search

mozilla / sccache

Sccache is a ccache-like tool. It is used as a compiler wrapper and avoids compilation when possible. Sccache has the capability to utilize caching in remote storage environments, including various cloud storage options, or alternatively, in local storage.
Apache License 2.0
5.74k stars 542 forks source link

bwrap: Can\'t chdir to /Users/tomtung/Work/mozilla-central/objdir/dom/bindings: Permission denied #535

Open cr opened 4 years ago

cr commented 4 years ago

After seemingly being able to work around #531 and #534, another bubblewrap error remains on the server side, breaking client builds:

TRACE 2019-10-09T16:20:25Z: sccache_dist::build: creating output directories
TRACE 2019-10-09T16:20:25Z: sccache_dist::build: performing compile
TRACE 2019-10-09T16:20:25Z: sccache_dist::build: compile_output: Output { status: ExitStatus(ExitStatus(256)), stdout: "", stderr: "bwrap: Can\'t chdir to /Users/tomtung/Work/mozilla-central/objdir/dom/bindings: Permission denied\n" }
TRACE 2019-10-09T16:20:25Z: sccache_dist::build: retrieving ["/Users/tomtung/Work/mozilla-central/objdir/dom/bindings/UnifiedBindings3.o"]
DEBUG 2019-10-09T16:20:25Z: sccache_dist::build: Missing output path "/Users/tomtung/Work/mozilla-central/objdir/dom/bindings/UnifiedBindings3.o"
DEBUG 2019-10-09T16:20:25Z: sccache_dist::build: Finishing with overlay
DEBUG 2019-10-09T16:20:25Z: sccache_dist::build: Returning result
TRACE 2019-10-09T16:20:25Z: sccache::dist::http::server: Res 545: Response { status_code: 200, headers: [("Content-Type", "application/octet-stream")] }
cr commented 4 years ago

Is there a test case to check whether bubblewrap is working correctly?

cr commented 4 years ago

By the way:

# bwrap --version
bubblewrap 0.3.3
cr commented 4 years ago

And FWIW, the bubblewrap test suite bails out with an error I fail to make sense of:

# sh test-run.sh                                                                                     
1..46                                                                                                                      
ok - Help works                                                                                                            
ok # SKIP no FUSE support                                                                                                  
ok - can mount /proc with               
ok - can unshare network, create new /dev with 
expect EPERM: ok - cannot read /etc/shadow with 
ok # SKIP not sure what unreadable file to use
ok - can bind a destination over a symlink
ok # SKIP no FUSE support
ok - can mount /proc with --unshare-user-try
ok - can unshare network, create new /dev with --unshare-user-try
expect EPERM: ok - cannot read /etc/shadow with --unshare-user-try
ok # SKIP not sure what unreadable file to use
ok - can bind a destination over a symlink
ok # SKIP no FUSE support
ok - can mount /proc with --unshare-pid
ok - can unshare network, create new /dev with --unshare-pid
expect EPERM: ok - cannot read /etc/shadow with --unshare-pid 
ok # SKIP not sure what unreadable file to use
ok - can bind a destination over a symlink
ok # SKIP no FUSE support
ok - can mount /proc with --unshare-user-try --unshare-pid
ok - can unshare network, create new /dev with --unshare-user-try --unshare-pid
expect EPERM: ok - cannot read /etc/shadow with --unshare-user-try --unshare-pid
ok # SKIP not sure what unreadable file to use
ok - can bind a destination over a symlink
ok - all expected devices were created
ok - can run as pid 1
ok info and json-status fd
--------w- 1 root root 26 Oct  9 16:34 info.json
# {
#     "child-pid": 7417
# }
File 'info.json' doesn't match regexp '4026533070'

What weird file mode does that info.json have? Is there something wrong with bubblewrap's umask? The shell we run things from has umask 0775.

chmanchester commented 4 years ago

I've tried to reproduce this (by building bubblewrap from source and running the test suite), but I get a different error.

@cr, can you confirm the distro you're using? Thanks!

cr commented 4 years ago

Arch Linux with AUR and latest updates. They're relatively strict with all things permissions.

What's the preferred user setup for sccache, btw? We have everything installed in /home/sccache, all the setup was run by user sccache. build and toolchains folder are in /home/sccache as well, all set g+s. sccache itself runs as root with umask 775.

cr commented 4 years ago

Tested everything in a pure root environment under /root. Same behavior all around.

cr commented 4 years ago

I've tried to reproduce this (by building bubblewrap from source and running the test suite), but I get a different error.

I was running bwrap's test suite (just the two shell scripts) against the system's packaged bwrap.