Bug 425124

Summary:	dev-vcs/git - git clone freezes when run in a sandbox
Product:	Portage Development	Reporter:	Walther <walther.md>
Component:	Sandbox	Assignee:	Sandbox Maintainers <sandbox>
Status:	RESOLVED FIXED
Severity:	normal	CC:	robbat2
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Walther 2012-07-07 00:10:55 UTC

I first noticed this when attempting to update btrfs-progs to 0.19.11. With my default feature set (userfetch userpriv usersandbox parallel-fetch), the git-clone command just stalls indefinitely:

>>> Emerging (1 of 1) sys-fs/btrfs-progs-0.19.11
>>> Unpacking source...
GIT update -->
   repository:               git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-progs.git
   at the commit:            8935d8436147f86dfbda3d8b8175a77b654b8abc
   commit:                   1957076ab4fefa47b6efed3da541bc974c83eed7
   branch:                   master
   storage directory:        "/usr/portage/distfiles/egit-src/btrfs-progs.git"
   checkout type:            bare repository
Cloning into '/var/tmp/portage/sys-fs/btrfs-progs-0.19.11/work/btrfs-progs-0.19.11'...

And it stays there seemingly forever. If I remove usersandbox "git clone" is finished in less than two seconds and the ebuild goes through as expected. Running in a sandbox (rather than usersandbox) also stalls the cloning.

This seems to be intended behaviour as doing a git-clone inside a sandbox should not be able to fetch a file from the network, but shouldn't it print an error or disable that feature temporarily rather than just "stall" there?

Reproducible: Always

Steps to Reproduce:
1. Use FEATURES="userpriv usersandbox"
2. emerge sys-fs/btrfs-progs-0.19.11
Actual Results:  
Unpack stage stalls at cloning stage.

Expected Results:  
Git-clone should complete successfully.

dev-vcs/git-1.7.8.6

> emerge --info
Portage 2.1.10.65 (default/linux/x86/10.0/desktop, gcc-4.5.3, glibc-2.14.1-r3, 3.2.21-gentoo-64 x86_64)
=================================================================
System uname: Linux-3.2.21-gentoo-64-x86_64-Intel-R-_Core-TM-2_Duo_CPU_T9550_@_2.66GHz-with-gentoo-2.1
Timestamp of tree: Fri, 06 Jul 2012 21:15:01 +0000
app-shells/bash:          4.2_p20
dev-java/java-config:     2.1.11-r3
dev-lang/python:          2.7.3-r2, 3.2.3
dev-util/cmake:           2.8.7-r5
dev-util/pkgconfig:       0.26
sys-apps/baselayout:      2.1-r1
sys-apps/openrc:          0.9.8.4
sys-apps/sandbox:         2.5
sys-devel/autoconf:       2.13, 2.68
sys-devel/automake:       1.10.3, 1.11.1
sys-devel/binutils:       2.21.1-r1
sys-devel/gcc:            4.5.3-r2
sys-devel/gcc-config:     1.6
sys-devel/libtool:        2.4-r1
sys-devel/make:           3.82-r1
sys-kernel/linux-headers: 3.1 (virtual/os-headers)
sys-libs/glibc:           2.14.1-r3
Repositories: gentoo Local
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE="* -@EULA"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=native -Os -fomit-frame-pointer -pipe -fno-var-tracking"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=native -Os -fomit-frame-pointer -pipe -fno-var-tracking"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -march=i686 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles news parallel-fetch parse-eapi-ebuild-head protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
FFLAGS="-O2 -march=i686 -pipe"
GENTOO_MIRRORS="ftp://gentoo.imj.fr/pub/gentoo/ ftp://mirror.netcologne.de/gentoo/ ftp://ftp.fi.muni.cz/pub/linux/gentoo/"
LANG="fr_FR.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="fr_FR fr en_GB en es_MX es"
MAKEOPTS="-j3 -s"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_EXTRA_OPTS="--timeout=300"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/etc/portage/overlay"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="3dnow X a52 aac acpi alsa avi berkdb boundschecking bzip2 cairo canna cdda cdr cjk cli cracklib crypt cscope cups curl cxx dbus dedicated dga divx divx4linux dlloader dri dts dvd dvdr dvdread emboss encode exif fam fbcon fbsplash ffmpeg fftw flac foomaticdb fortran freewnn gd gdbm gif gimp ginac gmedia gpm gstreamer gtk gtk2 gtkhtml hal hddtemp howl iconv idn imap imlib innodb inotify introspection ipv6 ithreads jabber java java6 jikes joystick jpeg lame lcms libnotify libsamplerate libwww lm_sensors lzma mad madwifi matroska mbox mmx mng modplug modules mp3 mp4 mpeg mplayer mudflap musepack ncurses nls nptl nsplugin ogg opengl openmp pam pango pcre pdf pdflib perl png ppds pppd python quicktime readline realmedia scanner schroedinger sdl session speex spell sse ssl svg svga tcpd tetex theora threads tiff timidity truetype udev udisks unicode upower usb v4l v4l2 vaapi vdpau vidix vim-syntax vorbis webkit win32codecs wma wmf wmp wxwidgets x264 x86 xcb xcomposite xface xft xine xml xml2 xorg xscreensaver xv xvid zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev keyboard mouse synaptics wacom joystick" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="fr_FR fr en_GB en es_MX es" PHP_TARGETS="php5-3" PYTHON_TARGETS="python3_2 python2_7" QEMU_SOFTMMU_TARGETS="i386 x86_64" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby18 ruby19" SANE_BACKENDS="plustek pixma" USERLAND="GNU" VIDEO_CARDS="nouveau vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, USE_PYTHON

