RAW capability on
/usr/bin/python2.7. I maintain several Python applications that have
to use raw sockets, and I got tired of having to use "sudo" to test
them -- I also thought it would be safer if I tested them with the
minimum capabilities required. But, it appears that setting that
capability on the python executable (setting it on a .py file is
pointless) breaks the sandbox feature used by emerge.
After removing the NET_RAW capability from /usr/bin/python2.7 the
sandbox errors went away.
So now it's back to running my Python apps as root when all they
really need is raw sockets...
--
Grant Edwards grant.b.edwards Yow! Sign my PETITION.
at
gmail.com
