There are several issues with firejail's tests:
- the firejail executable gets installed setuid so that it can build sandboxes, but...
- that means 'make test' doesn't work in a compiled-but-not-installed directory tree, so...
- 'make test' must look for an already-installed copy of firejail, which mostly works, except...
- this interferes with portage's sandboxing, which uses LD_PRELOAD, which is ignored for setuids;
- besides, recent firejail versions limit environment variable size and count, which portage regularly exceeds (from python_targets_* explosion, etc.), so various tests currently fail no matter what.
The environment stuff needs to be addressed regardless.
I'm not sure what to do about "needs its setuid bit to run tests, but that doesn't play nice with portage". I could not find examples of other packages' setuid binaries getting tests that require +s in a strenuous 5 minutes of grepping.
The bug has been referenced in the following commit(s):
Author: Sam James <firstname.lastname@example.org>
AuthorDate: 2021-02-18 00:58:54 +0000
Commit: Sam James <email@example.com>
CommitDate: 2021-02-18 00:58:54 +0000
sys-apps/firejail: RESTRICT tests which fail in sandbox
See bug and referenced GitHub PR for details.
Package-Manager: Portage-3.0.14-prefix, Repoman-3.0.2
Signed-off-by: Sam James <firstname.lastname@example.org>
sys-apps/firejail/firejail-0.9.64.4.ebuild | 4 +++-
sys-apps/firejail/firejail-9999.ebuild | 4 +++-
2 files changed, 6 insertions(+), 2 deletions(-)