[krita] [Bug 459490] SELinux is preventing /app/bin/krita from execmod access on the file /memfd:JITCode:/app/lib/libQt5Qml.so.5
https://bugs.kde.org/show_bug.cgi?id=459490 amyspark changed: What|Removed |Added Latest Commit|https://invent.kde.org/grap |https://invent.kde.org/grap |hics/krita/commit/6f95172f6 |hics/krita/commit/0ae8ecb44 |146c696d60a0af94b00d817e4c6 |487a3aaa27a7dea30eb67fe65e0 |9117|76af --- Comment #17 from amyspark --- Git commit 0ae8ecb44487a3aaa27a7dea30eb67fe65e076af by L. E. Segovia. Committed on 23/09/2022 at 13:16. Pushed by lsegovia into branch 'krita/5.1'. 3rdparty: don't let Qt enable JIT under hardened SELinux policies Although the official bug report [1] said it was fixed in 5.11, in reality it was only fixed in 6.1 (with a 5.15 backport) [2]. [1]: https://bugreports.qt.io/browse/QTBUG-58508 [2]: https://codereview.qt-project.org/c/qt/qtdeclarative/+/329522 (cherry picked from commit fca57a28c902218fb5b950d655bc0c473e0b2bce) (cherry picked from commit 6f95172f6146c696d60a0af94b00d817e4c69117) A +1045 -0 3rdparty/ext_qt/0134-V4-Generate-function-tables-on-64bit-windows.patch A +46 -03rdparty/ext_qt/0135-Use-lowercase-name-for-window-header.patch A +203 -0 3rdparty/ext_qt/0136-JIT-When-making-memory-writable-include-the-exceptio.patch A +480 -0 3rdparty/ext_qt/0137-masm-Add-error-handling-for-failed-mprotect.patch A +39 -0 3rdparty/ext_qt/0138-Fix-Clang-10-warning-about-converting-ULLONG_MAX-to-.patch A +128 -03rdparty/ext_qt/0139-Fix-Wdeprecated-copy-warnings.patch M +6-03rdparty/ext_qt/CMakeLists.txt https://invent.kde.org/graphics/krita/commit/0ae8ecb44487a3aaa27a7dea30eb67fe65e076af -- You are receiving this mail because: You are watching all bug changes.
[krita] [Bug 459490] SELinux is preventing /app/bin/krita from execmod access on the file /memfd:JITCode:/app/lib/libQt5Qml.so.5
https://bugs.kde.org/show_bug.cgi?id=459490 amyspark changed: What|Removed |Added Resolution|--- |FIXED Latest Commit||https://invent.kde.org/grap ||hics/krita/commit/6f95172f6 ||146c696d60a0af94b00d817e4c6 ||9117 Status|ASSIGNED|RESOLVED --- Comment #16 from amyspark --- Git commit 6f95172f6146c696d60a0af94b00d817e4c69117 by L. E. Segovia. Committed on 23/09/2022 at 13:14. Pushed by lsegovia into branch 'master'. 3rdparty: don't let Qt enable JIT under hardened SELinux policies Although the official bug report [1] said it was fixed in 5.11, in reality it was only fixed in 6.1 (with a 5.15 backport) [2]. [1]: https://bugreports.qt.io/browse/QTBUG-58508 [2]: https://codereview.qt-project.org/c/qt/qtdeclarative/+/329522 (cherry picked from commit fca57a28c902218fb5b950d655bc0c473e0b2bce) A +1045 -0 3rdparty/ext_qt/0134-V4-Generate-function-tables-on-64bit-windows.patch A +46 -03rdparty/ext_qt/0135-Use-lowercase-name-for-window-header.patch A +203 -0 3rdparty/ext_qt/0136-JIT-When-making-memory-writable-include-the-exceptio.patch A +480 -0 3rdparty/ext_qt/0137-masm-Add-error-handling-for-failed-mprotect.patch A +39 -0 3rdparty/ext_qt/0138-Fix-Clang-10-warning-about-converting-ULLONG_MAX-to-.patch A +128 -03rdparty/ext_qt/0139-Fix-Wdeprecated-copy-warnings.patch M +6-03rdparty/ext_qt/CMakeLists.txt https://invent.kde.org/graphics/krita/commit/6f95172f6146c696d60a0af94b00d817e4c69117 -- You are receiving this mail because: You are watching all bug changes.
