Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 943012 - dev-libs/thrift-0.20.0 on RAP: cmake finds java outside of prefix and trigger sandbox violation
Summary: dev-libs/thrift-0.20.0 on RAP: cmake finds java outside of prefix and trigger...
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Patrick McLean
URL:
Whiteboard:
Keywords: PullRequest
Depends on:
Blocks:
 
Reported: 2024-11-08 07:08 UTC by Yiyang Wu
Modified: 2025-03-10 00:22 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
emerge --info output (emerge-info.txt,6.46 KB, text/plain)
2024-11-08 07:09 UTC, Yiyang Wu
Details
build.log (build.log,8.02 KB, text/x-log)
2024-11-08 07:09 UTC, Yiyang Wu
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Yiyang Wu 2024-11-08 07:08:40 UTC
On Gentoo Prefix, I noticed dev-libs/thrift src_configure sandbox violation. This is because it has `option(WITH_JAVA "Build Java Thrift library" ON)` and cmake tries to find java to determine whether java exists.

On Gentoo Prefix, the host system may have /usr/bin/java but the prefix does not. Then cmake finds and executes /usr/bin/java --version, resulting in sandbox violation:

 * ----------------------- SANDBOX ACCESS VIOLATION SUMMARY -----------------------
 * LOG FILE: "/fast/portage/dev-libs/thrift-0.20.0/temp/sandbox.log"
 * 
VERSION 1.0
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line

F: fopen_wr
S: deny
P: /proc/self/coredump_filter
A: /proc/self/coredump_filter
R: /proc/1381438/coredump_filter
C: /usr/bin/java -version 

F: fopen_wr
S: deny
P: /proc/self/coredump_filter
A: /proc/self/coredump_filter
R: /proc/1381438/coredump_filter
C: /usr/bin/java -version 
 * --------------------------------------------------------------------------------
Comment 1 Yiyang Wu 2024-11-08 07:09:32 UTC
Created attachment 908124 [details]
emerge --info output
Comment 2 Yiyang Wu 2024-11-08 07:09:44 UTC
Created attachment 908125 [details]
build.log
Comment 3 Larry the Git Cow gentoo-dev 2025-03-10 00:22:58 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d9e15a75e6f60417f941868ae1761ab70a1116b2

commit d9e15a75e6f60417f941868ae1761ab70a1116b2
Author:     Alfred Wingate <parona@protonmail.com>
AuthorDate: 2025-03-05 01:23:28 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2025-03-10 00:21:10 +0000

    dev-libs/thrift: add 0.21.0
    
    * Use github tarball over missing test files.
    * Drop test patches and use CMAKE_SKIP_TESTS instead.
    * Comprehensily set cmakeargs and use WITH_OPTION over BUILD_OPTION to
      stop cmake looking for the dependencies despite the feature being disabled.
    
    Bug: https://bugs.gentoo.org/943012
    Bug: https://bugs.gentoo.org/938100
    Bug: https://bugs.gentoo.org/949634
    Signed-off-by: Alfred Wingate <parona@protonmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/40903
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/thrift/Manifest                           |  1 +
 .../thrift/files/thrift-0.21.0-gcc15-cstdint.patch | 52 +++++++++++++++
 dev-libs/thrift/thrift-0.21.0.ebuild               | 73 ++++++++++++++++++++++
 3 files changed, 126 insertions(+)