app-emulation/qemu-5.0.0-r2::gentoo was built with the following: USE="-accessibility aio alsa bzip2 caps capstone curl -debug -doc fdt filecaps -glusterfs -gnutls gtk -infiniband io-uring -iscsi -jemalloc jpeg lzo ncurses nfs nls numa opengl oss pin-upstream-blobs plugins png pulseaudio python -rbd -sasl sdl sdl-image seccomp (-selinux) -slirp -smartcard snappy spice ssh -static -static-user systemtap tci -test usb usbredir -vde vhost-net vhost-user-fs virgl virtfs vnc vte xattr xen -xfs xkb zstd" ABI_X86="(64)" PYTHON_TARGETS="python3_6 python3_7 python3_8" QEMU_SOFTMMU_TARGETS="-aarch64 -alpha -arm -cris -hppa -i386 -lm32 -m68k -microblaze -microblazeel -mips -mips64 -mips64el -mipsel -moxie -nios2 -or1k -ppc -ppc64 -riscv32 -riscv64 -rx -s390x -sh4 -sh4eb -sparc -sparc64 -tricore -unicore32 x86_64 -xtensa -xtensaeb" QEMU_USER_TARGETS="-aarch64 -aarch64_be -alpha -arm -armeb -cris -hppa -i386 -m68k -microblaze -microblazeel -mips -mips64 -mips64el -mipsel -mipsn32 -mipsn32el -nios2 -or1k -ppc -ppc64 -ppc64abi32 -ppc64le -riscv32 -riscv64 -s390x -sh4 -sh4eb -sparc -sparc32plus -sparc64 -tilegx -x86_64 -xtensa -xtensaeb" FEATURES="strict multilib-strict split-elog binpkg-dostrip buildpkg assume-digests usersync fixlafiles merge-sync preserve-libs sfperms ipc-sandbox xattr ebuild-locks parallel-fetch unknown-features-warn protect-owned qa-unresolved-soname-deps unmerge-logs binpkg-logs unmerge-orphans split-log userfetch pid-sandbox config-protect-if-modified distlocks binpkg-docompress ccache news" >>> Attempting to run pkg_info() for 'app-emulation/qemu-5.0.0-r2' Using: app-emulation/spice-protocol-0.14.1 sys-firmware/edk2-ovmf-201905 USE=binary sys-firmware/ipxe-1.0.0_p20190728 sys-firmware/seabios-1.12.0 USE=binary sys-firmware/sgabios-0.1_pre8-r1 >>> Source configured. * --------------------------- ACCESS VIOLATION SUMMARY --------------------------- * LOG FILE: "/var/tmp/portage/app-emulation/qemu-5.0.0-r2/temp/sandbox.log" * VERSION 1.0 FORMAT: F - Function called FORMAT: S - Access Status FORMAT: P - Path as passed to function FORMAT: A - Absolute Path (not canonical) FORMAT: R - Canonical Path FORMAT: C - Command Line F: open_wr S: deny P: /dev/zfs A: /dev/zfs R: /dev/zfs C: zfs get -rHp -t filesystem all epyc/gentoo/var F: open_wr S: deny P: /var/run/faillock/root A: /var/run/faillock/root R: /run/faillock/root C: sudo -n docker version F: open_wrS: deny P: /var/run/faillock/root A: /var/run/faillock/root R: /run/faillock/root C: sudo -n docker version F: open_wr S: deny P: /dev/zfs A: /dev/zfs R: /dev/zfs C: zfs get -rHp -t filesystem all epyc/gentoo/var F: open_wr S: deny P: /var/run/faillock/root A: /var/run/faillock/rootR: /run/faillock/rootC: sudo -n docker version F: open_wrS: denyP: /var/run/faillock/rootA: /var/run/faillock/rootR: /run/faillock/rootC: sudo -n docker version * -------------------------------------------------------------------------------- Reproducible: Always
Created attachment 649604 [details] build log
Created attachment 649606 [details] emerge --info
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=648b9dd9236af78df5f63dc226a3c109b0f4dab1 commit 648b9dd9236af78df5f63dc226a3c109b0f4dab1 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2020-07-17 22:06:41 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2020-07-17 22:06:57 +0000 app-emulation/qemu: pass --disable-containers By default qemu build system tries to run docker and zfs tools. We don't want that as part of normal build process. Reported-by: Rafael Kitover Closes: https://bugs.gentoo.org/732972 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> app-emulation/qemu/qemu-5.0.0-r2.ebuild | 1 + app-emulation/qemu/qemu-9999.ebuild | 1 + 2 files changed, 2 insertions(+)
Please give it a try. I don't have any of the tools installed thus not sure if it fixes it.
Does indeed fix both the zfs and docker sandbox violations, I was able to merge successfully. No idea what this means for the zfs use flag, which I don't have enabled right now, but that's a separate issue, will take a look sometime.
@slyfox, I'm not sure that we really "don't want that": https://wiki.qemu.org/Features/Containers Maybe, we should consider to add the paths to "allow-from-sandbox" list?
(In reply to Vadim A. Misbakh-Soloviov (mva) from comment #6) > @slyfox, I'm not sure that we really "don't want that": > https://wiki.qemu.org/Features/Containers > > Maybe, we should consider to add the paths to "allow-from-sandbox" list? qemu's configure says: > --disable-containers don't use containers for cross-building which is about cross-building qemu itself. Your link explains details of running container images by qemu (provide container-specific devices and so on). I think these are two unrelated things. You can look at the details of 'use_containers' definition and use site: https://github.com/qemu/qemu/search?q=use_containers&unscoped_q=use_containers But I suspect you arrived here because something around qemu is broken for you. In that case I suggest filing a new bug as it's probably unrelated to container environment autodetection.
