diff options
| author |   David Seifert <soap@gentoo.org> | 2024-04-07 11:37:40 +0200 |
|---|---|---|
| committer | David Seifert <soap@gentoo.org> | 2024-04-07 11:37:40 +0200 |
| commit | c6a96e9169b96c35d91263b113b334655f752e60 (patch) | |
| tree | c7f73265802a26294a1df45d5520daa31af5d497 /dev-util/nvidia-cuda-toolkit | |
| parent | x11-libs/gtk+: Stabilize 3.24.41 arm64, #928844 (diff) | |
| download | gentoo-c6a96e9169b96c35d91263b113b334655f752e60.tar.gz gentoo-c6a96e9169b96c35d91263b113b334655f752e60.tar.bz2 gentoo-c6a96e9169b96c35d91263b113b334655f752e60.zip | |
dev-util/nvidia-cuda-toolkit: add CMake sandbox workaround to all versions
Closes: https://bugs.gentoo.org/926116
Signed-off-by: David Seifert <soap@gentoo.org>
Diffstat (limited to 'dev-util/nvidia-cuda-toolkit')
3 files changed, 14 insertions, 15 deletions
diff --git a/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-11.8.0-r4.ebuild b/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-11.8.0-r4.ebuild index ac16815eb2cc..521f32930215 100644 --- a/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-11.8.0-r4.ebuild +++ b/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-11.8.0-r4.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2023 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -230,7 +230,12 @@ src_install() { newins - 80${PN} <<-EOF SEARCH_DIRS_MASK="${ecudadir}" EOF - # TODO: Add pkgconfig files for installed libraries + + # https://bugs.gentoo.org/926116 + insinto /etc/sandbox.d + newins - 80${PN} <<-EOF + SANDBOX_PREDICT="/proc/self/task" + EOF } pkg_postinst_check() { diff --git a/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-12.3.2.ebuild b/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-12.3.2.ebuild index ab5253992784..c309bcd62476 100644 --- a/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-12.3.2.ebuild +++ b/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-12.3.2.ebuild @@ -276,6 +276,12 @@ src_install() { newins - 80${PN} <<-EOF SEARCH_DIRS_MASK="${ecudadir}" EOF + + # https://bugs.gentoo.org/926116 + insinto /etc/sandbox.d + newins - 80${PN} <<-EOF + SANDBOX_PREDICT="/proc/self/task" + EOF } pkg_postinst_check() { diff --git a/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-12.4.0.ebuild b/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-12.4.0.ebuild index 39914c80209d..681a1840c4be 100644 --- a/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-12.4.0.ebuild +++ b/dev-util/nvidia-cuda-toolkit/nvidia-cuda-toolkit-12.4.0.ebuild @@ -279,19 +279,7 @@ src_install() { SEARCH_DIRS_MASK="${ecudadir}" EOF - # To address the sandbox errors encountered in packages with CUDA, - # such as those documented in https://bugs.gentoo.org/926116, it is - # necessary to modify the sandbox environment settings. This change - # specifically targets issues during the execution of - # CMakeDetermineCompilerABI_CUDA.bin, as observed in a range of - # software including caffe2, opencv, vtk, cholmod, and openvdb - # (refer to https://forums.gentoo.org/viewtopic-p-8789206.html). - # Granting access to /proc/self within the sandbox is essential for - # these applications to correctly determine the CUDA compiler ABI - # without triggering sandbox violations. While opening up /proc/self - # may seem to have security implications, its impact is limited as - # it only exposes information about the processes inside the same - # sandbox environment. The proposed configuration is as follows: + # https://bugs.gentoo.org/926116 insinto /etc/sandbox.d newins - 80${PN} <<-EOF SANDBOX_PREDICT="/proc/self/task" |