Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add experimental sandbox during builds #1178

Merged
merged 6 commits into from
Jan 8, 2025
Merged

feat: add experimental sandbox during builds #1178

merged 6 commits into from
Jan 8, 2025

Conversation

wolfv
Copy link
Member

@wolfv wolfv commented Nov 11, 2024

This is an experiment on what usage of the new rattler sandbox could look like.

Works like a charm on macOS!

@wolfv wolfv mentioned this pull request Nov 12, 2024
Closed
@baszalmstra baszalmstra mentioned this pull request Dec 26, 2024
Closed
@mgorny
Copy link
Contributor

mgorny commented Jan 7, 2025

Not sure if I've done something wrong but it's crashing for me.

What I've done is: clone https://github.com/conda/rattler and your branch of rattler-build, cargo build and then run in triton-feedstock:

$ RUST_BACKTRACE=1 ~/git/conda/rattler-build/target/debug/rattler-build build --recipe recipe/ -m .ci_support/linux_64_cuda_compilercuda-nvcccuda_compiler_version12.6cxx_compiler_version13python3.12.____cpython.yaml --no-build-id --output-dir /var/tmp/conda-bld --sandbox

 ╭─ Finding outputs from recipe
 │ Found 1 variants
 │ Build variant: triton-3.1.0-cuda126py312h776fbae_4
 │ 
 │ ╭───────────────────────┬──────────────────╮
 │ │ Variant               ┆ Version          │
 │ ╞═══════════════════════╪══════════════════╡
 │ │ build_platform        ┆ linux-64         │
 │ │ c_stdlib              ┆ sysroot          │
 │ │ c_stdlib_version      ┆ 2.17             │
 │ │ channel_targets       ┆ conda-forge main │
 │ │ cuda_compiler         ┆ cuda-nvcc        │
 │ │ cuda_compiler_version ┆ 12.6             │
 │ │ cxx_compiler          ┆ gxx              │
 │ │ cxx_compiler_version  ┆ 13               │
 │ │ llvm                  ┆ 19               │
 │ │ llvmdev               ┆ 19               │
 │ │ mlir                  ┆ 19               │
 │ │ python                ┆ 3.12.* *_cpython │
 │ │ target_platform       ┆ linux-64         │
 │ │ zlib                  ┆ 1                │
 │ ╰───────────────────────┴──────────────────╯
 │
 ╰─────────────────── (took 0 seconds)

