py25-mayavi port submission and sandbox violation

Jonathan Stickel jjstickel at vcn.com
Tue Jul 7 08:13:06 PDT 2009 

Rainer Müller wrote:
> On 2009-06-09 16:32, Jonathan Stickel wrote:
>> $ sudo port -t install py25-mayavi
>> --->  Fetching py25-mayavi
>> --->  Verifying checksum(s) for py25-mayavi
>> --->  Extracting py25-mayavi
>> --->  Configuring py25-mayavi
>> --->  Building py25-mayavi
>> trace: access denied to 
>> /opt/local/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/os.py 
>> (*unknown*)
>> trace: access denied to 
>> /opt/local/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/os.pyc 
>> (*unknown*)
>> ... many more of these lines ...
>> trace: access denied to 
>> /opt/local/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/hashlib.py 
>> (*unknown*)
>> trace: access denied to 
>> /opt/local/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/hashlib.py 
>> (*unknown*)
> 
> The problem here is that trace mode does not follow symlinks.
> /opt/local/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5 is
> a symlink to /opt/local/lib/python2.5, where the files belong to the
> python25 port. But under the path used above, the files are not known to
> belong to any port.
> 
> For now, you simply cannot use trace mode for py25-* modules.
> 
>> Warning: An activity was attempted outside sandbox: 
>> /var/root/.CFUserTextEncoding
>> Warning: An activity was attempted outside sandbox: 
>> /var/root/Library/Preferences/.GlobalPreferences.plist
>> Warning: An activity was attempted outside sandbox: 
>> /var/root/Library/Preferences/ByHost/.GlobalPreferences.001b63950c72.plist
> 
> These /var/root accesses also happen for me a lot in trace mode but yet
> I don't know what causes them or if that access would be necessary (must
> be something in one of the Xcode tools?).
> 
>> [...]
>> Interestingly, I also see sandbox warnings if I install py25-scipy with 
>> trace mode, but that port still builds and installs OK.  Now, I am very 
>> new to python, and I know nothing about the python portgroup used for 
>> python ports.  I just managed to put these portfiles together by looking 
>> at other python ports as examples.
>>
>> Can someone help me resolve this issue?  If this is a problem that needs 
>> to be reported upstream to the Enthought developers, I can do that, but 
>> I need to know what to report.
> 
> Report that building and installing the software writes to files outside
> the destdir, in this case your home directory. Writing to the home
> directory is really bad and should be avoided.
> 
> The upcoming privilege escalation feature should prevent this to happen
> again in the future by using another user than root to compile software.
> 

The sandbox violation for the submitted ports has been fixed upstream, 
and I have incorporated the fixes in the portfiles.  I think the ports 
are now ready for inclusion in macports.  Some developer attention would 
be appreciated.  The link to the tracker is:

http://trac.macports.org/ticket/19567

Thanks!
Jonathan

More information about the macports-dev mailing list