On Tuesday, 9 July 2019 19:10:52 BST Andrew Lowe wrote: > Hi all, > This all happens on an up to date openrc machine with the profile > default/linux/amd64/17.0/desktop/plasma > > I've added a few hooks to the emerge process via the bashrc that is in > /etc/portage. One of the things I do upon emerge failure is kill vlc, > which would have been playing a random song, and then attempt to start > alsaplayer[1] with a specific song. This means that I can be pottering > around the house/shed and if the "failure song" starts playing, I know > something is up. The problem is getting the failure song to play. > > If I log in as my usual user, alsaplayer will run the song. If I then > "su" into root, I'm in wheel, alsaplayer will play the song. The problem > is that when the emerge runs, then fails, alsaplayer can't appear to > fire up.
Is this because the emerge runs as portage:portage and it does not have access rights to alsaplayer? > When an emerge fails, I get the usual error listings then the > following: > > * ACCESS DENIED: open_wr: /dev/snd/controlC0 > * ACCESS DENIED: open_wr: /dev/snd/controlC0 > ALSA lib > /var/tmp/portage/media-libs/alsa-lib-1.1.9/work/alsa-lib-1.1.9/src/confmisc. > c:674:(snd_determine_driver) could not open control for card 0 > ALSA lib > /var/tmp/portage/media-libs/alsa-lib-1.1.9/work/alsa-lib-1.1.9/src/conf.c:35 > 72:(snd_config_hooks_call) function snd_config_hook_load_for_all_cards > returned error: Permission denied Unless the above output was from emerging alsa-lib, your hooks should not be looking in /var/tmp/portage/, but I may not have understood what your mechanism is for launching alsa correctly. Also the above could be a sandboxing limitation? > Amongst this stuff is a line: > > LOG FILE: "/var/log/sandbox/sandbox-20431.log" > > which I think confirms my suspicions that something is wrong with my > sandbox as I also get this error when the email fails and just before > the failure hook, running alsaplayer, is run: > > ERROR: ld.so: object 'libsandbox.so' from LD_PRELOAD cannot be preloaded > (cannot open shared object file): ignored. > > Are there any emerge/sandbox gurus out there who might have an idea as > to what's going on? Any thoughts are greatly apreciated, > > Andrew > > > [1] vlc won't play as root hence I tried alsaplayer I'm not versed in the the details of emerge - I just use it with my limited knowledge as a package manager. Nevertheles, here's some ideas others more knowledgeable could contributed to and correct as necessary: Your emerge hooks should 'sudo su - whatever_user' has access to cvlc and run that, instead of vlc, or even alsaplayer. If the emerge process is sandboxed, then the user access rights would be limited, therefore you'll need to expand these with sudo. Use full paths for executables in your hook commands and add some traps to see the step at which they fail. Running a script with conditionals may be a better way to run emerge and catch a failure code, which will then trigger cvlc. I would be reluctant to extend privileges to processes which were designed to do one thing (e.g. emerge) in order to do something else, e.g. read areas of the filesystem they're not meant to meddle in. Choose to use the lowest level of access rights necessary to perform what you're after and no higher. I hope the above leads you closer to what you want to achieve. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
