> On 13 Jun 2017, at 10:42 pm, Joshua Root <[email protected]> wrote: > > On 2017-6-14 07:05 , Daniel J. Luke wrote: >> On Jun 13, 2017, at 4:57 PM, Christopher Jones <[email protected]> >> wrote: >>> :info:build open('/dev/random'): Operation not permitted >>> >>> Now, this works outside. So I suspect the build is in some way prevent the >>> build process from accessing this. Is this possible ? If so, more to the >>> point, is there a way I can get this to work… ? >> I suspect the sandbox doesn't include access to /dev/random (Macports >> started using sandbox-exec with version 2.2.0) >> As a temporary workaround (or to test this theory) you can add >> "sandbox_enable no" to your macports.conf > > Our sandbox only restricts writes. Seems like the program is opening > /dev/random with O_RDWR? Writing to it is technically allowed (though I don't > know that it does anything on darwin), so we should probably add it to the > sandbox exceptions, but I'm not sure why it would be needed.
Had a look into this. The ROOT source never explicitly opens /dev/random in read/write mode. Only read only. However, it also uses a number of external library calls, like std::rand(), and my best bet is one of these is doing it. As writing to /dev/random is allowed, to update the entropy pool, I don’t think this in itself is an issue. So is it OK to add /dev/random to the allowed locations for the sandbox ? cheers Chris > > - Josh
smime.p7s
Description: S/MIME cryptographic signature
