Message ID | 20220930084823.2772546-1-changqing.li@windriver.com |
---|---|
State | New |
Headers | show |
Series | fix close_range fails unexpectedly in unprivileged process | expand |
Yeah, this is a Docker issue. Fix your docker. Ross > On 30 Sep 2022, at 09:48, Changqing Li via lists.openembedded.org <changqing.li=windriver.com@lists.openembedded.org> wrote: > > From: Changqing Li <changqing.li@windriver.com> > > After commit [1], start a unprivileged container (docker run without --privileged), > close file will fail. > > This is actually an docker issue, see [2]. But this issue will > block yocto build in docker with glibc2.35+. so add this local patch. > > [1] https://gitlab.gnome.org/GNOME/glib/-/commit/ce04a124040be091407e070280d86ca810bacb8c > [2] https://github.com/moby/moby/issues/43595 > > Signed-off-by: Changqing Li <changqing.li@windriver.com> > --- > ...fails-unexpectedly-in-unprivileged-p.patch | 46 +++++++++++++++++++ > meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 1 + > 2 files changed, 47 insertions(+) > create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch > > diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch b/meta/recipes-core/glib-2.0/glib-2.0/0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch > new file mode 100644 > index 0000000000..213ee7b11f > --- /dev/null > +++ b/meta/recipes-core/glib-2.0/glib-2.0/0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch > @@ -0,0 +1,46 @@ > +From 0fb283b3b1e3b4958b985804cbc40b7bff8b0e65 Mon Sep 17 00:00:00 2001 > +From: Changqing Li <changqing.li@windriver.com> > +Date: Fri, 30 Sep 2022 08:29:41 +0000 > +Subject: [PATCH] fix close_range fails unexpectedly in unprivileged process > + > +After change [1], start a unprivileged container (docker run without --privileged), > +close file may fail. > + > +This is actually an docker issue, see [2]. But this issue will > +block yocto build in docker with glibc2.35+. so add this local patch. > + > +[1] https://gitlab.gnome.org/GNOME/glib/-/commit/ce04a124040be091407e070280d86ca810bacb8c > +[2] https://github.com/moby/moby/issues/43595 > + > +Upstream-Status: Inappropriate [Rejected by upstream] > + > +Signed-off-by: Changqing Li <changqing.li@windriver.com> > +--- > + glib/gspawn.c | 4 ++-- > + 1 file changed, 2 insertions(+), 2 deletions(-) > + > +diff --git a/glib/gspawn.c b/glib/gspawn.c > +index 0a2cbe5..83553a1 100644 > +--- a/glib/gspawn.c > ++++ b/glib/gspawn.c > +@@ -1544,7 +1544,7 @@ safe_fdwalk_set_cloexec (int lowfd) > + * fall back to safe_fdwalk(). Handle EINVAL in case `CLOSE_RANGE_CLOEXEC` > + * is not supported. */ > + int ret = close_range (lowfd, G_MAXUINT, CLOSE_RANGE_CLOEXEC); > +- if (ret == 0 || !(errno == ENOSYS || errno == EINVAL)) > ++ if (ret == 0 || !(errno == ENOSYS || errno == EINVAL || errno == EPERM)) > + return ret; > + #endif /* HAVE_CLOSE_RANGE */ > + return safe_fdwalk (set_cloexec, GINT_TO_POINTER (lowfd)); > +@@ -1597,7 +1597,7 @@ safe_closefrom (int lowfd) > + * Handle ENOSYS in case it’s supported in libc but not the kernel; if so, > + * fall back to safe_fdwalk(). */ > + int ret = close_range (lowfd, G_MAXUINT, 0); > +- if (ret == 0 || errno != ENOSYS) > ++ if (ret == 0 || !