From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 55AD01387FD for ; Wed, 2 Apr 2014 14:39:35 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 55687E0C3B; Wed, 2 Apr 2014 14:39:28 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 5E89DE0C1A for ; Wed, 2 Apr 2014 14:39:27 +0000 (UTC) Received: from [10.188.44.151] (85-76-160-238-nat.elisa-mobile.fi [85.76.160.238]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: ssuominen) by smtp.gentoo.org (Postfix) with ESMTPSA id 2DAF833FDCF for ; Wed, 2 Apr 2014 14:39:25 +0000 (UTC) Message-ID: <533C1FD0.5080301@gentoo.org> Date: Wed, 02 Apr 2014 17:33:52 +0300 From: Samuli Suominen User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Solving OpenCL /dev/dri/card* sandbox issues w/ ImageMagick References: <533BDFF5.502@gentoo.org> <3629249.GRyOgpvO8H@vapier> In-Reply-To: <3629249.GRyOgpvO8H@vapier> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: 1b279c73-830c-4702-9799-c7868c6fc9aa X-Archives-Hash: dd47f00747c29809a879c13cc93201a4 On 02/04/14 16:01, Mike Frysinger wrote: > On Wed 02 Apr 2014 13:01:25 Samuli Suominen wrote: >> Problem 1: >> >> https://bugs.gentoo.org/show_bug.cgi?id=472766#c21 >> >> I'm not sure if wildcards are supported by /etc/sandbox.d/ files > they are not. however, path matching is based on prefixes, so there's always > an implicit glob at the end. would be reasonable to change the code to use > fnmatch. > > e.g. SANDBOX_PREDICT=/dev/dri/card probably works I hope SANDBOX_PREDICT="/dev/dri/card" with "" is OK too? > > however, i think we're relying on sandbox preventing bad code from doing bad > things. there really should be a way for the build to disable the logic in > the first place from kicking in. > -mike You are right I believe this started after a major mesa version bump, so I'd start looking for the culprit in Mesa's OpenCL code, but I have no idea howto go futher with the debugging... yet Meanwhile, =media-gfx/imagemagick-6.8.8.10[opencl] now installs the sandbox.d file, workaround is better here than nothing since this is affecting multiple binaries, packages :/ - Samuli