Created attachment 430792 [details] Build log of failed build. F: open_wr S: deny P: /dev/dri/renderD128 A: /dev/dri/renderD128 R: /dev/dri/renderD128 C: /usr/bin/convert gnome-mime-chemical.svg -resize 192x192 gnome-mime-chemical_192.png Convert failed.
Convert is a part of Imagemagick.
where is the rest of the log?
Created attachment 432802 [details] Build log of a retry.
Created attachment 432804 [details] Environment of the build.
Created attachment 432806 [details] eclass-debug.log
There is another bug of this type for hardened kernels. However my system is a normal ~amd64 one.
Did you see the list of attachments?
A member of Gentoo discussion forum wrote that this could be caused by having compiled imagmagick with clang.
I have clang in my list of global USE flags in make.conf. However it is not enabled as the default compiler.
*** Bug 582642 has been marked as a duplicate of this bug. ***
Any news?
I suppose that the issue is not connected with the USE flags use to emerge imagemagick. The issue seems me to be the attempt of writing to /dev/dri/renderD128. I compiled imagemagick without the clang USE flag with gcc-5.4.0, I have a normal system (not hardened). 'MAKEOPTS=-j1 emerge -v1 chemical-mime-data' fails with the same ACCESS VIOLATION.
root@lynx:/usr/local/portage/kde-apps/rocs(76)# emerge --info =chemical-mime-data-0.1.94-r3 Portage 2.3.0 (python 3.4.5-final-0, default/linux/amd64/13.0/desktop, gcc-5.4.0, glibc-2.23-r2, 4.7.1-gentoo x86_64) ================================================================= System Settings ================================================================= System uname: Linux-4.7.1-gentoo-x86_64-Intel-R-_Core-TM-_i7-3630QM_CPU_@_2.40GHz-with-gentoo-2.2 KiB Mem: 15205200 total, 2824300 free KiB Swap: 50331644 total, 50331328 free Timestamp of repository gentoo: Fri, 19 Aug 2016 05:30:01 +0000 sh bash 4.3_p46 ld GNU ld (Gentoo 2.26.1 p1.0) 2.26.1 distcc[23476] (dcc_trace_version) distcc 3.2rc1 x86_64-pc-linux-gnu; built Dec 12 2015 19:11:03 [disabled] app-shells/bash: 4.3_p46::gentoo dev-java/java-config: 2.2.0-r3::gentoo dev-lang/perl: 5.24.0-r1::gentoo dev-lang/python: 2.7.12-r100::sage-on-gentoo, 3.4.5::gentoo, 3.5.2::gentoo dev-util/cmake: 3.6.1::gentoo dev-util/pkgconfig: 0.29.1::gentoo sys-apps/baselayout: 2.2-r1::gentoo sys-apps/openrc: 0.21.3::gentoo sys-apps/sandbox: 2.10-r2::gentoo sys-devel/autoconf: 2.13::gentoo, 2.69-r2::gentoo sys-devel/automake: 1.9.6-r4::gentoo, 1.11.6-r2::gentoo, 1.12.6-r1::gentoo, 1.13.4-r1::gentoo, 1.14.1-r1::gentoo, 1.15-r2::gentoo sys-devel/binutils: 2.26.1::gentoo sys-devel/gcc: 4.9.3::gentoo, 5.4.0::gentoo sys-devel/gcc-config: 1.8-r1::gentoo sys-devel/libtool: 2.4.6-r2::gentoo sys-devel/make: 4.2.1::gentoo sys-kernel/linux-headers: 4.7::gentoo (virtual/os-headers) sys-libs/glibc: 2.23-r2::gentoo Repositories: gentoo location: /usr/portage_lynx sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 local location: /usr/local/portage masters: gentoo priority: 0 g-cpan location: /var/lib/cpan masters: gentoo priority: 1 g-octave location: /var/lib/g-octave masters: gentoo priority: 2 activehome location: /var/lib/layman/activehome masters: gentoo priority: 50 ago location: /var/lib/layman/ago masters: gentoo priority: 50 sage-on-gentoo location: /var/lib/layman/sage-on-gentoo masters: gentoo science priority: 50 science location: /var/lib/layman/science masters: gentoo priority: 50 sunrise location: /var/lib/layman/sunrise masters: gentoo priority: 50 tlp location: /var/lib/layman/tlp masters: gentoo priority: 50 x11 location: /var/lib/layman/x11 masters: gentoo priority: 50 Installed sets: @system ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="* -@EULA PUEL Intel-SDP dlj-1.1 skype-eula skype-4.0.0.7-copyright googleearth AdobeFlash-11.x