LineageOS 17.0 build in LXC 2.x - nsjail/sandboxing error

[Condor]

Hello,

I've just tried building LineageOS 17.0 for fajita (OnePlus 6T). For efficiency reasons and to maintain isolation from the host I've opted to spin up an LXC container for this.

The host machine is running Debian 9 and LXC 2.x, while the container is a Debian 10 machine. Apparently this doesn't support nsjail, which caused "breakfast fajita" to fail.

A screenshot is available at https://www.nixmagic.com/pics/lineage-nsjail-error.png.

I've followed the build guide at https://wiki.lineageos.org/devices/fajita/build.

Below is the error log in text form.

Looking for dependencies in kernel/oneplus/sdm845

kernel/oneplus/sdm845 has no additional dependencies.

Looking for dependencies in packages/resources/devicesettings packages/resources/devicesettings has no additional dependencies.

Done

15:31:05 Build sandboxing disabled due to nsjail error. This may become fatal in the future.

15:31:05 Please let us know why nsjail doesn't work in your environment at:

15:31:05 https://groups.google.com/forum/#!forum/android-building

15:31:05 https://issuetracker.google.com/issues/new?component=381517

build/make/target/product/updatable_apex.mk:21: error: _nic.PRODUCTS.[[device/oneplus/fajita/lineage_fajita.mk]]: "vendor/oneplus/sdm845-common/sdm845-common-vendor.mk" does not exist.

15:31:11 dumpvars failed with: exit status 1

15:31:13 Build sandboxing disabled due to nsjail error. This may become fatal in the future.

15:31:13 Please let us know why nsjail doesn't work in your environment at:

15:31:13 https://groups.google.com/forum/#!forum/android-building

15:31:13 https://issuetracker.google.com/issues/new?component=381517

build/make/target/product/updatable_apex.mk:21: error: _nic.PRODUCTS.[[device/oneplus/fajita/lineage_fajita.mk]]: "vendor/oneplus/sdm845-common/sdm845-common-vendor.mk" does not exist.

15:32:42 dumpvars failed with: exit status 1

** Don't have a product spec for: 'lineage_fajita'

** Do you have the right repo manifest?

I wish I could explain why nsjail isn't available in LXC but unfortunately I don't know either... I'll retry the build in a VM or on a physical host.

Best regards,

Michael De Roover (android-building at nixmagic dot com)

[Glenn Kasten]

Can you reproduce this problem with AOSP distribution?

This discussion group is targeted at AOSP distribution per guidelines here.

[I am a volunteer moderator]

[Dan Willemsen]

So the actual error that's blocking you is:

build/make/target/product/updatable_apex.mk:21: error: _nic.PRODUCTS.[[device/oneplus/fajita/lineage_fajita.mk]]: "vendor/oneplus/sdm845-common/sdm845-common-vendor.mk" does not exist.

But that's off-topic for this list, as Glenn mentions.

The nsjail error isn't fatal currently, but that's something we'd like to change in the future (so that we can get better sandboxing within the build and ensure reproducible/incremental builds work, etc). You may need to tweak some of the settings w/LXC in order to allow nsjail to function, I haven't used it. I know Docker has some known issues currently in which it can't be configured to allow nsjail, but I'm hopeful that that will get fixed.

- Dan

--
--
You received this message because you are subscribed to the "Android Building" mailing list.
To post to this group, send email to android-...@googlegroups.com
To unsubscribe from this group, send email to
android-buildi...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-building?hl=en

---
You received this message because you are subscribed to the Google Groups "Android Building" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-buildi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/android-building/b8113ccb-73b0-4c6f-8cea-1cd29768f8e4%40googlegroups.com.