(errno == ENOSYS || errno == EPERM)) > + return ret; > + #endif /* HAVE_CLOSE_RANGE */ > + return safe_fdwalk (close_func, GINT_TO_POINTER (lowfd)); > +-- > +2.34.1 > + > diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb > index dd1ea508d2..bbaacc64a4 100644 > --- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb > +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb > @@ -16,6 +16,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ > file://0001-Do-not-write-bindir-into-pkg-config-files.patch \ > file://0001-meson-Run-atomics-test-on-clang-as-well.patch \ > file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \ > + file://0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch \ > " > SRC_URI:append:class-native = " file://relocate-modules.patch" > > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#171215): https://lists.openembedded.org/g/openembedded-core/message/171215 > Mute This Topic: https://lists.openembedded.org/mt/94012543/6875888 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ross.burton@arm.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On 9/30/22 17:50, Ross Burton wrote: > [Please note: This e-mail is from an EXTERNAL e-mail address] > > Yeah, this is a Docker issue. Fix your docker. > > Ross Hi, I know this is an docker issue, but this will block yocto build in old docker. I noticed we already have an local patch for glibc to fix similar issue. So, maybe this patch is also need. https://git.openembedded.org/openembedded-core/tree/meta/recipes-core/glibc/glibc/0023-fix-create-thread-failed-in-unprivileged-process-BZ-.patch <https://git.openembedded.org/openembedded-core/tree/meta/recipes-core/glibc/glibc/0023-fix-create-thread-failed-in-unprivileged-process-BZ-.patch> BRs Changqing > >> On 30 Sep 2022, at 09:48, Changqing Li via lists.openembedded.org<changqing.li=windriver.com@lists.openembedded.org> wrote: >> >> From: Changqing Li<changqing.li@windriver.com> >> >> After commit [1], start a unprivileged container (docker run without --privileged), >> close file will fail. >> >> This is actually an docker issue, see [2]. But this issue will >> block yocto build in docker with glibc2.35+. so add this local patch. >> >> [1]https://gitlab.gnome.org/GNOME/glib/-/commit/ce04a124040be091407e070280d86ca810bacb8c >> [2]https://github.com/moby/moby/issues/43595 >> >> Signed-off-by: Changqing Li<changqing.li@windriver.com> >> --- >> ...fails-unexpectedly-in-unprivileged-p.patch | 46 +++++++++++++++++++ >> meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 1 + >> 2 files changed, 47 insertions(+) >> create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch >> >> diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch b/meta/recipes-core/glib-2.0/glib-2.0/0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch >> new file mode 100644 >> index 0000000000..213ee7b11f >> --- /dev/null >> +++ b/meta/recipes-core/glib-2.0/glib-2.0/0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch >> @@ -0,0 +1,46 @@ >> +From 0fb283b3b1e3b4958b985804cbc40b7bff8b0e65 Mon Sep 17 00:00:00 2001 >> +From: Changqing Li<changqing.li@windriver.com> >> +Date: Fri, 30 Sep 2022 08:29:41 +0000 >> +Subject: [PATCH] fix close_range fails unexpectedly in unprivileged process >> + >> +After change [1], start a unprivileged container (docker run without --privileged), >> +close file may fail. >> + >> +This is actually an docker issue, see [2]. But this issue will >> +block yocto build in docker with glibc2.35+. so add this local patch. >> + >> +[1]https://gitlab.gnome.org/GNOME/glib/-/commit/ce04a124040be091407e070280d86ca810bacb8c >> +[2]https://github.com/moby/moby/issues/43595 >> + >> +Upstream-Status: Inappropriate [Rejected by upstream] >> + >> +Signed-off-by: Changqing Li<changqing.li@windriver.com> >> +--- >> + glib/gspawn.c | 4 ++-- >> + 1 file changed, 2 insertions(+), 2 deletions(-) >> + >> +diff --git a/glib/gspawn.c b/glib/gspawn.c >> +index 0a2cbe5..83553a1 100644 >> +--- a/glib/gspawn.c >> ++++ b/glib/gspawn.c >> +@@ -1544,7 +1544,7 @@ safe_fdwalk_set_cloexec (int lowfd) >> + * fall back to safe_fdwalk(). Handle EINVAL in case `CLOSE_RANGE_CLOEXEC` >> + * is not supported. */ >> + int ret = close_range (lowfd, G_MAXUINT, CLOSE_RANGE_CLOEXEC); >> +- if (ret == 0 || !