cadsoft Oracle-BCLA-JavaSE MakeMKV-EULA NVIDIA-CUDA Nero-AAC-EULA GIMPS" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /etc/stunnel/stunnel.conf /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php7.0/ext-active/ /etc/php/cgi-php7.0/ext-active/ /etc/php/cli-php7.0/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-march=native -O2 -pipe" GENTOO_MIRRORS="http://distfiles.gentoo.org" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j9" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="64bit R X Xaw3d a52 aac acl acpi admin afs alsa amd64 amr ao apache2 apng applet archive armadillo arpack asf aspell assistant atlas audacious audiofile aufs automap automount barcode bash-completion berkdb blas blast bluetooth bluray boost branding btrfs bzip2 cairo cdda cddb cdf cdio cdparanoia cdr cg cgi chm cilk cli cmake collada consolekit contrib cracklib crypt css cups curl cxx daap db dbi dbm dbus declarative designer devhelp device-mapper dga dia digitalradio djvu doc dot dri ds2490 ds9097 ds9097u dts dv dvb dvd dvdr dvi dynamicplugin eds egl elf emacs emboss emf encode epiphany evo examples excel exif expat extensions extra extras faac faad fam ffmpeg fftw firefox fits flac fltk fontconfig foomaticdb fortran fortran95 fpm fpx ftp fuse gcj gd gdal gdbm gedit geoip geolocation geos gfortran gif gimp git glade glamor glib glpk gml gmp gnome gnome-keyring gnuplot gnutls gold gphoto2 gpm grammar graphics graphtft graphviz grass gsl gsm gstreamer gtk gtk3 gudev guile hdaps hddtemp hdf hdf5 hdri html http httpd hvm hwdb iconv icq icu id3tag ide imagemagick imap inotify introspection ipod ipv6 irda ithreads jadetex java jbig jit john jpeg jpeg2k kate kde kdepim kdrive kerberos keymap kpathsea kvm ladspa lame lapack latex lcms ldap lensfun libffi libgda libkms libnotify libsamplerate lirc live lm_sensors lua lzma lzo mad mail maildir mapnik math matroska media-library mercurial mikmod mkl mmx mmxext mng mod modules mono motif mozilla mp3 mp4 mpeg mpi mpi-threads mplayer mtp multilib multimedia musepack musicbrainz mysql mysqli nautilus ncurses neXt netcdf netpbm network networking nfs nls nntp nptl nsplugin ntfs ntp numpy obex objc ocaml ocr octave odbc ofa ogdi ogg opencl opencv openexr opengl openmp openvg pam pango pcre pda pdf pdl2 perl plasma plotutils plugins png podcast policykit portaudio posix postgres postscript ppds preview-latex proj projectm pstricks pulseaudio python q16 q32 qemu qhull qml qt3support qt4 qt5 quicktime raw readline reiserfs reports rle romio rpc rrdcgi rrdtool rtlsdr sage samba sasl schroedinger science sdk sdl seccomp secure-delete semantic-desktop server session shout sip slang slp smart smbclient smp sms sndfile snmp soap sockets sound soup sox speex spell sql sqlite sse sse2 ssl startup-notification stlport subtitles subversion sudo suexec svg svm swig systemd szip t1lib tbb tcl tcpd tex tex4ht theora thesaurus thinkpad threads thunderbird tidy tiff tk tools truetype udev udisks unicode upower usb utempter v4l v4l2 vaapi vala valgrind vdpau video vim-syntax virt-network virtualbox visio vorbis vpx vtk wav wayland webdav webdav-serf webkit wifi wmf wxwidgets x264 xa xattr xcb xetex xft xine xml xmlreader xmlrpc xpm xv xvid xvmc yaml youtube zlib zsh-completion zvbi" ABI_X86="64" ALSA_CARDS="intel8x0" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_core authn_dbm authn_default authn_file authz_core authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgid dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info lbmethod_byrequests log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif slotmem_shm so socache_shmcb speling status unique_id unixd userdir usertrack vhost_alias" APACHE2_MPMS="worker" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="canon fuji ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog sensors thermal" CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" CURL_SSL="nss" DVB_CARDS="usb-wt220u dvb_usb_rtl28xxu" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="emu efi-64 pc xen" INPUT_DEVICES="keyboard mouse evdev synaptics void" KERNEL="linux" L10N="de en fr ru" LCD_DEVICES="cfontz hd44780 mtxorb ncurses X lcd2usb lcdlinux png usblcd SureElec" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="de en fr ru" LIRC_DEVICES="devinput" NETBEANS_MODULES="apisupport cnd dlight enterprise ergonomics groovy gsf harness ide identity j2ee java mobility nb php profiler websvccommon xml" OFFICE_IMPLEMENTATION="libreoffice" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4" QEMU_SOFTMMU_TARGETS="arm i386 x86_64" QEMU_USER_TARGETS="arm i386 x86_64" RUBY_TARGETS="ruby20 ruby21" USERLAND="GNU" VIDEO_CARDS="nouveau displaylink" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON root@lynx:/usr/local/portage/kde-apps/rocs(78)# emerge -pqv chemical-mime-data [ebuild N ] sci-chemistry/chemical-mime-data-0.1.94-r3
'FEATURES="-sandbox -usersandbox" emerge -v1 chemical-mime-data' works. See also: https://forums.gentoo.org/viewtopic-t-1042704-start-0.html
(In reply to Juergen Rose from comment #12) > I suppose that the issue is not connected with the USE flags use to emerge > imagemagick. The issue seems me to be the attempt of writing to > /dev/dri/renderD128. > > I compiled imagemagick without the clang USE flag with gcc-5.4.0, I have a > normal system (not hardened). 'MAKEOPTS=-j1 emerge -v1 chemical-mime-data' > fails with the same ACCESS VIOLATION. I draw back my statement from comment 12 that the USE flags of imagemagick are not connected with this issue. I now suppose that the opencl USE flag is responsible for this issue. If I compile imagemagick without the opencl USE flag, the ACCESS VIOLATION for chemical-mime-data (and enblend) disappears.
Same for me.Can I hope, that this bub is fixed after 8 months? Portage 2.3.3 (python 3.4.5-final-0, default/linux/amd64/13.0/desktop/plasma/systemd, gcc-6.3.0, glibc-2.24-r1, 4.9.8-gentoo x86_64) ================================================================= System uname: Linux-4.9.8-gentoo-x86_64-Intel-R-_Core-TM-_i3-5005U_CPU_@_2.00GHz-with-gentoo-2.3 KiB Mem: 8091988 total, 1330400 free KiB Swap: 0 total, 0 free Timestamp of repository gentoo: Fri, 10 Feb 2017 10:00:01 +0000 sh bash 4.4_p12 ld GNU ld (Gentoo 2.27 p1.0) 2.27 app-shells/bash: 4.4_p12::gentoo dev-java/java-config: 2.2.0-r3::gentoo dev-lang/perl: 5.24.1_rc4::gentoo dev-lang/python: 2.7.12::gentoo, 3.4.5::gentoo dev-util/cmake: 3.7.2::gentoo dev-util/pkgconfig: 0.29.1::gentoo sys-apps/baselayout: 2.3::gentoo sys-apps/openrc: 0.23.2::gentoo sys-apps/sandbox: 2.10-r3::gentoo sys-devel/autoconf: 2.13::gentoo, 2.69-r2::gentoo sys-devel/automake: 1.13.4-r1::gentoo, 1.15-r2::gentoo sys-devel/binutils: 2.27::gentoo sys-devel/gcc: 6.3.0::gentoo sys-devel/gcc-config: 1.8-r1::gentoo sys-devel/libtool: 2.4.6-r2::gentoo sys-devel/make: 4.2.1::gentoo sys-kernel/linux-headers: 4.9::gentoo (virtual/os-headers) sys-libs/glibc: 2.24-r1::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 rindeal location: /var/lib/layman/rindeal sync-type: laymansync sync-uri: https://github.com/rindeal/gentoo-overlay.git masters: gentoo priority: 50 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -march=core-avx2 -mabm -madx -mavx256-split-unaligned-load -mavx256-split-unaligned-store -mprfchw -mrdseed" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -pipe -march=core-avx2 -mabm -madx -mavx256-split-unaligned-load -mavx256-split-unaligned-store -mprfchw -mrdseed" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--with-bdeps=y" FCFLAGS="-O2 -pipe -march=core-avx2 -mabm -madx -mavx256-split-unaligned-load -mavx256-split-unaligned-store -mprfchw -mrdseed" FEATURES="assume-digests binpkg-logs candy config-protect-if-modified distlocks ebuild-locks fail-clean fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe -march=core-avx2 -mabm -madx -mavx256-split-unaligned-load -mavx256-split-unaligned-store -mprfchw -mrdseed" GENTOO_MIRRORS="http://distfiles.gentoo.org" LANG="de_DE.