598214 – www-client/chromium-55.0.2883.21 sandbox violations during emerge

Bug 598214 - www-client/chromium-55.0.2883.21 sandbox violations during emerge

Summary: www-client/chromium-55.0.2883.21 sandbox violations during emerge

Status:	RESOLVED NEEDINFO

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Chromium Project

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2016-10-27 08:52 UTC by Andreas Steinmetz
Modified:	2016-11-24 16:23 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Build Log Excerpt (privacy mangled) (file_598214.txt,34.07 KB, text/plain) 2016-10-27 08:52 UTC, Andreas Steinmetz	Details
emerge --info output (emerge.info,7.72 KB, text/plain) 2016-10-28 06:24 UTC, Andreas Steinmetz	Details
/etc/chromium/default (default,346 bytes, text/plain) 2016-10-28 06:25 UTC, Andreas Steinmetz	Details
cgroup configuration script (cgroup.start,643 bytes, text/plain) 2016-10-28 15:46 UTC, Andreas Steinmetz	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Steinmetz 2016-10-27 08:52:07 UTC

Created attachment 451568 [details]
Build Log Excerpt (privacy mangled)

I'm limiting chromium CPU usage by cpuset means via /sys/fs/cgroup/cpuset/chrome. This seems to trigger sandbox access violations during chromium emerge.
Temporary fix is to add the following to /etc/sandbox.conf:
SANDBOX_WRITE="/sys/fs/cgroup/cpuset/chrome/tasks"

Comment 1 Michael 'veremitz' Everitt 2016-10-28 03:19:55 UTC

Please can you post the results of 'emerge --info'. Thanks.

Comment 2 Andreas Steinmetz 2016-10-28 06:24:35 UTC

Created attachment 451706 [details]
emerge --info output

Comment 3 Andreas Steinmetz 2016-10-28 06:25:38 UTC

Created attachment 451708 [details]
/etc/chromium/default

Comment 4 Michael 'veremitz' Everitt 2016-10-28 15:31:13 UTC

Cheers.

Comment 5 Mike Gilbert gentoo-dev

2016-10-28 15:32:32 UTC

> I'm limiting chromium CPU usage by cpuset means via /sys/fs/cgroup/cpuset/chrome.

Can you elaborate on that? What steps would I need to take to reproduce this?

Comment 6 Andreas Steinmetz 2016-10-28 15:46:52 UTC

Created attachment 451758 [details]
cgroup configuration script

Run the attached cgroup.start script as root to create the cgroup(s).
Replace /etc/chromium/default with the attached version.
Start chromium, it will be limited to two cores.

Comment 7 Mike Gilbert gentoo-dev

2016-11-24 16:23:27 UTC

This config is a bit too exotic and I cannot reproduce the problem. If you can figure out what it causing gn to open those cgroup files, please share.