[krita] [Bug 459490] SELinux is preventing /app/bin/krita from execmod access on the file /memfd:JITCode:/app/lib/libQt5Qml.so.5
https://bugs.kde.org/show_bug.cgi?id=459490 --- Comment #15 from amyspark --- (In reply to Long Vu from comment #14) > I attempted a build with the patches from the MR, getting this error > currently. > > jsruntime/qv4function.cpp:49:10: fatal error: private/qv4functiontable_p.h: > No such file or directory >49 | #include > | ^~ > compilation terminated. > make[2]: *** [Makefile:7: .obj/qv4function.o] Error 1 > make[2]: *** Waiting for unfinished jobs > make[2]: Leaving directory '/run/build/qtdeclarative/src/qml' > make[1]: *** [Makefile:56: sub-qml-make_first-ordered] Error 2 > make[1]: Leaving directory '/run/build/qtdeclarative/src' > make: *** [Makefile:50: sub-src-make_first] Error 2 > FB: host_command_exited_cb 656805 512 I updated the patches, didn't know Qt shipped pregenerated headers too. Please try again and let me know how it goes? -- You are receiving this mail because: You are watching all bug changes.
[krita] [Bug 459490] SELinux is preventing /app/bin/krita from execmod access on the file /memfd:JITCode:/app/lib/libQt5Qml.so.5
https://bugs.kde.org/show_bug.cgi?id=459490 --- Comment #14 from Long Vu --- I attempted a build with the patches from the MR, getting this error currently. jsruntime/qv4function.cpp:49:10: fatal error: private/qv4functiontable_p.h: No such file or directory 49 | #include | ^~ compilation terminated. make[2]: *** [Makefile:7: .obj/qv4function.o] Error 1 make[2]: *** Waiting for unfinished jobs make[2]: Leaving directory '/run/build/qtdeclarative/src/qml' make[1]: *** [Makefile:56: sub-qml-make_first-ordered] Error 2 make[1]: Leaving directory '/run/build/qtdeclarative/src' make: *** [Makefile:50: sub-src-make_first] Error 2 FB: host_command_exited_cb 656805 512 -- You are receiving this mail because: You are watching all bug changes.
[krita] [Bug 459490] SELinux is preventing /app/bin/krita from execmod access on the file /memfd:JITCode:/app/lib/libQt5Qml.so.5
https://bugs.kde.org/show_bug.cgi?id=459490 --- Comment #13 from Timothée Ravier --- I'm the one that asked for it to be reported here as Krita is not using the same version of Qt as everyone else so we can not just update it without your input. Thanks for the investigation. -- You are receiving this mail because: You are watching all bug changes.
[krita] [Bug 459490] SELinux is preventing /app/bin/krita from execmod access on the file /memfd:JITCode:/app/lib/libQt5Qml.so.5
https://bugs.kde.org/show_bug.cgi?id=459490 --- Comment #12 from Halla Rempt --- Okay, so someone needs to build and test this; I don't think any Krita developer that uses Linux uses selinux. -- You are receiving this mail because: You are watching all bug changes.
[krita] [Bug 459490] SELinux is preventing /app/bin/krita from execmod access on the file /memfd:JITCode:/app/lib/libQt5Qml.so.5
https://bugs.kde.org/show_bug.cgi?id=459490 --- Comment #11 from Bug Janitor Service --- A possibly relevant merge request was started @ https://invent.kde.org/graphics/krita/-/merge_requests/1592 -- You are receiving this mail because: You are watching all bug changes.
[krita] [Bug 459490] SELinux is preventing /app/bin/krita from execmod access on the file /memfd:JITCode:/app/lib/libQt5Qml.so.5
https://bugs.kde.org/show_bug.cgi?id=459490 amyspark changed: What|Removed |Added Ever confirmed|0 |1 Assignee|krita-bugs-n...@kde.org |a...@amyspark.me Status|NEEDSINFO |ASSIGNED Resolution|WAITINGFORINFO |--- --- Comment #10 from amyspark --- I've got the branch ready, will try to build it tomorrow. Sending the draft MR just in case. -- You are receiving this mail because: You are watching all bug changes.
[krita] [Bug 459490] SELinux is preventing /app/bin/krita from execmod access on the file /memfd:JITCode:/app/lib/libQt5Qml.so.5
https://bugs.kde.org/show_bug.cgi?id=459490 --- Comment #9 from amyspark --- There's no 5.15 AppImage as it's a Qt version we don't support it officially. But I think I found the reason for this issue, Qt truly fixed their JIT much later: https://codereview.qt-project.org/c/qt/qtdeclarative/+/329522 Unfortunately it's a mix of three different Qt branches, which makes it a royal mess to cherry-pick safely. -- You are receiving this mail because: You are watching all bug changes.
