When running emerge --update --newuse --deep --quiet @world I receive a segmentation fault during the building of ncurses-6.1-r2 /bin/bash ./run_tic.sh ** Building terminfo database, please wait... installing form.pc Running sh /var/tmp/portage/sys-libs/ncurses-6.1-r2/work/ncurses-6.1/misc/shlib tic to install /var/tmp/portage/sys-libs/ncurses-6.1-r2/image//usr/share/terminfo ... You may see messages regarding extended capabilities, e.g., AX. These are extended terminal capabilities which are compiled using tic -x If you have ncurses 4.2 applications, you should read the INSTALL document, and install the terminfo without the -x option. installing menu.pc /var/tmp/portage/sys-libs/ncurses-6.1-r2/work/ncurses-6.1/misc/shlib: line 141: 24525 Segmentation fault tic -x -s -o /var/tmp/portage/sys-libs/ncurses-6.1-r2/image//usr/share/terminfo terminfo.tmp ? tic could not build /var/tmp/portage/sys-libs/ncurses-6.1-r2/image//usr/share/terminfo make[1]: *** [Makefile:89: install.data] Error 1 make[1]: *** Waiting for unfinished jobs.... installing ncurses++.pc installing ncurses.pc installing panel.pc make[1]: Leaving directory '/var/tmp/portage/sys-libs/ncurses-6.1-r2/work/ncurses-6.1-abi_x86_64.amd64/ncurses/misc' make: *** [Makefile:120: install] Error 2 make: Leaving directory '/var/tmp/portage/sys-libs/ncurses-6.1-r2/work/ncurses-6.1-abi_x86_64.amd64/ncurses' * ERROR: sys-libs/ncurses-6.1-r2::gentoo failed (install phase): * emake failed *
Created attachment 549538 [details] emerge -pqv
Created attachment 549540 [details] emerge --info
Created attachment 549542 [details] environment file from work dir
Created attachment 549544 [details] compressed build.log file
I am running into a similar issue. I am running in a docker container [00:04:54] ** Building terminfo database, please wait... [00:04:54] Running /var/tmp/portage/sys-libs/ncurses-6.3_p20211106/work/cross/progs/tic to install /var/tmp/portage/sys-libs/ncurses-6.3_p20211106/image/usr/share/terminfo ... [00:04:54] [00:04:54] You may see messages regarding extended capabilities, e.g., AX. [00:04:54] These are extended terminal capabilities which are compiled [00:04:54] using [00:04:54] tic -x [00:04:54] If you have ncurses 4.2 applications, you should read the INSTALL [00:04:54] document, and install the terminfo without the -x option. [00:04:54] [00:04:54] ncurses 6.3.20211106 [00:04:54] * /var/tmp/portage/sys-apps/sandbox-2.25/work/sandbox-2.25/libsandbox/trace.c:do_peekstr():134: failure (Operation not permitted): [00:04:54] * ISE:do_peekstr:process_vm_readv(85407, 0x00007ffde94fb5e0{0x00007f24898f7010, 0xc12}, 1, 0x00007ffde94fb5f0{0x00007ffe77e5e3ee, 0xc12}, 1, 0) failed: Operation not permitted [00:04:54] ./run_tic.sh: line 176: 85406 Aborted (core dumped) ( $TIC_PATH -x -s -o "$TERMINFO" $source ) [00:04:54] ? tic could not build /var/tmp/portage/sys-libs/ncurses-6.3_p20211106/image/usr/share/terminfo
Currently running emerge in the container with FEATURES="-ipc-sandbox -network-sandbox -pid-sandbox". Any FEATURE I am missing here? AFAIK, this used to be sufficient (last check does date from a couple of months ago)
(In reply to Kobboi from comment #6) > Currently running emerge in the container with FEATURES="-ipc-sandbox > -network-sandbox -pid-sandbox". Any FEATURE I am missing here? AFAIK, this > used to be sufficient (last check does date from a couple of months ago) sandbox version? I've noticed some changes here too. Normally this kind of thing has happened with QEMU but not Docker (QEMU had issues sometimes more with sandbox/usersandbox, but Docker "always" just needed the network/ipc bits off, AFIAK). (Similar report from a while ago on forums: https://forums.gentoo.org/viewtopic-t-1107794.html). Could you upload the full build.log & emerge --info? Also any sandbox logs although I don't think it would've written one here. CCing sandbox@.