 ╭─ Running build for recipe: triton-3.1.0-cuda126py312h776fbae_4
 │
 │ ╭─ Fetching source code
 │ │ Validated SHA256 values of the downloaded file!
 │ │ Found valid source cache file.
 │ │ Using extracted directory from cache: /var/tmp/conda-bld/src_cache/5fe38ffd73c2ac6ed6323b554205186696631c6f_933babc3
 │ │ Copying source from url: /var/tmp/conda-bld/src_cache/5fe38ffd73c2ac6ed6323b554205186696631c6f_933babc3 to /var/tmp/conda-bld/bld/
 │ │ rattler-build_triton/work
 │ │
 │ ╰─────────────────── (took 0 seconds)
 │
 │ ╭─ Resolving environments
 │ │ 
 │ │ Resolving build environment:
 │ │   Platform: linux-64 [__unix=0=0, __linux=6.12.8=0, __glibc=2.40=0, __cuda=12.6=0, __archspec=1=zen2]
 │ │   Channels: 
 │ │    - file:///var/tmp/conda-bld/
 │ │    - conda-forge
 │ │   Specs:
 │ │    - gxx_linux-64 13.*
 │ │    - cuda-nvcc_linux-64 12.6.*
 │ │    - sysroot_linux-64 2.17.*
 │ │    - ninja
 │ │    - cmake
 │ │    - mlir 19.*
 │ │    - sed
 │ │ 
 │ │ ╭─────────────────────────────┬──────────────┬──────────────────┬─────────────┬────────────╮
 │ │ │ Package                     ┆ Version      ┆ Build            ┆ Channel     ┆ Size       │
 │ │ ╞═════════════════════════════╪══════════════╪══════════════════╪═════════════╪════════════╡
 │ │ │ _libgcc_mutex               ┆ 0.1          ┆ conda_forge      ┆ conda-forge ┆ 2.50 KiB   │
 │ │ │ _openmp_mutex               ┆ 4.5          ┆ 2_gnu            ┆ conda-forge ┆ 23.07 KiB  │
 │ │ │ binutils_impl_linux-64      ┆ 2.43         ┆ h4bf12b8_2       ┆ conda-forge ┆ 5.42 MiB   │
 │ │ │ binutils_linux-64           ┆ 2.43         ┆ h4852527_2       ┆ conda-forge ┆ 34.13 KiB  │
 │ │ │ bzip2                       ┆ 1.0.8        ┆ h4bc722e_7       ┆ conda-forge ┆ 246.86 KiB │
 │ │ │ c-ares                      ┆ 1.34.4       ┆ hb9d3cd8_0       ┆ conda-forge ┆ 201.25 KiB │
 │ │ │ ca-certificates             ┆ 2024.12.14   ┆ hbcca054_0       ┆ conda-forge ┆ 153.41 KiB │
 │ │ │ cmake                       ┆ 3.31.2       ┆ h74e3db0_1       ┆ conda-forge ┆ 19.47 MiB  │
 │ │ │ cuda-cccl_linux-64          ┆ 12.6.77      ┆ ha770c72_0       ┆ conda-forge ┆ 1.02 MiB   │
 │ │ │ cuda-crt-dev_linux-64       ┆ 12.6.85      ┆ ha770c72_0       ┆ conda-forge ┆ 86.66 KiB  │
 │ │ │ cuda-crt-tools              ┆ 12.6.85      ┆ ha770c72_0       ┆ conda-forge ┆ 26.50 KiB  │
 │ │ │ cuda-cudart                 ┆ 12.6.77      ┆ h5888daf_0       ┆ conda-forge ┆ 21.87 KiB  │
 │ │ │ cuda-cudart-dev             ┆ 12.6.77      ┆ h5888daf_0       ┆ conda-forge ┆ 22.29 KiB  │
 │ │ │ cuda-cudart-dev_linux-64    ┆ 12.6.77      ┆ h3f2d84a_0       ┆ conda-forge ┆ 356.81 KiB │
 │ │ │ cuda-cudart-static          ┆ 12.6.77      ┆ h5888daf_0       ┆ conda-forge ┆ 21.92 KiB  │
 │ │ │ cuda-cudart-static_linux-64 ┆ 12.6.77      ┆ h3f2d84a_0       ┆ conda-forge ┆ 744.46 KiB │
 │ │ │ cuda-cudart_linux-64        ┆ 12.6.77      ┆ h3f2d84a_0       ┆ conda-forge ┆ 184.20 KiB │
 │ │ │ cuda-driver-dev_linux-64    ┆ 12.6.77      ┆ h3f2d84a_0       ┆ conda-forge ┆ 34.91 KiB  │
