920063 – net-vpn/tor-0.4.7.16 fails tests on arm64: opendir: operation not permitted

Bug 920063 - net-vpn/tor-0.4.7.16 fails tests on arm64: opendir: operation not permitted

Summary: net-vpn/tor-0.4.7.16 fails tests on arm64: opendir: operation not permitted

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	John Helmert III

URL:	https://gitlab.torproject.org/tpo/cor...
Whiteboard:
Keywords:

Depends on:
Blocks:	916761
	Show dependency tree

Reported:	2023-12-15 22:53 UTC by matoro
Modified:	2023-12-28 21:05 UTC (History)
CC List:	3 users (show)

See Also:	920905
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description matoro archtester

2023-12-15 22:53:22 UTC

build.log and emerge --info in attachment.

sandbox related?

sandbox/opendir_dirname: [forking] 
  FAIL src/test/test_sandbox.c:264: opendir: Operation not permitted [1]
  [opendir_dirname FAILED]
sandbox/openat_filename: SKIPPED
sandbox/chmod_filename: [forking] 
  FAIL src/test/test_sandbox.c:184: chmod: Operation not permitted [1]
  [chmod_filename FAILED]
sandbox/chown_filename: [forking] 
  FAIL src/test/test_sandbox.c:202: chown: Operation not permitted [1]
  [chown_filename FAILED]
sandbox/rename_filename: [forking] 
  FAIL src/test/test_sandbox.c:222: rename: Operation not permitted [1]
  [rename_filename FAILED]

Reproducible: Always

Comment 1 matoro archtester

2023-12-15 22:56:22 UTC

Actually too large for bgo even compressed, so here it is:  https://paste.matoro.tk/sur83kw

Comment 2 John Helmert III archtester

2023-12-22 00:36:21 UTC

Hm, tor defines some of its own seccomp-based "sandbox" plumbing which these functions are intended to test, but I can't reproduce even on arm64 hardware.

Comment 3 matoro archtester

2023-12-22 03:06:25 UTC

(In reply to John Helmert III from comment #2)
> Hm, tor defines some of its own seccomp-based "sandbox" plumbing which these
> functions are intended to test, but I can't reproduce even on arm64 hardware.

Did you run in clean stable chroot?  And what kernel?  I am on LTS dist-kernel.  I can tar up my environment if it helps.

Comment 4 John Helmert III archtester

2023-12-24 20:27:48 UTC

Oops, sorry, yes, I can reproduce if I pay closer attention to the version I test...

Comment 5 John Helmert III archtester

2023-12-24 21:04:45 UTC

Hm, not sure what changed but now I can reproduce with 0.4.7.13-r1, 0.4.7.14, and 0.4.7.16, but not 0.4.8.10. Looks like there's a patch series upstream dealing with arm64 tor-sandbox functionality: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/574

Comment 6 matoro archtester

2023-12-24 22:36:56 UTC

(In reply to John Helmert III from comment #5)
> Hm, not sure what changed but now I can reproduce with 0.4.7.13-r1,
> 0.4.7.14, and 0.4.7.16, but not 0.4.8.10. Looks like there's a patch series
> upstream dealing with arm64 tor-sandbox functionality:
> https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/574

I can confirm that this patch backports cleanly to 0.4.7.16 and fixes the test suite.

Comment 7 Larry the Git Cow gentoo-dev

2023-12-25 19:55:40 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ac63593feec203a38fccf1189ba0fe3e304f4f8b

commit ac63593feec203a38fccf1189ba0fe3e304f4f8b
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2023-12-25 19:47:55 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-12-25 19:55:26 +0000

    net-vpn/tor: add 0.4.7.16-r1 for arm64 test patch
    
    Closes: https://bugs.gentoo.org/920063
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 net-vpn/tor/files/tor-0.4.7.16-arm64-sandbox.patch | 337 +++++++++++++++++++++
 net-vpn/tor/tor-0.4.7.16-r1.ebuild                 | 168 ++++++++++
 2 files changed, 505 insertions(+)