Comment 1 SpanKY gentoo-dev

2012-07-10 06:33:02 UTC

what if you build sandbox with CFLAGS='-O2 -pipe' ?

Comment 2 Walther 2012-07-10 08:29:20 UTC

I recompiled sandbox using
CFLAGS="-O2 -pipe"
LDFLAGS unset

and there's no change in the result. git still stalls.

I wondered if it is related to my /var/tmp/portage being tmpfs, but mounting an external hard-drive on it didn't change the outcome, neither.

htop reports the stalled command as:

sandbox "/usr/lib/portage/bin/ebuild.sh" unpack
 /bin/bash /usr/lib/portage/bin/ebuild.sh unpack 
  /bin/bash /usr/lib/portage/bin/ebuild.sh unpack 
   git clone -l -s -n /usr/portage/distfiles/egit-src/btrfs-progs.git /var/tmp/portage/sys-f
    git clone -l -s -n /usr/portage/distfiles/egit-src/btrfs-progs.git /var/tmp/portage/sys-fs/btrfs-progs-0.19.11/work/btrfs-progs-0.19.11
     git-upload-pack /usr/portage/distfiles/egit-src/btrfs-progs.git /var/tmp/portage/sys-fs/btrfs-progs-0.19.11/work/btrfs-progs-0.19.11

I have no idea on what other information I can provide to be of help.

Comment 3 Robin Johnson archtester

2012-08-23 05:25:31 UTC

please capture strace -ff of the git clone and attach it here.

Comment 4 Walther 2012-08-23 08:40:01 UTC

I haven't used strace before, so maybe I am doing this wrong. I tried this command (I had to switch to btrfs-progs-9999 because the original ebuild I used no longer uses git):

strace -ff -o btrfs emerge -av1 "=sys-fs/btrfs-progs-9999"

And when I do this, the sandbox command dies when trying to ptrace with an "operation not permitted" message (because it is already being traced?):

>>> Emerging (1 of 1) sys-fs/btrfs-progs-9999
>>> Unpacking source...
GIT update -->
   repository:               git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-progs.git
   at the commit:            043a63924c9831ac52ce38f0365b9bfd628fb6a3
   branch:                   master
   storage directory:        "/usr/portage/distfiles/egit-src/btrfs-progs.git"
   checkout type:            bare repository
Cloning into '/var/tmp/portage/sys-fs/btrfs-progs-9999/work/btrfs-progs-9999'...
ISE:_do_ptrace ptrace(PTRACE_TRACEME, ..., 0x00000000, 0x00000000): Operation not permitted
/usr/lib/libsandbox.so(+0x278e)[0xf778578e]
/usr/lib/libsandbox.so(+0x27fd)[0xf77857fd]
/usr/lib/libsandbox.so(+0x4111)[0xf7787111]
/usr/lib/libsandbox.so(+0x4c91)[0xf7787c91]
/usr/lib/libsandbox.so(+0x507d)[0xf778807d]
/usr/lib/libsandbox.so(execvp+0x1c8)[0xf778afc3]
git[0x80db5a3]
/proc/13328/cmdline: git clone -l -s -n /usr/portage/distfiles/egit-src/btrfs-progs.git /var/tmp/portage/sys-fs/btrfs-progs-9999/work/btrfs-progs-9999 

fatal: The remote end hung up unexpectedly

Trying to attach to an already running git-clone process doesn't give any useful information...

> strace -p 13722 (git clone -l -s -n /usr/portage/distfiles/egit-src/btrfs-progs.git /var/tmp/portage/sys-fs/btrfs-progs-9999/work/btrfs-progs-9999)
Process 13722 attached
waitpid(13723,

> strace -p 13721 (git clone -l -s -n /usr/portage/distfiles/egit-src/btrfs-progs.git /var/tmp/portage/sys-fs/btrfs-progs-9999/work/btrfs-progs-9999)
Process 13721 attached
read(7,

Any pointers on how I should proceed?

Comment 5 SpanKY gentoo-dev

2016-02-21 09:13:20 UTC

does it still happen w/current stable versions ?

if so, does it fail if you do:
$ sandbox
$ git clone git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-progs.git

you're getting a ptrace error there which means you have a static binary somewhere.

Comment 6 Walther 2016-02-21 14:20:49 UTC

Nope, it's been magically fixed sometime in the last 4.5 years since I opened the bug. <_<; So yes, leave it as resolved, my GIT ain't giving any problems now.