Cannot disable ASLR in arm64 jobs

Hello,

I cannot disable ASLR on the arm64 workers. On the amd64 I simply do sudo sh -c "echo 0 > /proc/sys/kernel/randomize_va_space" but on arm64 I get “permission denied” when trying to write to that file.

I tried to run the docker daemon and my docker builds with setarch aarch64 -R as it’s what is recommended for arm, but that does not work as well.

I do have sudo: required which was the workaround for amd64 images.

https://travis-ci.org/Silex/docker-emacs/builds/638816103

sysctl: permission denied on key ‘kernel.randomize_va_space’
/proc/sys/kernel/randomize_va_space: Permission denied

Have a look at my tests with .travis.yml and bin/prepare-docker at https://github.com/Silex/docker-emacs/tree/b901a5985b9acc91d944e6ddb2325f58bd2ed029

I need this otherwise you cannot build Emacs. The only alternative would be to crossbuild the arm images from an amd64 image but that is very slow and silly.

Looking at #23529 - Request for fixing randomize_va_space build issues - GNU bug report logs, there is a bug/limitation in Emacs build, and disabling ASLR is a workaround for it.
So I wouldn’t call jumping through hoops “silly” since that’s what you do when working around unfixed bugs/limitations.

@native-api: this bug report that you linked was created by me (I am Philippe Vaucher). I’m also the reporter of https://github.com/moby/moby/issues/22801

It looks like you missunderstood what was meant by “silly”: having to cross-build the arm64 image on amd64 just because I cannot disable ASLR on arm64. When there are only amd64 builders, sure it makes total sense, but when there are arm64 workers it is silly.

Travis should be consistent and allow to disable ASLR on both amd64 and arm64.

Also for your information Emacs starting from version 27 will not need ASLR disabling in order to be built anymore, but for this project I need to build old versions.

Hum, found Open /proc/sys/vm/overcommit_memory: permission denied which eventually lead me to https://docs.travis-ci.com/user/multi-cpu-architectures/#security-and-lxd-container which means that I simply cannot use the arm workers as long as there’s no way around this.

1 Like
Imprint