 │ │ │ cuda-nvcc-dev_linux-64      ┆ 12.6.85      ┆ he91c749_0       ┆ conda-forge ┆ 10.83 MiB  │
 │ │ │ cuda-nvcc-impl              ┆ 12.6.85      ┆ h85509e4_0       ┆ conda-forge ┆ 24.89 KiB  │
 │ │ │ cuda-nvcc-tools             ┆ 12.6.85      ┆ he02047a_0       ┆ conda-forge ┆ 22.97 MiB  │
 │ │ │ cuda-nvcc_linux-64          ┆ 12.6.85      ┆ h04802cd_0       ┆ conda-forge ┆ 24.69 KiB  │
 │ │ │ cuda-nvvm-dev_linux-64      ┆ 12.6.85      ┆ ha770c72_0       ┆ conda-forge ┆ 24.62 KiB  │
 │ │ │ cuda-nvvm-impl              ┆ 12.6.85      ┆ he02047a_0       ┆ conda-forge ┆ 7.71 MiB   │
 │ │ │ cuda-nvvm-tools             ┆ 12.6.85      ┆ he02047a_0       ┆ conda-forge ┆ 10.38 MiB  │
 │ │ │ cuda-version                ┆ 12.6         ┆ h7480c83_3       ┆ conda-forge ┆ 20.45 KiB  │
 │ │ │ gcc_impl_linux-64           ┆ 13.3.0       ┆ hfea6d02_1       ┆ conda-forge ┆ 64.34 MiB  │
 │ │ │ gcc_linux-64                ┆ 13.3.0       ┆ hc28eda2_7       ┆ conda-forge ┆ 31.25 KiB  │
 │ │ │ gxx_impl_linux-64           ┆ 13.3.0       ┆ hdbfa832_1       ┆ conda-forge ┆ 12.72 MiB  │
 │ │ │ gxx_linux-64                ┆ 13.3.0       ┆ h6834431_7       ┆ conda-forge ┆ 29.64 KiB  │
 │ │ │ kernel-headers_linux-64     ┆ 3.10.0       ┆ he073ed8_18      ┆ conda-forge ┆ 921.37 KiB │
 │ │ │ keyutils                    ┆ 1.6.1        ┆ h166bdaf_0       ┆ conda-forge ┆ 115.07 KiB │
 │ │ │ krb5                        ┆ 1.21.3       ┆ h659f571_0       ┆ conda-forge ┆ 1.31 MiB   │
 │ │ │ ld_impl_linux-64            ┆ 2.43         ┆ h712a8e2_2       ┆ conda-forge ┆ 653.53 KiB │
 │ │ │ libcurl                     ┆ 8.11.1       ┆ h332b0f4_0       ┆ conda-forge ┆ 413.10 KiB │
 │ │ │ libedit                     ┆ 3.1.20240808 ┆ pl5321h7949ede_0 ┆ conda-forge ┆ 131.50 KiB │
 │ │ │ libev                       ┆ 4.33         ┆ hd590300_2       ┆ conda-forge ┆ 110.12 KiB │
 │ │ │ libexpat                    ┆ 2.6.4        ┆ h5888daf_0       ┆ conda-forge ┆ 71.59 KiB  │
 │ │ │ libgcc                      ┆ 14.2.0       ┆ h77fa898_1       ┆ conda-forge ┆ 828.85 KiB │
 │ │ │ libgcc-devel_linux-64       ┆ 13.3.0       ┆ h84ea5a7_101     ┆ conda-forge ┆ 2.48 MiB   │
 │ │ │ libgcc-ng                   ┆ 14.2.0       ┆ h69a702a_1       ┆ conda-forge ┆ 52.87 KiB  │
 │ │ │ libgomp                     ┆ 14.2.0       ┆ h77fa898_1       ┆ conda-forge ┆ 450.19 KiB │
 │ │ │ libiconv                    ┆ 1.17         ┆ hd590300_2       ┆ conda-forge ┆ 689.23 KiB │
 │ │ │ libllvm19                   ┆ 19.1.6       ┆ ha7bfdaf_0       ┆ conda-forge ┆ 38.26 MiB  │
 │ │ │ liblzma                     ┆ 5.6.3        ┆ hb9d3cd8_1       ┆ conda-forge ┆ 108.53 KiB │
 │ │ │ libmlir19                   ┆ 19.1.6       ┆ h84d6215_0       ┆ conda-forge ┆ 17.53 MiB  │
 │ │ │ libnghttp2                  ┆ 1.64.0       ┆ h161d5f1_0       ┆ conda-forge ┆ 632.42 KiB │
 │ │ │ libsanitizer                ┆ 13.3.0       ┆ heb74ff8_1       ┆ conda-forge ┆ 3.94 MiB   │
 │ │ │ libssh2                     ┆ 1.11.1       ┆ hf672d98_0       ┆ conda-forge ┆ 297.15 KiB │
 │ │ │ libstdcxx                   ┆ 14.2.0       ┆ hc0a3c3a_1       ┆ conda-forge ┆ 3.71 MiB   │
