Thanks, Aurelien! I was going to bring up an arm64 experimental
environment to test this but you beat me to it.
How do we proceed from here? I am also the upstream maintainer, so I was
planning to solve the issue there, cut a new release, then package this
for Debian, closing the bug. I’ll go ahead with this (upstreaming
Aurelien’s patch) if no one tells me otherwise. I’m also happy for
Debian to carry this patch downstream until my next release makes it
through the pipeline.
On 2/26/26 13:32, Aurelien Jarno wrote:
control: tag -1 + patch
Hi,
On 2026-02-24 16:03, Emanuele Rocca wrote:
Source: rumur
Version: 2025.08.31-1
Severity: important
Tags: ftbfs upstream
Justification: fails to build from source
User: [email protected]
Usertags: glibc-2.43
Hi,
rumur fails to build from source on arm64 when using glibc 2.43,
currently in experimental.
The issue is triggered by glibc 2.43 on arm64 enabling 2MB THP by
default:
https://sourceware.org/git/?p=glibc.git;a=commit;h=321e1fc73f53081d92ba357cdd48c56b79292020
Successful build with glibc 2.42, currently in sid:
https://people.debian.org/~ema/glibc-2.43-rebuilds/output-2/rumur_arm64.build
Logs of a failed build with glibc 2.43 are here:
https://people.debian.org/~ema/glibc-2.43-rebuilds/output-1/rumur_arm64.build
The following tests are failing:
test_rumur[False-False-basic-sandbox.m-non-debug]
test_rumur[False-False-basic-sandbox.m-debug]
test_rumur[False-False-basic-sandbox.m-XML]
test_rumur[False-True-basic-sandbox.m-non-debug]
test_rumur[False-True-basic-sandbox.m-debug]
test_rumur[False-True-basic-sandbox.m-XML]
test_rumur[True-False-basic-sandbox.m-non-debug]
test_rumur[True-False-basic-sandbox.m-debug]
test_rumur[True-False-basic-sandbox.m-XML]
test_rumur[True-True-basic-sandbox.m-non-debug]
test_rumur[True-True-basic-sandbox.m-debug]
test_rumur[True-True-basic-sandbox.m-XML]
test_strace_sandbox
The cause for the above failures is that the seccomp sandbox stops the
attempted open of /sys/kernel/mm/transparent_hugepage/enabled:
E AssertionError: model failed:
execve("/tmp/pytest-of-ema/pytest-15/test_strace_sandbox0/model.exe",
["/tmp/pytest-of-ema/pytest-15/tes"...], 0xffffe78abf90 /* 96 vars */) = 0
[...]
E openat(AT_FDCWD, "/sys/kernel/mm/transparent_hugepage/enabled",
O_RDONLY) = -1 ENETDOWN (Network is down)
E --- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP,
si_call_addr=0xe3ac16e98c60, si_syscall=__NR_openat,
si_arch=AUDIT_ARCH_AARCH64} ---
E +++ killed by SIGSYS (core dumped) +++
One possible solution would be updating the seccomp filter to allow the
action above, but perhaps more discussion with glibc upstream is needed
to see if there are alternatives to opening a file under /sys, which can
cause problems in other scenarios too.
Please find below a patch implementing that. I tested it fixes the
issue.
--- rumur-2025.08.31.orig/rumur/resources/header.c
+++ rumur-2025.08.31/rumur/resources/header.c
@@ -266,6 +266,11 @@ static void sandbox(void) {
BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, __NR_munmap, 0, 1),
BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
#endif
+#ifdef __NR_openat
+ /* malloc might use openat to check files in /sys/kernel/mm. */
+ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, __NR_openat, 0, 1),
+ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+#endif
/* If we're running multithreaded, enable syscalls used by pthreads. */
#ifdef __NR_clone
Regards
Aurelien
