FAIL: tls-with-seccomp FAIL: tls-client-with-seccomp FAIL: dtls-with-seccomp FAIL: dtls-client-with-seccomp I don't have libseccomp installed and USE=test does not pull it in. Also not all platforms have libseccomp possibility. $(multilib_native_use_enable seccomp seccomp-tests) seems to be ineffective.
Created attachment 521968 [details] build.log
Created attachment 521970 [details] tests/test-suite.log
Portage 2.3.19 (python 2.7.14-final-0, default/linux/arm64/17.0, gcc-6.4.0, glibc-2.25-r10, 4.9.0-4-arm64 aarch64) ================================================================= System uname: Linux-4.9.0-4-arm64-aarch64-with-gentoo-2.4.1 KiB Mem: 131544964 total, 115916212 free KiB Swap: 3321056 total, 3321056 free Timestamp of repository gentoo: Fri, 02 Mar 2018 17:00:01 +0000 Head commit of repository gentoo: be9e3223c6ee365a84bd10754e44a0d3f3dda62f sh bash 4.3_p48-r1 ld GNU ld (Gentoo 2.29.1 p3) 2.29.1 app-shells/bash: 4.3_p48-r1::gentoo dev-lang/perl: 5.24.3::gentoo dev-lang/python: 2.7.14-r1::gentoo, 3.5.4-r1::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.4.1-r2::gentoo sys-apps/openrc: 0.34.11::gentoo sys-apps/sandbox: 2.12::gentoo sys-devel/autoconf: 2.69-r4::gentoo sys-devel/automake: 1.15.1-r1::gentoo sys-devel/binutils: 2.29.1-r1::gentoo sys-devel/gcc: 6.4.0-r1::gentoo sys-devel/gcc-config: 1.8-r1::gentoo sys-devel/libtool: 2.4.6-r3::gentoo sys-devel/make: 4.1-r1::gentoo sys-kernel/linux-headers: 4.13::gentoo (virtual/os-headers) sys-libs/glibc: 2.25-r10::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 sync-rsync-extra-opts: ACCEPT_KEYWORDS="arm64" ACCEPT_LICENSE="* -@EULA" CBUILD="aarch64-unknown-linux-gnu" CFLAGS="-O2 -pipe" CHOST="aarch64-unknown-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms strict test unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2" GENTOO_MIRRORS="http://gentoo.osuosl.org/" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j50" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="acl arm64 berkdb bzip2 cli crypt cxx dri fortran gdbm iconv ipv6 modules multilib ncurses nls nptl openmp pam pcre readline seccomp ssl tcpd unicode xattr zlib" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_ARM="edsp neon thumb thumb2 v4 v5 v6 v7 v8 vfp vfp-d32 vfpv3 vfpv4" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6 php7-0" POSTGRES_TARGETS="postgres9_5" PYTHON_SINGLE_TARGET="python3_5" PYTHON_TARGETS="python2_7 python3_5" RUBY_TARGETS="ruby21 ruby22 ruby23" USERLAND="GNU" VIDEO_CARDS="fbdev dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Oops, actually I did have libseccomp installed and the USE flag was enabled from profile as well. So it seems tests fail with USE=seccomp and pass without. Might be platform-specific too
Hi, You have seccomp USE You do have libseccomp: checking for libseccomp... yes checking how to link with libseccomp... -lseccomp The question - do you have seccomp enabled in kernel? If not, please disable seccomp USE as it does not make sense to enable it. If use, please attach tests/*.log Thanks!
I don't know about the kernel, I'm in a chroot. I don't think things should fail though if USE=seccomp and no support in kernel. How do I find out if it's enabled? At least journald says on the host: systemd 232 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN) but that might mean just built with support, not necessarily at runtime (I don't know). At least it doesn't fail like the tests fail. Also maybe seccomp isn't functional inside chroot.
(In reply to Alon Bar-Lev from comment #5) > If use, please attach tests/*.log test-suite.log was already attached; the individual (dozens) files seemed to be short files with exactly the same content already concatenated into test-suite.log
You can check CONFIG_SECCOMP=y in kernel configuration. Please do not enable seccomp if you do not have this, it is like enabling selinux, fuse or any other feature that depend on kernel feature and/or hardware feature, you cannot enable if not configured/available. Please tell me if configured.
I do not have config file, I'm in a chroot on foreign host. No /proc/config* there either. I am quite sure the host does have support though, it might be not available to the chroot though, not sure how that works. It is often not valid to disable seccomp support on packages, even if you happen to prepare things in a chroot and not have support at runtime. I'm also about to even use.force seccomp for tracker where platform has support, and am contemplating on doing it globally instead (at least on arches I am member of and have seccomp support). I will most definitely not disable USE=seccomp globally, I might however ignore the test failure for future stabilization concerns or mask it per-package to gnutls if it can't be properly fixed.
I do not understand... You enable seccomp - ok, you assume build succeeds - ok, makes sense in most cases. You enable tests and seccomp - this means that you instruct build to actually test that things work with seccomp enabled... what do you expect? tests to succeed? I am closing this as you cannot report if seccomp is enabled or not, it is perfectly valid for tests to fail if you do not have it on.
I fount config from /boot of the host, it has: CONFIG_HAVE_ARCH_SECCOMP_FILTER=y CONFIG_SECCOMP_FILTER=y CONFIG_SECCOMP=y
We are working on a full gentoo system out of those chroots in parallel, after which I can test natively too. Meanwhile I'm pretty sure libseccomp is enabled in the kernel, but maybe something is messing things up via the chroot fact.
Still fails the same with gnutls-3.5.18. Now in a full systemd-nspawn container with proper namespacing and so on, not a dumb chroot. libseccomp itself has an extensive test suite, which all passes just fine and dandy, so I would claim that it's NOT a kernel problem (unless libseccomp tests don't exercise that somehow...).
Hi, Can you please provide strace output of one of the failing tests? Thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=807088725f04adee3a1e0ed9a8b41d8d647262b3 commit 807088725f04adee3a1e0ed9a8b41d8d647262b3 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-09-04 15:28:14 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-09-04 16:13:47 +0000 net-libs/gnutls: bump to v3.6.15 Bug: https://bugs.gentoo.org/649396 Bug: https://bugs.gentoo.org/711104 Bug: https://bugs.gentoo.org/740390 Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-libs/gnutls/Manifest | 1 + .../gnutls-3.6.15-skip-dtls-seccomp-tests.patch | 26 ++++ net-libs/gnutls/gnutls-3.6.15.ebuild | 134 +++++++++++++++++++++ 3 files changed, 161 insertions(+)
Still happens with 3.7.1 on hppa: * USE: cxx elibc_glibc hppa idn kernel_linux nls openssl seccomp test tls-heartbeat userland_GNU
and 3.7.2
Still the same errors with 3.8.0 on hppa.
Same on arm64.