www-client/chromium-56.0.2924.59 (and a few older versions) cannot be compiled on hardened due to failed execution of mksnapshot. Relevant syslog messages show: kernel: grsec: denied RWX mmap of <anonymous mapping> by /home/portage/portage/www-client/chromium-56.0.2924.59/work/chromium-56.0.2924.59/out/Release/mksnapshot[mksnapshot:20713] uid/euid:250/250 gid/egid:250/250, parent /usr/bin/python2.7[python2.7:20712] uid/euid:250/250 gid/egid:250/250 and kernel: traps: mksnapshot[20713] trap invalid opcode ip:1e2b226909 sp:39e55c267a8 error:0 in mksnapshot[1e2a9e4000+a92000] As a workaround, this always helps: paxctl -c mksnapshot paxctl -m mksnapshot (the compilation is then successful)
Created attachment 460396 [details] emerge --info '=www-client/chromium-56.0.2924.59
Created attachment 460398 [details] build.log
The ebuild already does that. # Build mksnapshot and pax-mark it. eninja -C out/Release mksnapshot || die pax-mark m out/Release/mksnapshot
(In reply to Mike Gilbert from comment #3) > The ebuild already does that. > > # Build mksnapshot and pax-mark it. > eninja -C out/Release mksnapshot || die > pax-mark m out/Release/mksnapshot Could you give me a hint to find out, why this does not work in my case, please?
From the original build.log on this bug: * PT_PAX marking -m out/Release/mksnapshot with paxctl * PT_PAX marking -m out/Release/mksnapshot with paxctl-ng * XATTR_PAX marking -m out/Release/mksnapshot with paxctl-ng *snip* [9129/23858] python ../../v8/tools/run.py ./mksnapshot --startup_src gen/v8/snapshot.cc --random-seed 314159265 --startup_blob snapshot_blob.bin FAILED: gen/v8/snapshot.cc snapshot_blob.bin python ../../v8/tools/run.py ./mksnapshot --startup_src gen/v8/snapshot.cc --random-seed 314159265 --startup_blob snapshot_blob.bin # # Fatal javascript OOM in CALL_AND_RETRY_LAST # Not to be completely contradictory but, one of two things happened: 1.) Actually ran out of ram, hardly a surprise with chromium these days 2.) it is possible that mksnapshot got rebuilt *after* the pax mark and we need to run pax mark *again*
> 2.) it is possible that mksnapshot got rebuilt *after* the pax mark and we > need to run pax mark *again* The build log does not show mksnapshot being rebuilt.
(In reply to Mike Gilbert from comment #6) > > 2.) it is possible that mksnapshot got rebuilt *after* the pax mark and we > > need to run pax mark *again* > > The build log does not show mksnapshot being rebuilt. I agree, but I'm curious if the created/modified times on the file agree.
To add to clarification, I built this version of chromium successfully yesterday: www-client/chromium-56.0.2924.76-r1 I'm not building unstable chromium, but stable sure works fine. I'm leaning hard toward "user ran out of ram"
I also faced the issue. By help from IRC I could figure out that in my kernel config I was missing the CONFIG_PAX_XATTR_PAX_FLAGS setting. Activating it and rebuilding the kernel solved the issue for me.
I'm going to go ahead and close this; this is probably caused by a mis-configured kernel or some other user error.
(In reply to ilovekiruna from comment #9) > I also faced the issue. By help from IRC I could figure out that in my > kernel config I was missing the CONFIG_PAX_XATTR_PAX_FLAGS setting. > Activating it and rebuilding the kernel solved the issue for me. I confirm that kernel config is the cause. After setting CONFIG_PAX_XATTR_PAX_FLAGS=y, I have built www-client/chromium-57.0.2987.21 successfully. Thank you for the help!