(In reply to Sam James from comment #7) > (In reply to Kobboi from comment #6) > > Currently running emerge in the container with FEATURES="-ipc-sandbox > > -network-sandbox -pid-sandbox". Any FEATURE I am missing here? AFAIK, this > > used to be sufficient (last check does date from a couple of months ago) > > sandbox version? > > I've noticed some changes here too. Normally this kind of thing has happened > with QEMU but not Docker (QEMU had issues sometimes more with > sandbox/usersandbox, but Docker "always" just needed the network/ipc bits > off, AFIAK). > > (Similar report from a while ago on forums: > https://forums.gentoo.org/viewtopic-t-1107794.html). > > Could you upload the full build.log & emerge --info? Also any sandbox logs > although I don't think it would've written one here. > > CCing sandbox@. I will try to isolate the problem scenario better. Will get back to you on this.
>* /var/tmp/portage/sys-apps/sandbox-2.25/work/sandbox-2.25/libsandbox/trace.c:do_peekstr():134: failure (Operation not permitted): I think our issue is that we need to fall back gracefully if we figure we're in an environment without full privileges (a lot like the YAMA bugs we've seen). There are a bunch of relevant fixes in 3.30+ but that's currently masked.
(In reply to Sam James from comment #9) > >* /var/tmp/portage/sys-apps/sandbox-2.25/work/sandbox-2.25/libsandbox/trace.c:do_peekstr():134: failure (Operation not permitted): > > I think our issue is that we need to fall back gracefully if we figure we're > in an environment without full privileges (a lot like the YAMA bugs we've > seen). > > There are a bunch of relevant fixes in 3.30+ but that's currently masked. (... https://jvns.ca/blog/2020/04/29/why-strace-doesnt-work-in-docker/ and the rest of it too)
Created attachment 767066 [details] Dockerfile for a basic stage3 system for reproduction
sam_ asked me to log as much information to reproduce, so here we go: 1) Create a simple Docker image from a recent stage 3: MIRROR=http://ftp.snt.utwente.nl/pub/os/linux/gentoo STAGE_TYPE=stage3-amd64-desktop-systemd STAGE_DATE=$(wget ${MIRROR}/releases/amd64/autobuilds/latest-${STAGE_TYPE}.txt -O - 2>/dev/null| grep -v ^# | cut -d'/' -f1) STAGE_FILE=${STAGE_TYPE}-${STAGE_DATE}.tar.xz STAGE_URL=${MIRROR}/releases/amd64/autobuilds/${STAGE_DATE}/${STAGE_FILE} wget ${STAGE_URL} -O - | xzcat --to-stdout | docker import - gentoo-basic2 2) Enable basic core dumps echo /%e-%s.core > /proc/sys/kernel/core_pattern 2) Start a Docker container with the generated image docker run -it gentoo-basic /bin/bash 3) Run the following at the command prompt emerge --sync -q ; echo 'ACCEPT_KEYWORDS="~amd64"' >> /etc/portage/make.conf ; echo 'FEATURES="-ipc-sandbox -network-sandbox -pid-sandbox -usersandbox -userpriv -mount-sandbox"' >> /etc/portage/make.conf ; echo 'CFLAGS="${CFLAGS} -ggdb3 -g"' >> /etc/portage/make.conf ; echo 'sys-libs/ncurses -gpm abi_x86_32' > /etc/portage/package.use/ncurses ; emerge -1q debugedit ; emerge -1q gdb sandbox glibc bash ; emerge -1q ncurses 4) Debug the coredumps (in the container root) with gdb
While trying to reproduce, I made the following observations (most will probably not be relevant but posting anyway): The basic stage3 image currently comes with ncurses-6.2_p20210619[abi_x86_64,-abi_x86_32,gpm] 1) amd64 with abi_x86_32 = no problem (so basically, sticking to the available version, only adding a 32-bit variant) 2) ~amd64 with -abi_x86_32 = no problem (upgrading to 6.3_p20211106, sticking to 64-bit only) 3) ~amd64 with abi_x86_32 and adding FEATURES="-sandbox" = no problem 4) ~amd64 with abi_x86_32 not adding any of the above FEATURES but running in a chroot = no problem
I also tested this with currently masked sandbox-3.1, but the outcome was the same.
(In reply to Kobboi from comment #12) > emerge --sync -q ; echo 'ACCEPT_KEYWORDS="~amd64"' >> > /etc/portage/make.conf ; echo 'FEATURES="-ipc-sandbox -network-sandbox > -pid-sandbox -usersandbox -userpriv -mount-sandbox"' >> > /etc/portage/make.conf ; echo 'CFLAGS="${CFLAGS} -ggdb3 -g"' >> > /etc/portage/make.conf ; echo 'sys-libs/ncurses -gpm abi_x86_32' > > /etc/portage/package.use/ncurses ; emerge -1q debugedit ; emerge -1q gdb > sandbox glibc bash ; emerge -1q ncurses For debugging, the FEATURES string is missing the "splitdebug" and "installsources" features.
I just want to make a note, my original issue was occurring NOT in sandbox/container, though they may be related issues, however the original issue was bare metal style (Hyper-V VM) installation without docker or any other sandbox/containerization in play.
