search

MoarVM / MoarVM

A VM with adaptive optimization and JIT compilation, built for Rakudo
https://moarvm.org/
Other
703 stars 172 forks source link

MoarVM 2020.12 build on official Docker image for alpine:edge and fedora:rawhide is blocked by the kernel seccomp #1424

Open nxadm opened 3 years ago

nxadm commented 3 years ago

See comment https://github.com/MoarVM/MoarVM/issues/1424#issuecomment-772886837.

Hi,

Alpine edge is the development branch of Alpine Linux and it will become the next stable branch. MoarVM can not be built, while with identical sources and OS packages it works fine on other supported Alpine releases. The error when running make is this:

Configuration SUCCESS.

Type 'make' to build and 'make help' to see a list of
available make targets.
+ make
make: echo: Operation not permitted
make: *** [Makefile:683: src/main.o] Error 127
Error: Process completed with exit code 2.

Full OS setup and error here: https://github.com/nxadm/rakudo-pkg/runs/1795106357?check_suite_focus=true

The weirdness of the error would suggest a bug in binutils except that Alpine edge and 3.13 have the same version.

To reproduce locally (on Linux) with a container (you can replace podman with docker, podman does not need root privileges):

podman run -ti alpine:edge

In the container:

apk update
apk upgrade
apk add bash build-base gzip perl perl-utils tar zstd-dev
export INSTALL_ROOT=/opt/rakudo-pkg CONFIG_SHELL=/bin/bash MOARVM_VERSION=2020.12
curl -sSL -o moarvm.tar.gz https://github.com/MoarVM/MoarVM/releases/download/$MOARVM_VERSION/MoarVM-${MOARVM_VERSION}.tar.gz
mkdir moarvm && tar xzf moarvm.tar.gz -C moarvm --strip-components=1
cd moarvm
perl ./Configure.pl --prefix=$INSTALL_ROOT --relocatable
make

Related to #1425 .

nxadm commented 3 years ago

Weirder: running the same container version with a "debug" configure builds fine (same on #1425):

perl ./Configure.pl --prefix=$INSTALL_ROOT --relocatable  --debug --optimize=0
salortiz commented 3 years ago

With podman in F33 the recipe fails with:

…
/ # curl -sSL -o moarvm.tar.gz https://github.com/MoarVM/MoarVM/releases/download/$MOARVM_VERSION/MoarVM-${MOARVM_VERSION}.tar.gz
/bin/sh: curl: not found

The build succeeds adding apk add curl git

nxadm commented 3 years ago

I moved the rakudo-pkg refactoring setup to git because this way I can track head and its submodules. I was indeed looking in that direction :)

nxadm commented 3 years ago

git is needed for the submodules not in the tar, so I adapted it like this:

apk update
apk upgrade
apk add bash build-base git gzip perl perl-utils tar zstd-dev
export INSTALL_ROOT=/opt/rakudo-pkg CONFIG_SHELL=/bin/bash MOARVM_VERSION=2020.12
git clone --recurse-submodules https://github.com/moarvm/moarvm.git
cd moarvm 
git checkout $MOARVM_VERSION
perl ./Configure.pl --prefix=$INSTALL_ROOT --relocatable
make

Same result.

salortiz commented 3 years ago

@nxadm,

Same result.

Success or failure?

With your new recipe my build succeeds.

nxadm commented 3 years ago

It still fails, but I am trying to figure out why my "debug" build pass. If it works at your end it may be something in the github action.

nxadm commented 3 years ago

Ok, found it. It looks that the build process of MoarVM (the make phase) is stopped by the kernel's seccomp on containers running alpine:edge and fedora:rawhide (while weird enough containers running previous versions aren't).

Running the container with "--security-opt seccomp=unconfined" is a workaround for the issue.

MasterDuke17 commented 3 years ago

I did an strace of make -j12 and the only syscall that's on the blocked list linked above is clone (called 370 times (same with make -j1)).

QGB commented 1 year ago

make: echo: Operation not permitted