Created attachment 889017 [details] www-client:firefox-124.0.1:20240329-161306.log.xz I've just built www-client/firefox for the first time, and after starting it seems to spam the console with warnings heavily: $ firefox --profile /tmp/test [warn] epoll_wait: Function not implemented [899883] Sandbox: seccomp sandbox violation: pid 899883, tid 899888, syscall 441, args 12 140694333724288 32 0 0 8. […] The window appears but it is largely non-functional, web pages don't load — I'm not sure if that's because something doesn't work at all, or because it's spending so much resources outputting these warnings non-stop. In order for it to stop, I need to SIGKILL all /usr/lib64/firefox/firefox-bin processes.
Created attachment 889018 [details] emerge --info
Does firefox-bin work? Anything in dmesg?
(In reply to Joonas Niilola from comment #2) > Does firefox-bin work? Yes, using it for a long time without issues. > Anything in dmesg? Nope. I somehow suspect it's related to new syscalls in sys-libs/glibc-2.39-r2.
I tried with your USE flags and CFLAGS. Firefox-124.0.1 works fine here on ~unstable with glibc-2.39-r2. Hard to say what could be the issue, but since firefox-bin works it's definitely something gentoo-related. I would try with all system* flags turned off, and if that doesn't help, might need to debug with gdb/strace.
Thanks, I will start with that.
For the record, the syscall in question is epoll_pwait2.
You were right, it was one of the system libraries. Now I'm gonna try "bisecting" which one.
That said, at this point I'm quite convinced that the correct solution is to add __NR_epoll_wait2 to the cases in: https://searchfox.org/mozilla-central/source/security/sandbox/linux/SandboxFilterUtil.h#218-224 Any clue how to proceed with that? I suppose syscall tables in security/sandbox/chromium/sandbox/linux/system_headers need to be updated too -- FWICS chromium added __NR_epoll_pwait2 there a while ago already.
Confirmed that it's USE=system-libevent. I'll work on a patch now.
Created attachment 889218 [details, diff] patch adding epoll_pwait2 syscall to sandbox Here's a quick patch that fixed the issue for me. Note that I've added the syscall fallback to amd64/x86 but not arm*. Technically, the cause is libevent-2.2.1 (alpha) — upstream added use of epoll_pwait2() there.
(In reply to Michał Górny from comment #8) > > Any clue how to proceed with that? I suppose syscall tables in > security/sandbox/chromium/sandbox/linux/system_headers need to be updated > too -- FWICS chromium added __NR_epoll_pwait2 there a while ago already. I tried to find this but couldn't, can you give me a repo/commit for this? I'll ask upstream to update this. At least the sandbox/chromium/ part comes from chromium, I don't know the relation between that and sandbox/linux/ but I imagine they're connected. Thanks for the patch! I'll add it when next time touching Firefox. Luckily this file is basically never updated so if we can't persuade upstream to update their sandbox component anytime soon, it shouldn't break for us either.
(In reply to Joonas Niilola from comment #11) > (In reply to Michał Górny from comment #8) > > > > Any clue how to proceed with that? I suppose syscall tables in > > security/sandbox/chromium/sandbox/linux/system_headers need to be updated > > too -- FWICS chromium added __NR_epoll_pwait2 there a while ago already. > > I tried to find this but couldn't, can you give me a repo/commit for this? > I'll ask upstream to update this. At least the sandbox/chromium/ part comes > from chromium, I don't know the relation between that and sandbox/linux/ but > I imagine they're connected. > ... https://github.com/chromium/chromium/commit/5e08782516d24de536e75d6bf4ff2bc87be55124 my grep-fu failed.
Yes, thanks!
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d6541f7a2dcf4311cb5028e2970258521c50c99 commit 6d6541f7a2dcf4311cb5028e2970258521c50c99 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2024-04-05 10:55:06 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2024-04-05 10:55:28 +0000 www-client/firefox: add 124.0.2 Closes: https://bugs.gentoo.org/928137 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-client/firefox/Manifest | 101 ++ www-client/firefox/firefox-124.0.2.ebuild | 1424 +++++++++++++++++++++++++++++ 2 files changed, 1525 insertions(+)
