1 |
Ühel kenal päeval, N, 13.04.2017 kell 16:01, kirjutas Mike Gilbert: |
2 |
> On Thu, Apr 13, 2017 at 3:29 PM, Paweł Hajdan, Jr. |
3 |
> <phajdan.jr@g.o> wrote: |
4 |
> > The latest dev channel release of chromium (59.0.3053.3) will |
5 |
> > require |
6 |
> > > =sys-apps/sandbox-2.11 to build. |
7 |
> > |
8 |
> > I'm sending this announcement because this version of sandbox is |
9 |
> > currently hard masked. So is the chromium version, but with its |
10 |
> > fast |
11 |
> > release cycle we can expect it hitting ~arch in few weeks, and |
12 |
> > stable in |
13 |
> > the next few weeks. I'd like to make sure we'd be able to push |
14 |
> > sandbox |
15 |
> > to stable at the same pace, or find some alternative solution. |
16 |
> > |
17 |
> > For curious folks, new sandbox fixes a hang which occurs with |
18 |
> > tcmalloc. |
19 |
> > See https://crbug.com/586444 . The new chromium adds a code |
20 |
> > generator |
21 |
> > needed for build (inside the network stack). I didn't find an easy |
22 |
> > way |
23 |
> > to disable tcmalloc just for that code generator, and after finding |
24 |
> > above bug new sandbox seemed like the best choice. |
25 |
> > |
26 |
> > See |
27 |
> > <https://gitweb.gentoo.org/repo/gentoo.git/commit/www-client/chromi |
28 |
> > um?id=f2345c0af633116a69051239ab10d858d5aea69a> |
29 |
> > for the commit which introduced this, and feel free to share your |
30 |
> > suggestions. |
31 |
> |
32 |
> The sandbox blocker could be moved behind a use-conditional: |
33 |
> |
34 |
> tcmalloc? ( !<sys-apps/sandbox-2.11 ) |
35 |
> |
36 |
> If vapier or the QA team don't drop the sandbox mask, we can |
37 |
> package.mask the tcmalloc USE flag as an interim workaround. |
38 |
|
39 |
Yeah, I would say unmasking is not possible until |
40 |
https://bugs.gentoo.org/show_bug.cgi?id=615906 is solved. |
41 |
Due to that bug, unmasking would mean firefox/thunderbird/etc can't be |
42 |
upgraded anymore, while chromium could be with optional tcmalloc |
43 |
support that could be disabled. |
44 |
Interestingly the XUL sandbox failure is triggered by it hitting ptrace |
45 |
paths now due to custom allocator, while you apparently need new |
46 |
sandbox due to a custom allocator choice apparently... |
47 |
|
48 |
Mart |