 │ │ │ libstdcxx-devel_linux-64    ┆ 13.3.0       ┆ h84ea5a7_101     ┆ conda-forge ┆ 13.42 MiB  │
 │ │ │ libstdcxx-ng                ┆ 14.2.0       ┆ h4852527_1       ┆ conda-forge ┆ 52.84 KiB  │
 │ │ │ libuv                       ┆ 1.49.2       ┆ hb9d3cd8_0       ┆ conda-forge ┆ 863.91 KiB │
 │ │ │ libxml2                     ┆ 2.13.5       ┆ h0d44e9d_1       ┆ conda-forge ┆ 673.82 KiB │
 │ │ │ libzlib                     ┆ 1.3.1        ┆ hb9d3cd8_2       ┆ conda-forge ┆ 59.53 KiB  │
 │ │ │ llvm-tools                  ┆ 19.1.6       ┆ h84d6215_0       ┆ conda-forge ┆ 85.15 KiB  │
 │ │ │ llvm-tools-19               ┆ 19.1.6       ┆ h48f18f5_0       ┆ conda-forge ┆ 21.72 MiB  │
 │ │ │ llvmdev                     ┆ 19.1.6       ┆ h48f18f5_0       ┆ conda-forge ┆ 58.77 MiB  │
 │ │ │ mlir                        ┆ 19.1.6       ┆ h629725b_0       ┆ conda-forge ┆ 86.61 MiB  │
 │ │ │ ncurses                     ┆ 6.5          ┆ he02047a_1       ┆ conda-forge ┆ 868.25 KiB │
 │ │ │ ninja                       ┆ 1.12.1       ┆ h297d8ca_0       ┆ conda-forge ┆ 2.10 MiB   │
 │ │ │ openssl                     ┆ 3.4.0        ┆ h7b32b05_1       ┆ conda-forge ┆ 2.80 MiB   │
 │ │ │ rhash                       ┆ 1.4.5        ┆ hb9d3cd8_0       ┆ conda-forge ┆ 182.54 KiB │
 │ │ │ sed                         ┆ 4.8          ┆ he412f7d_0       ┆ conda-forge ┆ 264.42 KiB │
 │ │ │ sysroot_linux-64            ┆ 2.17         ┆ h0157908_18      ┆ conda-forge ┆ 14.46 MiB  │
 │ │ │ tzdata                      ┆ 2024b        ┆ hc8b5060_0       ┆ conda-forge ┆ 119.49 KiB │
 │ │ │ zstd                        ┆ 1.5.6        ┆ ha6fb4c9_0       ┆ conda-forge ┆ 541.84 KiB │
 │ │ ╰─────────────────────────────┴──────────────┴──────────────────┴─────────────┴────────────╯
 │ │ 
 │ │ Resolving host environment:
 │ │   Platform: linux-64 [__unix=0=0, __linux=6.12.8=0, __glibc=2.40=0, __cuda=12.6=0, __archspec=1=zen2]
 │ │   Channels: 
 │ │    - file:///var/tmp/conda-bld/
 │ │    - conda-forge
 │ │   Specs:
 │ │    - python 3.12.* *_cpython
 │ │    - pybind11
 │ │    - pip
 │ │    - setuptools
 │ │    - llvm 19.*
 │ │    - llvmdev 19.*
 │ │    - mlir 19.*
 │ │    - zlib 1.*
 │ │    - nlohmann_json
 │ │    - cuda-cupti-dev
 │ │    - cuda-version >=12.6,<13
 │ │    - libstdcxx >=13
 │ │    - libgcc >=13
 │ │    - __glibc >=2.17,<3.0.a0
 │ │ 
 │ │ ╭──────────────────┬────────────┬────────────────────┬─────────────┬────────────╮
 │ │ │ Package          ┆ Version    ┆ Build              ┆ Channel     ┆ Size       │
 │ │ ╞══════════════════╪════════════╪════════════════════╪═════════════╪════════════╡
 │ │ │ _libgcc_mutex    ┆ 0.1        ┆ conda_forge        ┆ conda-forge ┆ 2.50 KiB   │
 │ │ │ _openmp_mutex    ┆ 4.5        ┆ 2_gnu              ┆ conda-forge ┆ 23.07 KiB  │
 │ │ │ bzip2            ┆ 1.0.8      ┆ h4bc722e_7         ┆ conda-forge ┆ 246.86 KiB │
 │ │ │ ca-certificates  ┆ 2024.12.14 ┆ hbcca054_0         ┆ conda-forge ┆ 153.41 KiB │
 │ │ │ cuda-cupti       ┆ 12.6.80    ┆ hbd13f7d_0         ┆ conda-forge ┆ 1.91 MiB   │
