There are several issues with firejail's tests: - the firejail executable gets installed setuid so that it can build sandboxes, but... - that means 'make test' doesn't work in a compiled-but-not-installed directory tree, so... - 'make test' must look for an already-installed copy of firejail, which mostly works, except... - this interferes with portage's sandboxing, which uses LD_PRELOAD, which is ignored for setuids; - besides, recent firejail versions limit environment variable size and count, which portage regularly exceeds (from python_targets_* explosion, etc.), so various tests currently fail no matter what. The environment stuff needs to be addressed regardless. I'm not sure what to do about "needs its setuid bit to run tests, but that doesn't play nice with portage". I could not find examples of other packages' setuid binaries getting tests that require +s in a strenuous 5 minutes of grepping. Some references: https://github.com/gentoo/gentoo/pull/19377 https://github.com/netblue30/firejail/issues/3851 https://bugs.gentoo.org/694966
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cedb5a6d8fd6a0954fe1a412bccbd39bf6aedfe9 commit cedb5a6d8fd6a0954fe1a412bccbd39bf6aedfe9 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-02-18 00:58:54 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-02-18 00:58:54 +0000 sys-apps/firejail: RESTRICT tests which fail in sandbox See bug and referenced GitHub PR for details. Bug: https://bugs.gentoo.org/769731 Package-Manager: Portage-3.0.14-prefix, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/firejail/firejail-0.9.64.4.ebuild | 4 +++- sys-apps/firejail/firejail-9999.ebuild | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-)
