790029 – sys-libs/ncurses-6.2_p20210123 causes sandbox access violation do_ptrace

Bug 790029 - sys-libs/ncurses-6.2_p20210123 causes sandbox access violation do_ptrace

Summary: sys-libs/ncurses-6.2_p20210123 causes sandbox access violation do_ptrace

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Linux bug wranglers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2021-05-13 20:09 UTC by mileikagooog
Modified:	2021-05-14 08:50 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description mileikagooog 2021-05-13 20:09:31 UTC

After switch to ~amd64 and doing 'emerge --ask --update --newuse --with-bdeps=y --deep @world'.

checking whether the C compiler works...  * /tmp/portage/sys-apps/sandbox-2.22/work/sandbox-2.22/libsandbox/trace.c:_do_ptrace():83: failure (Operation not permitted):
 * ISE:_do_ptrace: ptrace(PTRACE_TRACEME, ..., 0x0000000000000000, 0x0000000000000000): Operation not permitted

Reproducible: Always

Comment 1 mileikagooog 2021-05-13 20:17:07 UTC

it's upstream? sandbox just protect us?! but why ncurses from amd64 to ~amd64 need ptrace in the newer version?

Comment 2 Sam James archtester

2021-05-13 20:24:13 UTC

Note that sandbox *always* needs the ability to use ptrace, even if it doesn't always make use of that ability.

Do not use random sysctls to disable it.

Anyway, the full build.log, emerge --info, and sandbox log is needed.

Comment 3 mileikagooog 2021-05-13 20:36:15 UTC

Sorry i forgot about sysctl 'kernel.yama.ptrace_scope=2'

The current stable version of ncurses (sys-libs/ncurses-6.2-r1) work even with ptrace_scope=2.