 │ │ │ cuda-cupti-dev   ┆ 12.6.80    ┆ h5888daf_0         ┆ conda-forge ┆ 3.37 MiB   │
 │ │ │ cuda-version     ┆ 12.6       ┆ h7480c83_3         ┆ conda-forge ┆ 20.45 KiB  │
 │ │ │ ld_impl_linux-64 ┆ 2.43       ┆ h712a8e2_2         ┆ conda-forge ┆ 653.53 KiB │
 │ │ │ libexpat         ┆ 2.6.4      ┆ h5888daf_0         ┆ conda-forge ┆ 71.59 KiB  │
 │ │ │ libffi           ┆ 3.4.2      ┆ h7f98852_5         ┆ conda-forge ┆ 56.93 KiB  │
 │ │ │ libgcc           ┆ 14.2.0     ┆ h77fa898_1         ┆ conda-forge ┆ 828.85 KiB │
 │ │ │ libgcc-ng        ┆ 14.2.0     ┆ h69a702a_1         ┆ conda-forge ┆ 52.87 KiB  │
 │ │ │ libgomp          ┆ 14.2.0     ┆ h77fa898_1         ┆ conda-forge ┆ 450.19 KiB │
 │ │ │ libiconv         ┆ 1.17       ┆ hd590300_2         ┆ conda-forge ┆ 689.23 KiB │
 │ │ │ libllvm19        ┆ 19.1.6     ┆ ha7bfdaf_0         ┆ conda-forge ┆ 38.26 MiB  │
 │ │ │ liblzma          ┆ 5.6.3      ┆ hb9d3cd8_1         ┆ conda-forge ┆ 108.53 KiB │
 │ │ │ libmlir19        ┆ 19.1.6     ┆ h84d6215_0         ┆ conda-forge ┆ 17.53 MiB  │
 │ │ │ libnsl           ┆ 2.0.1      ┆ hd590300_0         ┆ conda-forge ┆ 32.62 KiB  │
 │ │ │ libsqlite        ┆ 3.47.2     ┆ hee588c1_0         ┆ conda-forge ┆ 853.08 KiB │
 │ │ │ libstdcxx        ┆ 14.2.0     ┆ hc0a3c3a_1         ┆ conda-forge ┆ 3.71 MiB   │
 │ │ │ libstdcxx-ng     ┆ 14.2.0     ┆ h4852527_1         ┆ conda-forge ┆ 52.84 KiB  │
 │ │ │ libuuid          ┆ 2.38.1     ┆ h0b41bf4_0         ┆ conda-forge ┆ 32.81 KiB  │
 │ │ │ libxcrypt        ┆ 4.4.36     ┆ hd590300_1         ┆ conda-forge ┆ 98.04 KiB  │
 │ │ │ libxml2          ┆ 2.13.5     ┆ h0d44e9d_1         ┆ conda-forge ┆ 673.82 KiB │
 │ │ │ libzlib          ┆ 1.3.1      ┆ hb9d3cd8_2         ┆ conda-forge ┆ 59.53 KiB  │
 │ │ │ llvm             ┆ 19.1.6     ┆ h1c4df35_0         ┆ conda-forge ┆ 53.15 KiB  │
 │ │ │ llvm-tools       ┆ 19.1.6     ┆ h84d6215_0         ┆ conda-forge ┆ 85.15 KiB  │
 │ │ │ llvm-tools-19    ┆ 19.1.6     ┆ h48f18f5_0         ┆ conda-forge ┆ 21.72 MiB  │
 │ │ │ llvmdev          ┆ 19.1.6     ┆ h48f18f5_0         ┆ conda-forge ┆ 58.77 MiB  │
 │ │ │ mlir             ┆ 19.1.6     ┆ h629725b_0         ┆ conda-forge ┆ 86.61 MiB  │
 │ │ │ ncurses          ┆ 6.5        ┆ he02047a_1         ┆ conda-forge ┆ 868.25 KiB │
 │ │ │ nlohmann_json    ┆ 3.11.3     ┆ he02047a_1         ┆ conda-forge ┆ 119.87 KiB │
 │ │ │ openssl          ┆ 3.4.0      ┆ h7b32b05_1         ┆ conda-forge ┆ 2.80 MiB   │
 │ │ │ pip              ┆ 24.3.1     ┆ pyh8b19718_2       ┆ conda-forge ┆ 1.19 MiB   │
 │ │ │ pybind11         ┆ 2.13.6     ┆ pyh1ec8472_2       ┆ conda-forge ┆ 182.01 KiB │
 │ │ │ pybind11-global  ┆ 2.13.6     ┆ pyh415d2e4_2       ┆ conda-forge ┆ 174.94 KiB │
 │ │ │ python           ┆ 3.12.8     ┆ h9e4cc4f_1_cpython ┆ conda-forge ┆ 30.10 MiB  │
 │ │ │ readline         ┆ 8.2        ┆ h8228510_1         ┆ conda-forge ┆ 274.86 KiB │
 │ │ │ setuptools       ┆ 75.6.0     ┆ pyhff2d567_1       ┆ conda-forge ┆ 756.11 KiB │
 │ │ │ tk               ┆ 8.6.13     ┆ noxft_h4845f30_101 ┆ conda-forge ┆ 3.17 MiB   │
