This is likely related to bug: #703278 Updating portage from: sys-apps/portage-3.0.63-r2 to sys-apps/portage-3.0.64-r4 causes the following failure in an armv7 chroot, running on an amd64 host. qemu: qemu_thread_create: Invalid argument * The ebuild phase 'die_hooks' has been aborted since PORTAGE_BUILDDIR * does not exist: ... The previous issue was related to order of fork vs setting pid namespaces, my initial guess is that something related to this was reverted in 3.0.64? Could someone take a closer look please? Repro is more or less sufficient to just take armv7 stage4, copy in qemu, chroot in and update portage to the affected version # emerge --info Portage 3.0.63 (python 3.12.3-final-0, !../../../../../profiles/tpb/imx7/host, gcc-13, musl-1.2.4-r2, 6.6.22-sm armv7l) ================================================================= System uname: Linux-6.6.22-sm-armv7l-ARMv8_Processor_rev_0_-v8l-with-libc KiB Mem: 65752544 total, 31252416 free KiB Swap: 0 total, 0 free Head commit of repository gentoo: 2c5eabe4627110b44c6cb9c9f41b0f81e2850fa4 Head commit of repository musl: aae6cc8e443c5fc65627453781ac2ffb17b7eef8 Head commit of repository tpb-overlay: 5a4c20adcba0c69a0c71d58b20f58724805baa89 sh bash 5.2_p26-r6 ld GNU ld (Gentoo 2.42 p3) 2.42.0 distcc 3.4 armv7a-unknown-linux-musleabihf [disabled] ccache version 4.9.1 [disabled] app-misc/pax-utils: 1.3.7::gentoo app-shells/bash: 5.2_p26-r6::gentoo dev-build/autoconf: 2.71-r7::gentoo dev-build/automake: 1.16.5-r2::gentoo dev-build/cmake: 3.28.5::gentoo dev-build/libtool: 2.4.7-r4::gentoo dev-build/make: 4.4.1-r1::gentoo dev-build/meson: 1.4.1::gentoo dev-lang/perl: 5.38.2-r3::gentoo dev-lang/python: 3.11.9-r1::gentoo, 3.12.3-r1::gentoo dev-util/ccache: 4.9.1-r1::gentoo sys-apps/baselayout: 2.15::gentoo sys-apps/openrc: 0.54.2::gentoo sys-apps/sandbox: 2.38::gentoo sys-devel/binutils: 2.42-r1::gentoo sys-devel/binutils-config: 5.5::gentoo sys-devel/gcc: 13.3.1_p20240614::gentoo sys-devel/gcc-config: 2.11::gentoo sys-kernel/linux-headers: 6.6-r1::gentoo (virtual/os-headers) sys-libs/musl: 1.2.4-r2::gentoo Repositories: gentoo location: /var/embedded/portage/repos/gentoo sync-type: git sync-uri: https://github.com/gentoo/gentoo.git priority: 10 volatile: True musl location: /var/embedded/portage/repos/musl sync-type: git sync-uri: https://anongit.gentoo.org/git/proj/musl.git masters: gentoo priority: 60 volatile: True tpb-overlay location: /var/embedded/portage/repos/tpb sync-type: git sync-uri: https://git.nippynetworks.com/tpb/portage-tpb.git masters: gentoo priority: 100 volatile: True ACCEPT_KEYWORDS="arm" ACCEPT_LICENSE="@FREE" AR="gcc-ar" CBUILD="armv7a-unknown-linux-musleabihf" CFLAGS="-O3 -pipe -march=armv7-a -mfpu=neon-vfpv4 -mfloat-abi=hard -mno-unaligned-access -fgraphite-identity -floop-nest-optimize -fdevirtualize-at-ltrans -flto=auto -fuse-linker-plugin" CHOST="armv7a-unknown-linux-musleabihf" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O3 -pipe -march=armv7-a -mfpu=neon-vfpv4 -mfloat-abi=hard -mno-unaligned-access -fgraphite-identity -floop-nest-optimize -fdevirtualize-at-ltrans -flto=auto -fuse-linker-plugin" DISTDIR="/var/embedded/portage/distfiles" ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME" FCFLAGS="-O2 -pipe -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg buildpkg-live config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync merge-wait network-sandbox news nodoc noinfo noman parallel-fetch parallel-install pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard" GENTOO_MIRRORS="http://distfiles.gentoo.org" INSTALL_MASK="charset.alias /usr/share/locale/locale.alias" LANG="en_GB.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LEX="flex" LINGUAS="en" MAKEOPTS="-j32" NM="gcc-nm" PKGDIR="/var/embedded/portage/binpkgs/imx7_apu_musl.host" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" RANLIB="gcc-ranlib" SHELL="/bin/bash" USE="arm bash-completion bzip2 caps crypt dbus hardened iproute2 ipv6 logrotate lz4 lzo mbim minimal nptl openmp pcre pic pie qmi rrdtool seccomp split-usr ssl ssp test-rust threads unicode vhosts wifi xattr xtpax zlib zstd" ADA_TARGET="gcc_12" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_anon authn_dbm authn_file authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers include info log_config logio mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="aggregation conntrack contextswitch cpu disk df dns entropy exec interface iptables irq load memory netlink network ntpd openvpn ping swap syslog tail thermal wireless rrdtool" CPU_FLAGS_ARM="neon edsp thumb thumb2 v4 v5 v6 v7 vfp" ELIBC="musl" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 ntrip navcom oceanserver oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 tsip tripmate tnt ublox" INPUT_DEVICES="libinput" KERNEL="linux" LCD_DEVICES="bayrad cfontz glk hd44780 lb216 lcdm001 mtxorb text" LUA_SINGLE_TARGET="lua5-4" LUA_TARGETS="lua5-4" NGINX_MODULES_HTTP="access auth_basic autoindex browser dav empty_gif fastcgi gzip headers_more limit_req limit_zone map proxy rewrite userid uwsgi" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-2" POSTGRES_TARGETS="postgres15" PYTHON_SINGLE_TARGET="python3_12" PYTHON_TARGETS="python3_12" QEMU_SOFTMMU_TARGETS="aarch64 arm i386 mips mips64 mips64el mipsel x86_64" QEMU_USER_TARGETS="aarch64 arm armeb i386 mips mipsel" RUBY_TARGETS="ruby31" VIDEO_CARDS="exynos fbdev omap dummy" XTABLES_ADDONS="ipp2p geoip condition logmark ipmark account" Unset: ADDR2LINE, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EMERGE_DEFAULT_OPTS, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, LC_ALL, LD, LFLAGS, LIBTOOL, MAKE, MAKEFLAGS, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PYTHONPATH, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS
I think this might be a regression in a bizarre way. Before, we gave up early for musl, and now we try harder. So it ends up exposing the existing incompatibility with qemu-user+sandboxes on musl targets too.
Hmm, curious. So this means that the sandbox wasn't previously functional for qemu-user?? I concede I hadn't actually noticed that! I do see some warnings, but thought I had seem some build failures which appeared to demonstrate that it was functioning? (I had some issues building custom kernel module ebuilds, which would get caught by sandbox alike violations, although often when I had made a mistake and they were trying to tramble stuff)
Please note that sandbox and network/ipc/pid-sandbox are very different features. sandbox uses an LD_PRELOAD hack and works just fine with qemu-user. The other sandboxes require Linux namespaces, which probably do not work with qemu-user’s syscall emulation.
