[oe] [meta-qt5][PATCH] qfilesystemengine_unix.cpp: optionally disable use of statx(2)

Rasmus Villemoes rasmus.villemoes at prevas.dk
Mon Jul 16 09:22:21 UTC 2018 

When used inside an unprivileged docker container, statx(2) gets
rejected with -EPERM by the default seccomp profile, unless the host
runs an almost-bleeding edge version of docker (at least 18.04). That
causes most qt apps, qmake in particular, to fail.

While the qt release notes do mention this

   - Qt uses the statx(2) system call for obtaining file information on
   kernels 4.12 and later. Some older container systems install system call
   protection rules that do not include this system call. If you experience
   problems running Qt applications inside containers (such as the report of
   a file not existing when it does), ensure the statx(2) is allowed in the
   container configuration.

it's not always feasible nor reasonable to upgrade (or tell one's
customers to upgrade) the build infrastructure, especially since several
distros as of this writing don't even seem to ship such a recent version
in their official repositories.

This opt-in patch simply monkey-patches out any (the only) use of statx
and ensures that the -ENOSYS fallbacks are used. While I agree that this
is really a bug in the container system, this takes the short and
pragmatic approach to getting things to work.

To opt-in, just prepend no-xstat: to OVERRIDES in some global
configuration file, possibly restricting that to e.g. native and
nativesdk.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes at prevas.dk>
---
 ...temengine_unix.cpp-disable-use-of-statx-2.patch | 58 ++++++++++++++++++++++
 recipes-qt/qt5/qt5-git.inc                         |  2 +
 2 files changed, 60 insertions(+)
 create mode 100644 recipes-qt/qt5/files/0001-qfilesystemengine_unix.cpp-disable-use-of-statx-2.patch

diff --git a/recipes-qt/qt5/files/0001-qfilesystemengine_unix.cpp-disable-use-of-statx-2.patch b/recipes-qt/qt5/files/0001-qfilesystemengine_unix.cpp-disable-use-of-statx-2.patch
new file mode 100644
index 0000000..6efbfe4
--- /dev/null
+++ b/recipes-qt/qt5/files/0001-qfilesystemengine_unix.cpp-disable-use-of-statx-2.patch
@@ -0,0 +1,58 @@
+From dc5218c70d445a4692271add1a17091afb230095 Mon Sep 17 00:00:00 2001
+From: Rasmus Villemoes <rasmus.villemoes at prevas.dk>
+Date: Mon, 16 Jul 2018 09:50:06 +0200
+Subject: [PATCH] qfilesystemengine_unix.cpp: disable use of statx(2)
+
+When used inside an unprivileged docker container, statx(2) gets
+rejected with -EPERM by the default seccomp profile, unless the host
+runs an almost-bleeding edge version of docker (at least 18.04). That
+causes most qt apps, qmake in particular, to fail.
+
+While the qt release notes do mention this
+
+   - Qt uses the statx(2) system call for obtaining file information on
+   kernels 4.12 and later. Some older container systems install system call
+   protection rules that do not include this system call. If you experience
+   problems running Qt applications inside containers (such as the report of
+   a file not existing when it does), ensure the statx(2) is allowed in the
+   container configuration.
+
+it's not always feasible nor reasonable to upgrade (or tell one's
+customers to upgrade) the build infrastructure.
+
+This opt-in patch simply monkey-patches out any (the only) use of statx
+and ensures that the -ENOSYS fallbacks are used.
+
+https://github.com/docker/for-linux/issues/208
+https://github.com/moby/moby/pull/36417
+
+Upstream-Status: Inappropriate [workaround]
+---
+ src/corelib/io/qfilesystemengine_unix.cpp | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/corelib/io/qfilesystemengine_unix.cpp b/src/corelib/io/qfilesystemengine_unix.cpp
+index b974af80dc..5f574901e3 100644
+--- a/src/corelib/io/qfilesystemengine_unix.cpp
++++ b/src/corelib/io/qfilesystemengine_unix.cpp
+@@ -320,6 +320,9 @@ mtime(const T &statBuffer, int)
+ #ifdef STATX_BASIC_STATS
+ static int qt_real_statx(int fd, const char *pathname, int flags, struct statx *statxBuffer)
+ {
++#if 1
++    return -ENOSYS;
++#else
+ #ifdef Q_ATOMIC_INT8_IS_SUPPORTED
+     static QBasicAtomicInteger<qint8> statxTested  = Q_BASIC_ATOMIC_INITIALIZER(0);
+ #else
+@@ -337,6 +340,7 @@ static int qt_real_statx(int fd, const char *pathname, int flags, struct statx *
+     }
+     statxTested.store(1);
+     return ret == -1 ? -errno : 0;
++#endif
+ }
+ 
+ static int qt_statx(const char *pathname, struct statx *statxBuffer)
+-- 
+2.16.4
+
diff --git a/recipes-qt/qt5/qt5-git.inc b/recipes-qt/qt5/qt5-git.inc
index 09b6cc5..41f9b7a 100644
--- a/recipes-qt/qt5/qt5-git.inc
+++ b/recipes-qt/qt5/qt5-git.inc
@@ -15,3 +15,5 @@ CVE_PRODUCT = "qt"
 S = "${WORKDIR}/git"
 
 PV = "5.11.1+git${SRCPV}"
+
+SRC_URI_append_no-xstat = " file://0001-qfilesystemengine_unix.cpp-disable-use-of-statx-2.patch"
-- 
2.16.4

More information about the Openembedded-devel mailing list