gpgme master build sandbox violations
Alon Bar-Lev
alon.barlev at gmail.com
Mon Jul 3 20:23:31 CEST 2017
Hi,
While waiting ages for gpgme-1.9.1 release, I checked master and noticed
the following sandbox violations.
It tries to create /run/user/XXX while it should use either TMPDIR or the
builddir.
Thanks,
Alon
---
Making all in tests
make[2]: Entering directory
'/var/tmp/portage/app-crypt/gpgme-1.9.1/work/gpgme-1.9.1-beta43/tests'
Making all in gpg
make[3]: Entering directory
'/var/tmp/portage/app-crypt/gpgme-1.9.1/work/gpgme-1.9.1-beta43/tests/gpg'
echo no-force-v3-sigs > ./gpg.conf
echo pinentry-program
/var/tmp/portage/app-crypt/gpgme-1.9.1/work/gpgme-1.9.1-beta43/tests/gpg/pinentry
> ./gpg-agent.conf
gpgconf --kill all
* ACCESS DENIED: mkdir:
/run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
* ACCESS DENIED: mkdir:
/run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
* ACCESS DENIED: mkdir:
/run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
/bin/mkdir -p ./private-keys-v1.d
for k in 13CD0F3BDF24BE53FE192D62F18737256FF6E4FD
76F7E2B35832976B50A27A282D9B87E44577EB66
A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD
13CBE3758AFE42B5E5E2AE4CED27AFA455E3F87F
7A030357C0F253A5BBCD282FFC4E521B37558F5C; do \
cp ./$k private-keys-v1.d/$k.key; \
done
echo x > ./private-keys-v1.d/gpg-sample.stamp
gpg --batch --no-permission-warning \
--import ./pubdemo.asc
gpg: keybox
'/var/tmp/portage/app-crypt/gpgme-1.9.1/work/gpgme-1.9.1-beta43/tests/gpg/pubring.kbx'
created
gpg:
/var/tmp/portage/app-crypt/gpgme-1.9.1/work/gpgme-1.9.1-beta43/tests/gpg/trustdb.gpg:
trustdb created
gpg: key 2D727CC768697734: public key "Alfa Test (demo key) <
alfa at example.net>" imported
* ACCESS DENIED: mkdir:
/run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
* ACCESS DENIED: mkdir:
/run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
gpg: key FE180B1DA9E3B0B2: public key "Bob (demo key)" imported
<snip>
gpg: key 9EEF34CD4B11B25F: public key "Yankee Test (demo key) <
yankee at example.net>" imported
gpg: key 6BC4778054ACD246: public key "Zulu Test (demo key) <
zulu at example.net>" imported
gpg: Total number processed: 26
gpg: imported: 26
gpg --batch --no-permission-warning \
--import ./secdemo.asc
gpg: key 2D727CC768697734: "Alfa Test (demo key) <alfa at example.net>" 1 new
signature
* ACCESS DENIED: mkdir:
/run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
gpg: key 2D727CC768697734: secret key imported
make[3]: Entering directory
'/var/tmp/portage/app-crypt/gpgme-1.9.1/work/gpgme-1.9.1-beta43/tests/gpgsm'
echo disable-crl-checks > ./gpgsm.conf
echo faked-system-time 1008241200 >> ./gpgsm.conf
echo 32100C27173EF6E9C4E9A25D3D69F86D37A4F939 > ./trustlist.txt
echo >> ./trustlist.txt
echo "# CN=test cert 1,OU=Aegypten Project,O=g10 Code
GmbH,L=Düsseldorf,C=DE" >> ./trustlist.txt
echo "3CF405464F66ED4A7DF45BBDD1E4282E33BDB76E S" >> ./trustlist.txt
gpgconf --kill all
* ACCESS DENIED: mkdir:
/run/user/1000/gnupg/d.51ih5c4sxjgpci4ftrcx8c49
* ACCESS DENIED: mkdir:
/run/user/1000/gnupg/d.51ih5c4sxjgpci4ftrcx8c49
* ACCESS DENIED: mkdir:
/run/user/1000/gnupg/d.51ih5c4sxjgpci4ftrcx8c49
/bin/mkdir -p ./private-keys-v1.d
cp ./32100C27173EF6E9C4E9A25D3D69F86D37A4F939
private-keys-v1.d/32100C27173EF6E9C4E9A25D3D69F86D37A4F939.key
echo x > ./private-keys-v1.d/gpg-sample.stamp
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line
F: mkdir
S: deny
P: /run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
A: /run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
R: /run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
C: gpg-connect-agent --no-autostart KILLAGENT
F: mkdir
S: deny
P: /run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