 │ │ │ tzdata           ┆ 2024b      ┆ hc8b5060_0         ┆ conda-forge ┆ 119.49 KiB │
 │ │ │ wheel            ┆ 0.45.1     ┆ pyhd8ed1ab_1       ┆ conda-forge ┆ 61.46 KiB  │
 │ │ │ zlib             ┆ 1.3.1      ┆ hb9d3cd8_2         ┆ conda-forge ┆ 90.12 KiB  │
 │ │ │ zstd             ┆ 1.5.6      ┆ ha6fb4c9_0         ┆ conda-forge ┆ 541.84 KiB │
 │ │ ╰──────────────────┴────────────┴────────────────────┴─────────────┴────────────╯
 │ │ 
 │ │ Finalized run dependencies:
 │ │ ╭──────────────────┬──────────────────────────────────────────────────╮
 │ │ │ Name             ┆ Spec                                             │
 │ │ ╞══════════════════╪══════════════════════════════════════════════════╡
 │ │ │ Run dependencies ┆                                                  │
 │ │ │ python           ┆                                                  │
 │ │ │ setuptools       ┆                                                  │
 │ │ │ cuda-nvcc        ┆                                                  │
 │ │ │ cuda-cuobjdump   ┆                                                  │
 │ │ │ cuda-cudart      ┆                                                  │
 │ │ │ cuda-cupti       ┆                                                  │
 │ │ │ cuda-version     ┆ >=12.6,<13 (RE of [build: cuda-nvcc_linux-64])   │
 │ │ │ libstdcxx        ┆ >=13 (RE of [build: gxx_linux-64])               │
 │ │ │ libgcc           ┆ >=13 (RE of [build: gxx_linux-64])               │
 │ │ │ __glibc          ┆ >=2.17,<3.0.a0 (RE of [build: sysroot_linux-64]) │
 │ │ │ cuda-cupti       ┆ >=12.6.80,<13.0a0 (RE of [host: cuda-cupti-dev]) │
 │ │ │ libzlib          ┆ >=1.3.1,<2.0a0 (RE of [host: zlib])              │
 │ │ │ python_abi       ┆ 3.12.* *_cp312 (RE of [host: python])            │
 │ │ │ libllvm19        ┆ >=19.1.6,<19.2.0a0 (RE of [host: llvm])          │
 │ │ ╰──────────────────┴──────────────────────────────────────────────────╯
 │ │
 │ ╰─────────────────── (took 1 second)
 │ 
 │ Installing build environment
 │ ✔ Successfully updated the build environment
 │ Cleaning up 931 files in the prefix from a previous build.
 │ 
 │ Installing host environment
 │ ✔ Successfully updated the host environment
 │
 │ ╭─ Running build script
 │ │ Sandbox configuration: 🛡️ Sandbox Configuration
 │ │ Network Access: ❌
 │ │ 
 │ │ 📁  Read-only paths:
 │ │   - /
 │ │ 
 │ │ 📂  Read-execute paths:
 │ │   - /bin/
 │ │   - /usr/bin/
 │ │ 
 │ │ 📝  Read-write paths:
 │ │   - /tmp
 │ │   - /var/tmp
 │ │ thread 'main' panicked at /home/mgorny/.cargo/registry/src/index.crates.io-6f17d22bba15001f/birdcage-0.8.1/src/linux/mod.rs:51:9:
 │ │ `Sandbox::spawn` must be called from a single-threaded process
 │ │ stack backtrace:
 │ │    0: rust_begin_unwind
 │ │    1: core::panicking::panic_fmt
 │ │    2: <birdcage::linux::LinuxSandbox as birdcage::Sandbox>::spawn
 │ │              at /home/mgorny/.cargo/registry/src/index.crates.io-6f17d22bba15001f/birdcage-0.8.1/src/linux/mod.rs:51:9
 │ │    3: rattler_sandbox::sandbox::init
 │ │              at /home/mgorny/git/conda/rattler/crates/rattler_sandbox/src/sandbox/mod.rs:65:25
