From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/10970
Path: news.gmane.org!.POSTED!not-for-mail
From: Alba Pompeo <albapompeo@gmail.com>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: getrlimit failed (chromium on musl)
Date: Thu, 26 Jan 2017 22:41:11 -0200
Message-ID: <CAJDAfTBFuLuqxcRxsrFzme1eObnJmJshyLmkfBVpepmiwfj8ow@mail.gmail.com>
References: <CAJDAfTAYExERgqWe4wJCj8Af1M68B5_Wxkdwj9WwMnVEsBGZ6A@mail.gmail.com>
 <ce979f3d-671e-a575-2143-e4b1f75048d6@sholland.org> <CAJDAfTCfByePfcLnTH5ZoxqyL8EP4Ajed3aghs2RWv2+C92qFg@mail.gmail.com>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Trace: blaine.gmane.org 1485477700 31983 195.159.176.226 (27 Jan 2017 00:41:40 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Fri, 27 Jan 2017 00:41:40 +0000 (UTC)
To: musl@lists.openwall.com
Original-X-From: musl-return-10985-gllmg-musl=m.gmane.org@lists.openwall.com Fri Jan 27 01:41:36 2017
Return-path: <musl-return-10985-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@m.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by blaine.gmane.org with smtp (Exim 4.84_2)
	(envelope-from <musl-return-10985-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1cWubS-0006oC-0g
	for gllmg-musl@m.gmane.org; Fri, 27 Jan 2017 01:41:22 +0100
Original-Received: (qmail 9681 invoked by uid 550); 27 Jan 2017 00:41:24 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Original-Received: (qmail 9654 invoked from network); 27 Jan 2017 00:41:23 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
        bh=0QjxyLOTzz2tgY8cm8AmXIOGkd5m31vFsBUYd8hlvb8=;
        b=nWT19dZOO8+hX6D/vmidtaLgvZ/ixQDzLbBS3qCrSFcUXF3Vh64jktB4CVYLy837RD
         VCOa6F6V0DVif3GwRgNGSKQtkrQdYrur5VlDOjWUtkKueuNJqD8pgxKQHewF8Q8/SrfZ
         9cvQwphqpnZkVuArPD3WAkDeP9dRkGJ18Dj74fWMfSyVzNlo/SiAqcoUR3SOXj0dHS9X
         Sguf1ubGHR1FCZ+alZmZCTJofWmW5SMEhDKmDCcwfbHME7AAbMzWqMxBQOQD7bSelg3I
         gvVPuHg88XqJYn7V+wOTvlvXtlk3/rw8JSzM/+1ItBHD8CpVN7pwA0wg7h1D+wmwd6zL
         HmAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to;
        bh=0QjxyLOTzz2tgY8cm8AmXIOGkd5m31vFsBUYd8hlvb8=;
        b=MJBM/aBaNoun+Rx1u+HQ+w1HzjxDaOWF3lc/S+Ql2+lGXc6vU+OZAHnS5Q52XtvZ89
         6ppSpsh8ttLwAkT2v5RHEZF69wlo78I2LZ+kZTd2RfDF45JvmBKwzwvS/KBMaCSsZK0O
         sv0hFSykllJpHHKMo6KfqYmyaUIW6CxNgvYa+Zt8cHfrb6xum/aPCFIQ0OUPHoMApYS8
         3mk+eZ8eamdS/ij3yScN+RFpFmDf/tbbkAK2+yDOLaFK7wpOpzI40FNo8rVeFHUV+htP
         4vok2nBgqY8CFb+3JaeunXGAm8Vs+LbMW7qqb4txP7JQMzoUPZQwq09rvbfU1w0nA0d8
         B1RQ==
X-Gm-Message-State: AIkVDXJwPJDZOF9Rw1BbSif5xn9PcQnB+TTILRliIzu8UROsF1SSq2ZYPmIzskyzlXsDLdpngLBqd4pWJLwH8Q==
X-Received: by 10.176.3.35 with SMTP id 32mr2661121uat.163.1485477671496; Thu,
 26 Jan 2017 16:41:11 -0800 (PST)
In-Reply-To: <CAJDAfTCfByePfcLnTH5ZoxqyL8EP4Ajed3aghs2RWv2+C92qFg@mail.gmail.com>
Xref: news.gmane.org gmane.linux.lib.musl.general:10970
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/10970>

The patch worked.
Many thanks Samuel.
I hope they fix it upstream too for the future.
Sadly Chromium still needs some patches to compile and work on musl.



On Wed, Jan 18, 2017 at 2:13 PM, Alba Pompeo <albapompeo@gmail.com> wrote:
> Ran strace -f.
>
> [pid 13354] prlimit64(0, RLIMIT_NOFILE, NULL, {rlim_cur=1024,
> rlim_max=4*1024}) = 0
> [pid 13350] clone(child_stack=NULL, flags=CLONE_NEWUSER|SIGCHLD) = -1
> EPERM (Operation not permitted)
> [pid 13354] clone(child_stack=NULL,
> flags=CLONE_NEWPID|CLONE_NEWNET|SIGCHLD) = -1 EPERM (Operation not
> permitted)
> [pid 13354] writev(2, [{iov_base=" but failed: errno = Operation
> n"..., iov_len=45}, {iov_base=NULL, iov_len=0}], 2 but failed: errno =
> Operation not permitted
>
> So the patch from Samuel should be a real solution.
>
> Thanks.
>
>
>
> On Wed, Jan 18, 2017 at 1:51 PM, Samuel Holland <samuel@sholland.org> wrote:
>> On 01/18/17 08:08, Alba Pompeo wrote:
>>>
>>> Hi.
>>>
>>> Running chromium on a musl system spams this message.
>>>
>>> getrlimit(RLIMIT_NOFILE) failed
>>>
>>> Any idea how to figure out what's wrong?
>>
>>
>> The problem is that the sandbox blocks prlimit64 with EPERM, but musl
>> only falls back to getrlimit on ENOSYS. The diff below will fix the
>> error. From the linked bug, the only reason it is blocked in the first
>> place is ChromeOS, and this change should be fine even there.
>>
>> ---
>> chromium-55.0.2883.75/content/common/sandbox_linux/bpf_renderer_policy_linux.cc.orig
>> +++
>> chromium-55.0.2883.75/content/common/sandbox_linux/bpf_renderer_policy_linux.cc
>> @@ -88,7 +88,7 @@ ResultExpr RendererProcessPolicy::EvaluateSyscall(int
>> sysno) const {
>>      case __NR_sched_setscheduler:
>>        return sandbox::RestrictSchedTarget(GetPolicyPid(), sysno);
>>      case __NR_prlimit64:
>> -      return Error(EPERM);  // See crbug.com/160157.
>> +      return Error(ENOSYS);  // See crbug.com/160157.
>>      default:
>>        // Default on the content baseline policy.
>>        return SandboxBPFBasePolicy::EvaluateSyscall(sysno);
>>
>>> Thanks.
>>
>>
>> Regards,
>> Samuel
>>