(errno == ENOSYS || errno == EINVAL)) >> ++ if (ret == 0 || !(errno == ENOSYS || errno == EINVAL || errno == EPERM)) >> + return ret; >> + #endif /* HAVE_CLOSE_RANGE */ >> + return safe_fdwalk (set_cloexec, GINT_TO_POINTER (lowfd)); >> +@@ -1597,7 +1597,7 @@ safe_closefrom (int lowfd) >> + * Handle ENOSYS in case it’s supported in libc but not the kernel; if so, >> + * fall back to safe_fdwalk(). */ >> + int ret = close_range (lowfd, G_MAXUINT, 0); >> +- if (ret == 0 || errno != ENOSYS) >> ++ if (ret == 0 || !(errno == ENOSYS || errno == EPERM)) >> + return ret; >> + #endif /* HAVE_CLOSE_RANGE */ >> + return safe_fdwalk (close_func, GINT_TO_POINTER (lowfd)); >> +-- >> +2.34.1 >> + >> diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb >> index dd1ea508d2..bbaacc64a4 100644 >> --- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb >> +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb >> @@ -16,6 +16,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ >> file://0001-Do-not-write-bindir-into-pkg-config-files.patch \ >> file://0001-meson-Run-atomics-test-on-clang-as-well.patch \ >> file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \ >> +file://0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch \ >> " >> SRC_URI:append:class-native =" file://relocate-modules.patch" >> >> -- >> 2.34.1 >> >> >> -=-=-=-=-=-=-=-=-=-=-=- >> Links: You receive all messages sent to this group. >> View/Reply Online (#171215):https://lists.openembedded.org/g/openembedded-core/message/171215 >> Mute This Topic:https://lists.openembedded.org/mt/94012543/6875888 >> Group Owner:openembedded-core+owner@lists.openembedded.org >> Unsubscribe:https://lists.openembedded.org/g/openembedded-core/unsub [ross.burton@arm.com] >> -=-=-=-=-=-=-=-=-=-=-=- >>
On 10/8/22 15:13, Changqing Li wrote: > > On 9/30/22 17:50, Ross Burton wrote: >> [Please note: This e-mail is from an EXTERNAL e-mail address] >> >> Yeah, this is a Docker issue. Fix your docker. >> >> Ross > > Hi, > > I know this is an docker issue, but this will block yocto build in old > docker. I noticed we already > > have an local patch for glibc to fix similar issue. So, maybe this > patch is also need. > > https://git.openembedded.org/openembedded-core/tree/meta/recipes-core/glibc/glibc/0023-fix-create-thread-failed-in-unprivileged-process-BZ-.patch > <https://urldefense.com/v3/__https://git.openembedded.org/openembedded-core/tree/meta/recipes-core/glibc/glibc/0023-fix-create-thread-failed-in-unprivileged-process-BZ-.patch__;!!AjveYdw8EvQ!eYLVLZ08i44b_x9_dIbN2TSPyxAcGhsmfzSKGDqz016oV_Ho6qPIx5-JFpq4dQFyePJxNDxvfYRzGfProOLpzc_lrbDVeMs$> > > BRs > > Changqing > ping >>> On 30 Sep 2022, at 09:48, Changqing Li vialists.openembedded.org <https://urldefense.com/v3/__http://lists.openembedded.org__;!!AjveYdw8EvQ!eYLVLZ08i44b_x9_dIbN2TSPyxAcGhsmfzSKGDqz016oV_Ho6qPIx5-JFpq4dQFyePJxNDxvfYRzGfProOLpzc_lHw1qYsY$> <changqing.li=windriver.com@lists.openembedded.org> wrote: >>> >>> From: Changqing Li<changqing.li@windriver.com> >>> >>> After commit [1], start a unprivileged container (docker run without --privileged), >>> close file will fail. >>> >>> This is actually an docker issue, see [2]. But this issue will >>> block yocto build in docker with glibc2.35+. so add this local patch. >>> >>> [1]https://gitlab.gnome.org/GNOME/glib/-/commit/ce04a124040be091407e070280d86ca810bacb8c >>> [2]https://github.com/moby/moby/issues/43595 >>> >>> Signed-off-by: Changqing Li<changqing.li@windriver.com> >>> --- >>> ...fails-unexpectedly-in-unprivileged-p.patch | 46 +++++++++++++++++++ >>> meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb <https://urldefense.com/v3/__http://glib-2.0_2.72.3.bb__;!!AjveYdw8EvQ!eYLVLZ08i44b_x9_dIbN2TSPyxAcGhsmfzSKGDqz016oV_Ho6qPIx5-JFpq4dQFyePJxNDxvfYRzGfProOLpzc_lPpFuHiw$> | 1 + >>> 2 files changed, 47 insertions(+) >>> create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch >>> >>> diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch b/meta/recipes-core/glib-2.0/glib-2.0/0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch >>> new file mode 100644 >>> index 0000000000..213ee7b11f >>> --- /dev/null >>> +++ b/meta/recipes-core/glib-2.0/glib-2.0/0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch >>> @@ -0,0 +1,46 @@ >>> +From 0fb283b3b1e3b4958b985804cbc40b7bff8b0e65 Mon Sep 17 00:00:00 2001 >>> +From: Changqing Li<changqing.li@windriver.com> >>> +Date: Fri, 30 Sep 2022 08:29:41 +0000 >>> +Subject: [PATCH] fix close_range fails unexpectedly in unprivileged process >>> + >>> +After change [1], start a unprivileged container (docker run without --privileged), >>> +close file may fail. >>> + >>> +This is actually an docker issue, see [2]. But this issue will >>> +block yocto build in docker with glibc2.35+. so add this local patch. >>> + >>> +[1]https://gitlab.gnome.org/GNOME/glib/-/commit/ce04a124040be091407e070280d86ca810bacb8c >>> +[2]https://github.com/moby/moby/issues/43595 >>> + >>> +Upstream-Status: Inappropriate [Rejected by upstream] >>> + >>> +Signed-off-by: Changqing Li<changqing.li@windriver.com> >>> +--- >>> + glib/gspawn.c | 4 ++-- >>> + 1 file changed, 2 insertions(+), 2 deletions(-) >>> + >>> +diff --git a/glib/gspawn.c b/glib/gspawn.c >>> +index 0a2cbe5..83553a1 100644 >>> +--- a/glib/gspawn.c >>> ++++ b/glib/gspawn.c >>> +@@ -1544,7 +1544,7 @@ safe_fdwalk_set_cloexec (int lowfd) >>> + * fall back to safe_fdwalk(). Handle EINVAL in case `CLOSE_RANGE_CLOEXEC` >>> + * is not supported. */ >>> + int ret = close_range (lowfd, G_MAXUINT, CLOSE_RANGE_CLOEXEC); >>> +- if (ret == 0 || !(errno == ENOSYS || errno == EINVAL)) >>> ++ if (ret == 0 || !(errno == ENOSYS || errno == EINVAL || errno == EPERM)) >>> + return ret; >>> + #endif /* HAVE_CLOSE_RANGE */ >>> + return safe_fdwalk (set_cloexec, GINT_TO_POINTER (lowfd)); >>> +@@ -1597,7 +1597,7 @@ safe_closefrom (int lowfd) >>> + * Handle ENOSYS in case it’s supported in libc but not the kernel; if so, >>> + * fall back to safe_fdwalk(). */ >>> + int ret = close_range (lowfd, G_MAXUINT, 0); >>> +- if (ret == 0 || errno != ENOSYS) >>> ++ if (ret == 0 || !(errno == ENOSYS || errno == EPERM)) >>> + return ret; >>> + #endif /* HAVE_CLOSE_RANGE */ >>> + return safe_fdwalk (close_func, GINT_TO_POINTER (lowfd)); >>> +-- >>> +2.34.1 >>> + >>> diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb <https://urldefense.com/v3/__http://glib-2.0_2.72.3.bb__;!!AjveYdw8EvQ!eYLVLZ08i44b_x9_dIbN2TSPyxAcGhsmfzSKGDqz016oV_Ho6qPIx5-JFpq4dQFyePJxNDxvfYRzGfProOLpzc_lPpFuHiw$> b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb <https://urldefense.com/v3/__http://glib-2.0_2.72.3.bb__;!!AjveYdw8EvQ!eYLVLZ08i44b_x9_dIbN2TSPyxAcGhsmfzSKGDqz016oV_Ho6qPIx5-JFpq4dQFyePJxNDxvfYRzGfProOLpzc_lPpFuHiw$> >>> index dd1ea508d2..bbaacc64a4 100644 >>> --- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb <https://urldefense.com/v3/__http://glib-2.0_2.72.3.bb__;!!AjveYdw8EvQ!eYLVLZ08i44b_x9_dIbN2TSPyxAcGhsmfzSKGDqz016oV_Ho6qPIx5-JFpq4dQFyePJxNDxvfYRzGfProOLpzc_lPpFuHiw$> >>> +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb <https://urldefense.com/v3/__http://glib-2.0_2.72.3.bb__;!!AjveYdw8EvQ!eYLVLZ08i44b_x9_dIbN2TSPyxAcGhsmfzSKGDqz016oV_Ho6qPIx5-JFpq4dQFyePJxNDxvfYRzGfProOLpzc_lPpFuHiw$> >>> @@ -16,6 +16,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ >>> file://0001-Do-not-write-bindir-into-pkg-config-files.patch \ >>> file://0001-meson-Run-atomics-test-on-clang-as-well.patch \ >>> file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \ >>> +file://0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch \ >>> " >>> SRC_URI:append:class-native =" file://relocate-modules.patch" >>> >>> -- >>> 2.34.1 >>> >>> >>> >>> > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#171532):https://lists.openembedded.org/g/openembedded-core/message/171532 > Mute This Topic:https://lists.openembedded.org/mt/94012543/3616873 > Group Owner:openembedded-core+owner@lists.openembedded.org > Unsubscribe:https://lists.openembedded.org/g/openembedded-core/unsub [changqing.li@windriver.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On Wed, Oct 12, 2022 at 5:41 PM Changqing Li <changqing.li@windriver.com> wrote: > > On 10/8/22 15:13, Changqing Li wrote: > > On 9/30/22 17:50, Ross Burton wrote: > > [Please note: This e-mail is from an EXTERNAL e-mail address] > > Yeah, this is a Docker issue. Fix your docker. > > Ross > > Hi, > > I know this is an docker issue, but this will block yocto build in old > docker. I noticed we already > > have an local patch for glibc to fix similar issue. So, maybe this patch > is also need. > > > https://git.openembedded.org/openembedded-core/tree/meta/recipes-core/glibc/glibc/0023-fix-create-thread-failed-in-unprivileged-process-BZ-.patch > <https://urldefense.com/v3/__https://git.openembedded.org/openembedded-core/tree/meta/recipes-core/glibc/glibc/0023-fix-create-thread-failed-in-unprivileged-process-BZ-.patch__;!!AjveYdw8EvQ!eYLVLZ08i44b_x9_dIbN2TSPyxAcGhsmfzSKGDqz016oV_Ho6qPIx5-JFpq4dQFyePJxNDxvfYRzGfProOLpzc_lrbDVeMs$> > > BRs > > These patches are addressing a corner case for supported systems and the patches are not backports and it’s perhaps better to keep them local Infact I would suggest to send a patch to remove the above patch from core glibc recipe instead > Changqing > > ping > > On 30 Sep 2022, at 09:48, Changqing Li via lists.openembedded.org <https://urldefense.com/v3/__http://lists.openembedded.org__;!!AjveYdw8EvQ!eYLVLZ08i44b_x9_dIbN2TSPyxAcGhsmfzSKGDqz016oV_Ho6qPIx5-JFpq4dQFyePJxNDxvfYRzGfProOLpzc_lHw1qYsY$> <changqing.li=windriver.com@lists.openembedded.org> <changqing.li=windriver.com@lists.openembedded.org> wrote: > > From: Changqing Li <changqing.li@windriver.com> <changqing.li@windriver.com> > > After commit [1], start a unprivileged container (docker run without --privileged), > close file will fail. > > This is actually an docker issue, see [2]. But this issue will > block yocto build in docker with glibc2.35+. so add this local patch. > > [1] https://gitlab.gnome.org/GNOME/glib/-/commit/ce04a124040be091407e070280d86ca810bacb8c <https://urldefense.com/v3/__https://gitlab.gnome.org/GNOME/glib/-/commit/ce04a124040be091407e070280d86ca810bacb8c__;!!AjveYdw8EvQ!eYLVLZ08i44b_x9_dIbN2TSPyxAcGhsmfzSKGDqz016oV_Ho6qPIx5-JFpq4dQFyePJxNDxvfYRzGfProOLpzc_lUw7m6AI$> > [2] https://github.com/moby/moby/issues/43595 <https://urldefense.com/v3/__https://github.com/moby/moby/issues/43595__;!!AjveYdw8EvQ!eYLVLZ08i44b_x9_dIbN2TSPyxAcGhsmfzSKGDqz016oV_Ho6qPIx5-JFpq4dQFyePJxNDxvfYRzGfProOLpzc_lfE8TzmQ$> > > Signed-off-by: Changqing Li <changqing.li@windriver.com> <changqing.li@windriver.com> > --- > ...fails-unexpectedly-in-unprivileged-p.patch | 46 +++++++++++++++++++ > meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb <https://urldefense.com/v3/__http://glib-2.0_2.72.3.bb__;!!AjveYdw8EvQ!eYLVLZ08i44b_x9_dIbN2TSPyxAcGhsmfzSKGDqz016oV_Ho6qPIx5-JFpq4dQFyePJxNDxvfYRzGfProOLpzc_lPpFuHiw$> | 1 + > 2 files changed, 47 insertions(+) > create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch > > diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch b/meta/recipes-core/glib-2.0/glib-2.0/0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch > new file mode 100644 > index 0000000000..213ee7b11f > --- /dev/null > +++ b/meta/recipes-core/glib-2.0/glib-2.0/0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch > @@ -0,0 +1,46 @@ > +From 0fb283b3b1e3b4958b985804cbc40b7bff8b0e65 Mon Sep 17 00:00:00 2001 > +From: Changqing Li <changqing.li@windriver.com> <changqing.li@windriver.com> > +Date: Fri, 30 Sep 2022 08:29:41 +0000 > +Subject: [PATCH] fix close_range fails unexpectedly in unprivileged process > + > +After change [1], start a unprivileged container (docker run without --privileged), > +close file may fail. > + > +This is actually an docker issue, see [2]. But this issue will > +block yocto build in docker with glibc2.35+. so add this local patch. > + > +[1] https://gitlab.gnome.org/GNOME/glib/-/commit/ce04a124040be091407e070280d86ca810bacb8c <https://urldefense.com/v3/__https://gitlab.gnome.org/GNOME/glib/-/commit/ce04a124040be091407e070280d86ca810bacb8c__;!!AjveYdw8EvQ!eYLVLZ08i44b_x9_dIbN2TSPyxAcGhsmfzSKGDqz016oV_Ho6qPIx5-JFpq4dQFyePJxNDxvfYRzGfProOLpzc_lUw7m6AI$> > +[2] https://github.com/moby/moby/issues/43595 <https://urldefense.com/v3/__https://github.com/moby/moby/issues/43595__;!!AjveYdw8EvQ!eYLVLZ08i44b_x9_dIbN2TSPyxAcGhsmfzSKGDqz016oV_Ho6qPIx5-JFpq4dQFyePJxNDxvfYRzGfProOLpzc_lfE8TzmQ$> > + > +Upstream-Status: Inappropriate [Rejected by upstream] > + > +Signed-off-by: Changqing Li <changqing.li@windriver.com> <changqing.li@windriver.com> > +--- > + glib/gspawn.c | 4 ++-- > + 1 file changed, 2 insertions(+), 2 deletions(-) > + > +diff --git a/glib/gspawn.c b/glib/gspawn.c > +index 0a2cbe5..83553a1 100644 > +--- a/glib/gspawn.c > ++++ b/glib/gspawn.c > +@@ -1544,7 +1544,7 @@ safe_fdwalk_set_cloexec (int lowfd) > + * fall back to safe_fdwalk(). Handle EINVAL in case `CLOSE_RANGE_CLOEXEC` > + * is not supported. */ > + int ret = close_range (lowfd, G_MAXUINT, CLOSE_RANGE_CLOEXEC); > +- if (ret == 0 || !(errno == ENOSYS || errno == EINVAL)) > ++ if (ret == 0 || !(errno == ENOSYS || errno == EINVAL || errno == EPERM)) > + return ret; > + #endif /* HAVE_CLOSE_RANGE */ > + return safe_fdwalk (set_cloexec, GINT_TO_POINTER (lowfd)); > +@@ -1597,7 +1597,7 @@ safe_closefrom (int lowfd) > + * Handle ENOSYS in case it’s supported in libc but not the kernel; if so, > + * fall back to safe_fdwalk(). */ > + int ret = close_range (lowfd, G_MAXUINT, 0); > +- if (ret == 0 || errno != ENOSYS) > ++ if (ret == 0 || !(errno == ENOSYS || errno == EPERM)) > + return ret; > + #endif /* HAVE_CLOSE_RANGE */ > + return safe_fdwalk (close_func, GINT_TO_POINTER (lowfd)); > +-- > +2.34.1 > + > diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb <https://urldefense.com/v3/__http://glib-2.0_2.72.3.bb__;!!AjveYdw8EvQ!eYLVLZ08i44b_x9_dIbN2TSPyxAcGhsmfzSKGDqz016oV_Ho6qPIx5-JFpq4dQFyePJxNDxvfYRzGfProOLpzc_lPpFuHiw$> b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb <https://urldefense.com/v3/__http://glib-2.0_2.72.3.bb__;!!AjveYdw8EvQ!eYLVLZ08i44b_x9_dIbN2TSPyxAcGhsmfzSKGDqz016oV_Ho6qPIx5-JFpq4dQFyePJxNDxvfYRzGfProOLpzc_lPpFuHiw$> > index dd1ea508d2..bbaacc64a4 100644 > --- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb <https://urldefense.com/v3/__http://glib-2.0_2.72.3.bb__;!!AjveYdw8EvQ!eYLVLZ08i44b_x9_dIbN2TSPyxAcGhsmfzSKGDqz016oV_Ho6qPIx5-JFpq4dQFyePJxNDxvfYRzGfProOLpzc_lPpFuHiw$> > +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb <https://urldefense.com/v3/__http://glib-2.0_2.72.3.bb__;!!AjveYdw8EvQ!eYLVLZ08i44b_x9_dIbN2TSPyxAcGhsmfzSKGDqz016oV_Ho6qPIx5-JFpq4dQFyePJxNDxvfYRzGfProOLpzc_lPpFuHiw$> > @@ -16,6 +16,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ > file://0001-Do-not-write-bindir-into-pkg-config-files.patch \ > file://0001-meson-Run-atomics-test-on-clang-as-well.patch \ > file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \ > + file://0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch \ > " > SRC_URI:append:class-native = " file://relocate-modules.patch" > > -- > 2.34.1 > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#171678): > https://lists.openembedded.org/g/openembedded-core/message/171678 > Mute This Topic: https://lists.openembedded.org/mt/94012543/1997914 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch b/meta/recipes-core/glib-2.0/glib-2.0/0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch new file mode 100644 index 0000000000..213ee7b11f --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch @@ -0,0 +1,46 @@ +From 0fb283b3b1e3b4958b985804cbc40b7bff8b0e65 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Fri, 30 Sep 2022 08:29:41 +0000 +Subject: [PATCH] fix close_range fails unexpectedly in unprivileged process + +After change [1], start a unprivileged container (docker run without --privileged), +close file may fail. + +This is actually an docker issue, see [2]. But this issue will +block yocto build in docker with glibc2.35+. so add this local patch. + +[1] https://gitlab.gnome.org/GNOME/glib/-/commit/ce04a124040be091407e070280d86ca810bacb8c +[2] https://github.com/moby/moby/issues/43595 + +Upstream-Status: Inappropriate [Rejected by upstream] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + glib/gspawn.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/glib/gspawn.c b/glib/gspawn.c +index 0a2cbe5..83553a1 100644 +--- a/glib/gspawn.c ++++ b/glib/gspawn.c +@@ -1544,7 +1544,7 @@ safe_fdwalk_set_cloexec (int lowfd) + * fall back to safe_fdwalk(). Handle EINVAL in case `CLOSE_RANGE_CLOEXEC` + * is not supported. */ + int ret = close_range (lowfd, G_MAXUINT, CLOSE_RANGE_CLOEXEC); +- if (ret == 0 || !(errno == ENOSYS || errno == EINVAL)) ++ if (ret == 0 || !(errno == ENOSYS || errno == EINVAL || errno == EPERM)) + return ret; + #endif /* HAVE_CLOSE_RANGE */ + return safe_fdwalk (set_cloexec, GINT_TO_POINTER (lowfd)); +@@ -1597,7 +1597,7 @@ safe_closefrom (int lowfd) + * Handle ENOSYS in case it’s supported in libc but not the kernel; if so, + * fall back to safe_fdwalk(). */ + int ret = close_range (lowfd, G_MAXUINT, 0); +- if (ret == 0 || errno != ENOSYS) ++ if (ret == 0 || !(errno == ENOSYS || errno == EPERM)) + return ret; + #endif /* HAVE_CLOSE_RANGE */ + return safe_fdwalk (close_func, GINT_TO_POINTER (lowfd)); +-- +2.34.1 + diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb index dd1ea508d2..bbaacc64a4 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb @@ -16,6 +16,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://0001-Do-not-write-bindir-into-pkg-config-files.patch \ file://0001-meson-Run-atomics-test-on-clang-as-well.patch \ file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \ + file://0001-fix-close_range-fails-unexpectedly-in-unprivileged-p.patch \ " SRC_URI:append:class-native = " file://relocate-modules.patch"