 │ │    4: rattler_sandbox::sandbox::init_sandbox
 │ │              at /home/mgorny/git/conda/rattler/crates/rattler_sandbox/src/sandbox/mod.rs:78:9
 │ │    5: rattler_build::main::{{closure}}
 │ │              at /home/mgorny/git/conda/rattler-build/src/main.rs:21:5
 │ │    6: <core::pin::Pin<P> as core::future::future::Future>::poll
 │ │              at /usr/lib/rust/1.83.0/lib/rustlib/src/rust/library/core/src/future/future.rs:123:9
 │ │    7: tokio::runtime::park::CachedParkThread::block_on::{{closure}}
 │ │              at /home/mgorny/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.42.0/src/runtime/park.rs:281:63
 │ │    8: tokio::runtime::coop::with_budget
 │ │              at /home/mgorny/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.42.0/src/runtime/coop.rs:107:5
 │ │    9: tokio::runtime::coop::budget
 │ │              at /home/mgorny/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.42.0/src/runtime/coop.rs:73:5
 │ │   10: tokio::runtime::park::CachedParkThread::block_on
 │ │              at /home/mgorny/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.42.0/src/runtime/park.rs:281:31
 │ │   11: tokio::runtime::context::blocking::BlockingRegionGuard::block_on
 │ │              at /home/mgorny/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.42.0/src/runtime/context/blocking.rs:66:
 │ │ 9
 │ │   12: tokio::runtime::scheduler::multi_thread::MultiThread::block_on::{{closure}}
 │ │              at /home/mgorny/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.42.0/src/runtime/scheduler/multi_thread/
 │ │ mod.rs:87:22
 │ │   13: tokio::runtime::context::runtime::enter_runtime
 │ │              at /home/mgorny/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.42.0/src/runtime/context/runtime.rs:65:1
 │ │ 6
 │ │   14: tokio::runtime::scheduler::multi_thread::MultiThread::block_on
 │ │              at /home/mgorny/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.42.0/src/runtime/scheduler/multi_thread/
 │ │ mod.rs:86:9
 │ │   15: tokio::runtime::runtime::Runtime::block_on_inner
 │ │              at /home/mgorny/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.42.0/src/runtime/runtime.rs:370:50
 │ │   16: tokio::runtime::runtime::Runtime::block_on
 │ │              at /home/mgorny/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.42.0/src/runtime/runtime.rs:340:13
 │ │   17: rattler_build::main
 │ │              at /home/mgorny/git/conda/rattler-build/src/main.rs:43:5
 │ │   18: core::ops::function::FnOnce::call_once
 │ │              at /usr/lib/rust/1.83.0/lib/rustlib/src/rust/library/core/src/ops/function.rs:250:5
 │ │ note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
 │ │ × error Script failed with status 101
 │ │ × error Work directory: '/var/tmp/conda-bld/bld/rattler-build_triton/work'
 │ │ × error To debug the build, run it manually in the work directory (execute the `./conda_build.sh` or `conda_build.bat` script)
 │ │
 │ ╰─────────────────── (took 0 seconds)
 │
 ╰─────────────────── (took 2 seconds)
Error: 
  × Script failed