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="X a52 aac acl acpi alsa amd64 berkdb branding bzip2 cairo cdda cdr clang cli cracklib crypt cups cxx dbus declarative dri dts dvd dvdr ebook emboss encode exif fam fax ffmpeg firefox flac fortran gdbm gif glamor google gpm gtk iconv infinality ipv6 jpeg kde kipi lcms ldap libnotify lm_sensors mad matroska mng modules mp3 mp4 mpeg mtp multilib ncurses networkmanager nls nptl ofa ogg opencl opengl openmp opus pam pango pch pcre pdf phonon pim plasma png policykit postproc ppds pulseaudio qml qt3support qt4 qt5 readline scanner scrobbler sdl seccomp semantic-desktop session spell ssl startup-notification svg sync-plugin-portage systemd tcpd threads tiff truetype udev udisks unicode upower usb vaapi vc vdpau vorbis vpx vulkan wayland widgets wxwidgets x264 x265 xattr xcb xcomposite xinerama xml xscreensaver xv xvid zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="sony_dscf1" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 fma3 mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="libinput" KERNEL="linux" L10N="de" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="de" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4" RUBY_TARGETS="ruby21" SANE_BACKENDS="hp" USERLAND="GNU" VIDEO_CARDS="intel i965" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
Created attachment 463144 [details] build.log
This should be fixed with all recent versions of imagemagick. Please reopen if still valid
It is not fixed. You can see my actual build log.
Which imagemagick are you using? Do you have /etc/sandbox.d/99imagemagick installed?
Could you please add this path to sandbox.d as well?
[ebuild R ] media-gfx/imagemagick-6.9.7.6:0/6.9.7.6::gentoo USE="X bzip2 cxx jpeg lcms opencl openmp pango png svg tiff truetype xml zlib -autotrace -corefonts -djvu -fftw -fontconfig -fpx -graphviz -hdri -jbig -jpeg2k -lqr -lzma -openexr -perl -postscript -q32 -q64 -q8 -raw -static-libs {-test} -webp -wmf" Yes, I have /etc/sandbox.d/99imagemagick with the context: SANDBOX_PREDICT="/dev/nvidiactl:/dev/ati/card:/dev/dri/card" And I see, I have only one folder with the name: /dev/dri/card0.
*** Bug 609362 has been marked as a duplicate of this bug. ***
As I just found out analyzing bug 609522 is, that /dev/nvidia-uvm (used on optimus laptops when bumblebee is used to access the discrete nvidia card) is also missing. I do not get any accessviolations (installing sci-misc/boinc, using opencl enabled 'convert' to create the icon png for the boincmgr application) if I change 99imagemagick to: -------- ~ # cat /etc/sandbox.d/99imagemagick SANDBOX_PREDICT="/dev/nvidiactl:/dev/nvidia-uvm:/dev/ati/card:/dev/dri/card:/dev/dri/renderD128" -------- Could those two cards (/dev/nvidia-uvm and /dev/dri/renderD128) please be added to 99imagemagick?
*** Bug 621396 has been marked as a duplicate of this bug. ***
*** Bug 568144 has been marked as a duplicate of this bug. ***
commit ac141b1953a532e8553b099ac341db25f45d74b8 Author: Justin Lecher <jlec@gentoo.org> Date: Sat Jun 24 12:37:06 2017 +0200 media-gfx/imagemagick: Add missing rendering devices to sandbox whitelist Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=580208 Package-Manager: Portage-2.3.3, Repoman-2.3.2 Signed-off-by: Justin Lecher <jlec@gentoo.org> https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ac141b1953a532e8553b099ac341db25f45d74b8
