py25-mayavi port submission and sandbox violation

Rainer Müller raimue at macports.org
Tue Jun 9 18:29:58 PDT 2009 

On 2009-06-09 16:32, Jonathan Stickel wrote:
> $ sudo port -t install py25-mayavi
> --->  Fetching py25-mayavi
> --->  Verifying checksum(s) for py25-mayavi
> --->  Extracting py25-mayavi
> --->  Configuring py25-mayavi
> --->  Building py25-mayavi
> trace: access denied to 
> /opt/local/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/os.py 
> (*unknown*)
> trace: access denied to 
> /opt/local/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/os.pyc 
> (*unknown*)
> ... many more of these lines ...
> trace: access denied to 
> /opt/local/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/hashlib.py 
> (*unknown*)
> trace: access denied to 
> /opt/local/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/hashlib.py 
> (*unknown*)

The problem here is that trace mode does not follow symlinks.
/opt/local/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5 is
a symlink to /opt/local/lib/python2.5, where the files belong to the
python25 port. But under the path used above, the files are not known to
belong to any port.

For now, you simply cannot use trace mode for py25-* modules.

> Warning: An activity was attempted outside sandbox: 
> /var/root/.CFUserTextEncoding
> Warning: An activity was attempted outside sandbox: 
> /var/root/Library/Preferences/.GlobalPreferences.plist
> Warning: An activity was attempted outside sandbox: 
> /var/root/Library/Preferences/ByHost/.GlobalPreferences.001b63950c72.plist

These /var/root accesses also happen for me a lot in trace mode but yet
I don't know what causes them or if that access would be necessary (must
be something in one of the Xcode tools?).

> [...]
> Interestingly, I also see sandbox warnings if I install py25-scipy with 
> trace mode, but that port still builds and installs OK.  Now, I am very 
> new to python, and I know nothing about the python portgroup used for 
> python ports.  I just managed to put these portfiles together by looking 
> at other python ports as examples.
> 
> Can someone help me resolve this issue?  If this is a problem that needs 
> to be reported upstream to the Enthought developers, I can do that, but 
> I need to know what to report.

Report that building and installing the software writes to files outside
the destdir, in this case your home directory. Writing to the home
directory is really bad and should be avoided.

The upcoming privilege escalation feature should prevent this to happen
again in the future by using another user than root to compile software.

Rainer

More information about the macports-dev mailing list