A: /run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
R: /run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
C: gpg-connect-agent -s --no-autostart GETINFO scd_running /if ${! $?} scd
killscd /end
F: mkdir
S: deny
P: /run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
A: /run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
R: /run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
C: gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR
F: mkdir
S: deny
P: /run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
A: /run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
R: /run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
C: gpg --batch --no-permission-warning --import ./pubdemo.asc
F: mkdir
S: deny
P: /run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
A: /run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
R: /run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
C: gpg-agent --homedir
/var/tmp/portage/app-crypt/gpgme-1.9.1/work/gpgme-1.9.1-beta43/tests/gpg
--use-standard-socket --daemon
F: mkdir
S: deny
P: /run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
A: /run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
R: /run/user/1000/gnupg/d.dn67o4dwds88dto43wzt7y31
C: gpg --batch --no-permission-warning --import ./secdemo.asc
F: mkdir
S: deny
P: /run/user/1000/gnupg/d.51ih5c4sxjgpci4ftrcx8c49
A: /run/user/1000/gnupg/d.51ih5c4sxjgpci4ftrcx8c49
R: /run/user/1000/gnupg/d.51ih5c4sxjgpci4ftrcx8c49
C: gpg-connect-agent --no-autostart KILLAGENT
F: mkdir
S: deny
P: /run/user/1000/gnupg/d.51ih5c4sxjgpci4ftrcx8c49
A: /run/user/1000/gnupg/d.51ih5c4sxjgpci4ftrcx8c49
R: /run/user/1000/gnupg/d.51ih5c4sxjgpci4ftrcx8c49
C: gpg-connect-agent -s --no-autostart GETINFO scd_running /if ${! $?} scd
killscd /end
F: mkdir
S: deny
P: /run/user/1000/gnupg/d.51ih5c4sxjgpci4ftrcx8c49
A: /run/user/1000/gnupg/d.51ih5c4sxjgpci4ftrcx8c49
R: /run/user/1000/gnupg/d.51ih5c4sxjgpci4ftrcx8c49
C: gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR
F: mkdir
S: deny
P: /run/user/1000/gnupg/d.sapwjz18zz5c65r7ujpk4nyu
A: /run/user/1000/gnupg/d.sapwjz18zz5c65r7ujpk4nyu
R: /run/user/1000/gnupg/d.sapwjz18zz5c65r7ujpk4nyu
C: gpg-connect-agent --no-autostart KILLAGENT
F: mkdir
S: deny
P: /run/user/1000/gnupg/d.sapwjz18zz5c65r7ujpk4nyu
A: /run/user/1000/gnupg/d.sapwjz18zz5c65r7ujpk4nyu
R: /run/user/1000/gnupg/d.sapwjz18zz5c65r7ujpk4nyu
C: gpg-connect-agent -s --no-autostart GETINFO scd_running /if ${! $?} scd
killscd /end
F: mkdir
S: deny
P: /run/user/1000/gnupg/d.sapwjz18zz5c65r7ujpk4nyu
A: /run/user/1000/gnupg/d.sapwjz18zz5c65r7ujpk4nyu
R: /run/user/1000/gnupg/d.sapwjz18zz5c65r7ujpk4nyu
C: gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR
F: mkdir
S: deny
P: /run/user/1000/gnupg/d.sapwjz18zz5c65r7ujpk4nyu
A: /run/user/1000/gnupg/d.sapwjz18zz5c65r7ujpk4nyu
R: /run/user/1000/gnupg/d.sapwjz18zz5c65r7ujpk4nyu
C: gpg --no-permission-warning --import ../../../tests/gpg/pubdemo.asc
F: mkdir
S: deny
P: /run/user/1000/gnupg/d.sapwjz18zz5c65r7ujpk4nyu
A: /run/user/1000/gnupg/d.sapwjz18zz5c65r7ujpk4nyu
R: /run/user/1000/gnupg/d.sapwjz18zz5c65r7ujpk4nyu
C: gpg-agent --homedir
/var/tmp/portage/app-crypt/gpgme-1.9.1/work/gpgme-1.9.1-beta43/lang/qt/tests
--use-standard-socket --daemon
F: mkdir
S: deny
P: /run/user/1000/gnupg/d.sapwjz18zz5c65r7ujpk4nyu
A: /run/user/1000/gnupg/d.sapwjz18zz5c65r7ujpk4nyu
R: /run/user/1000/gnupg/d.sapwjz18zz5c65r7ujpk4nyu
C: gpg --no-permission-warning --passphrase abc --import
../../../tests/gpg/secdemo.asc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170703/fe27a6c4/attachment-0001.html>
More information about the Gnupg-devel
mailing list