@wolfv
Copy link
Member Author

wolfv commented Jan 7, 2025

Interesting! Thanks for testing! So far I mainly checked if things work on macOS ... Let me see if I can fix this later

@wolfv
Copy link
Member Author

wolfv commented Jan 7, 2025

@mgorny I just pushed a fix.

@mgorny
Copy link
Contributor

mgorny commented Jan 7, 2025

Thanks. We're making progress, since now I'm seeing:

 │ │ sandboxing failure: Permission denied (os error 13)
 │ │ × error Script failed with status 1

strace(1) suggests:

[pid 395498] execve("/bin/bash", ["bash", "-e", "/var/tmp/conda-bld/bld/rattler-b"...], 0x7ffedc149d68 /* 0 vars */) = -1 EACCES (Permission denied)
[pid 395498] execve("/usr/bin/bash", ["bash", "-e", "/var/tmp/conda-bld/bld/rattler-b"...], 0x7ffedc149d68 /* 0 vars */) = -1 EACCES (Permission denied)

…which is weird, given /bin/ and /usr/bin/ are on read-execute path list.

@wolfv
Copy link
Member Author

wolfv commented Jan 7, 2025

Awesome! Yes, I'd need to check / debug / configure myself as well (haven't played around with this on Linux yet).

You can add more paths to the different exceptions iwth --read-execute foo --read-execute bar etc.

@mgorny
Copy link
Contributor

mgorny commented Jan 8, 2025

I can confirm that the new version works like a charm! Furthermore, it does correctly block Internet access — I can confirm that once I remove the envvars preventing fetching, it tries to connect and fails! 👍

@wolfv wolfv changed the title hardcoded sandbox experiment feat: add experimental sandbox during builds Jan 8, 2025
@wolfv
Copy link
Member Author

wolfv commented Jan 8, 2025

Yeah the main problem was that the linker on Linux (ld-linux-...) is usually located in /lib/... or /usr/lib so at least that one needs to be executable. For now I have made all the lib folders executable.

@mgorny
Copy link
Contributor

mgorny commented Jan 8, 2025

Right, that makes sense. On top of that, bash and coreutils may link to a dozen different libraries. Technically, for different architectures you may also need to account for lib32 and libx32.

@wolfv wolfv enabled auto-merge (squash) January 8, 2025 15:54
@wolfv wolfv merged commit 0266d70 into prefix-dev:main Jan 8, 2025
16 checks passed
@wolfv wolfv deleted the sandbox branch January 8, 2025 16:18
@BrewTestBot BrewTestBot mentioned this pull request Jan 9, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wolfv @mgorny