[krita] [Bug 459490] SELinux is preventing /app/bin/krita from execmod access on the file /memfd:JITCode:/app/lib/libQt5Qml.so.5
https://bugs.kde.org/show_bug.cgi?id=459490 --- Comment #8 from Long Vu --- (In reply to amyspark from comment #6) > Does AlmaLinux also have SELinux enabled by default? Yes, I spun up AlmaLinux 9 on a VM and can repo the issue mentioned there using the AppImage. I can also verify SELinux is enabled out of the box. I'm not sure if the policy shipped by AlmaLinux and CentOS differ from the Fedora ones as Fedora works fine. SELinux status: enabled SELinuxfs mount:/sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33 > Hm, a better question is: if you run Krita under SELinux with Qt 5.15, does > it show the issue? Is there a AppImage of Krita using Qt 5.15 for testing? The distro repos don't seem to include Krita. -- You are receiving this mail because: You are watching all bug changes.
[krita] [Bug 459490] SELinux is preventing /app/bin/krita from execmod access on the file /memfd:JITCode:/app/lib/libQt5Qml.so.5
https://bugs.kde.org/show_bug.cgi?id=459490 --- Comment #7 from amyspark --- Hm, a better question is: if you run Krita under SELinux with Qt 5.15, does it show the issue? -- You are receiving this mail because: You are watching all bug changes.
[krita] [Bug 459490] SELinux is preventing /app/bin/krita from execmod access on the file /memfd:JITCode:/app/lib/libQt5Qml.so.5
https://bugs.kde.org/show_bug.cgi?id=459490 --- Comment #6 from amyspark --- Does AlmaLinux also have SELinux enabled by default? -- You are receiving this mail because: You are watching all bug changes.
[krita] [Bug 459490] SELinux is preventing /app/bin/krita from execmod access on the file /memfd:JITCode:/app/lib/libQt5Qml.so.5
https://bugs.kde.org/show_bug.cgi?id=459490 Long Vu changed: What|Removed |Added CC||h...@vulongm.com --- Comment #5 from Long Vu --- One of the commenters mentioned on the issue it also occurred for them using the AppImage on AlmaLinux 9 https://github.com/flathub/org.kde.krita/issues/66#issuecomment-1252893268 -- You are receiving this mail because: You are watching all bug changes.
[krita] [Bug 459490] SELinux is preventing /app/bin/krita from execmod access on the file /memfd:JITCode:/app/lib/libQt5Qml.so.5
https://bugs.kde.org/show_bug.cgi?id=459490 --- Comment #4 from Halla Rempt --- Yeah, I'm not sure either... Upstream (if it's an issue in Qt) or downstream (if it's an issue in flatpak, but the flatpak people told Timothée to report here). But I don't see what _we_ can do about this... -- You are receiving this mail because: You are watching all bug changes.
[krita] [Bug 459490] SELinux is preventing /app/bin/krita from execmod access on the file /memfd:JITCode:/app/lib/libQt5Qml.so.5
https://bugs.kde.org/show_bug.cgi?id=459490 amyspark changed: What|Removed |Added CC||a...@amyspark.me --- Comment #3 from amyspark --- As shown in the official Qt bug report (https://bugreports.qt.io/browse/QTBUG-58508), this should have been fixed in the Qt side in 5.11. We're definitely not doing anything except use Qt QML ourselves. I don't know if this should be marked as RESOLVED UPSTREAM, since the Flathub package clearly isn't of our own authorship. Halla? -- You are receiving this mail because: You are watching all bug changes.
[krita] [Bug 459490] SELinux is preventing /app/bin/krita from execmod access on the file /memfd:JITCode:/app/lib/libQt5Qml.so.5
https://bugs.kde.org/show_bug.cgi?id=459490 Halla Rempt changed: What|Removed |Added Resolution|--- |WAITINGFORINFO CC||ha...@valdyas.org Status|REPORTED|NEEDSINFO --- Comment #2 from Halla Rempt --- Honestly, I have no idea what all of this means... The flathub reports says this should be reported to us, but what are we supposed to do? -- You are receiving this mail because: You are watching all bug changes.
[krita] [Bug 459490] SELinux is preventing /app/bin/krita from execmod access on the file /memfd:JITCode:/app/lib/libQt5Qml.so.5
https://bugs.kde.org/show_bug.cgi?id=459490 --- Comment #1 from Timothée Ravier --- Might be related to https://bugzilla.redhat.com/show_bug.cgi?id=1686675. Might be related to the fact that Krita in Flathub uses an old Qt version. -- You are receiving this mail because: You are watching all bug changes.