AI 助理
文档备案控制台
开发者社区 云原生 文章 正文

docker中编译android aosp源码,出现Build sandboxing disabled due to nsjail error

2024-08-28 2946
版权
版权声明:
本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《 阿里云开发者社区用户服务协议》和 《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写 侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
简介: 在使用Docker编译Android AOSP源码时,如果遇到"Build sandboxing disabled due to nsjail error"的错误,可以通过在docker run命令中添加`--privileged`参数来解决权限不足的问题。

使用docker搭建aosp的编译环境,测试中,出现Build sandboxing disabled due to nsjail error.解决办法如下。

1.错误现场

szhou@81fe32c25a6f:/home/builder/code/aosp$ source  build/envsetup.sh 
szhou@81fe32c25a6f:/home/builder/code/aosp$ lunch 

You're building on Linux

Lunch menu... pick a combo:
     1. aosp_arm-eng
     2. aosp_arm64-eng
     …… 省略 ……
     30. aosp_x86-eng
     31. aosp_x86_64-eng
     …… 省略 ……

Which would you like? [aosp_arm-eng] 31
16:23:33 Build sandboxing disabled due to nsjail error.
16:23:33 Build sandboxing disabled due to nsjail error.

============================================
PLATFORM_VERSION_CODENAME=S
PLATFORM_VERSION=S
TARGET_PRODUCT=aosp_x86_64
TARGET_BUILD_VARIANT=eng
TARGET_BUILD_TYPE=release
TARGET_ARCH=x86_64
TARGET_ARCH_VARIANT=x86_64
TARGET_2ND_ARCH=x86
TARGET_2ND_ARCH_VARIANT=x86_64
HOST_ARCH=x86_64
HOST_2ND_ARCH=x86
HOST_OS=linux
HOST_OS_EXTRA=Linux-4.15.0-142-generic-x86_64-Ubuntu-14.04.5-LTS
HOST_CROSS_OS=windows
HOST_CROSS_ARCH=x86
HOST_CROSS_2ND_ARCH=x86_64
HOST_BUILD_TYPE=release
BUILD_ID=AOSP.MASTER
OUT_DIR=out
PRODUCT_SOONG_NAMESPACES=device/generic/goldfish device/generic/goldfish-opengl hardware/google/camera hardware/google/camera/devices/EmulatedCamera
============================================
szhou@81fe32c25a6f:/home/builder/code/aosp$

2. 错误分析

2.1 soong 错误打印

Z:\works\android\ustc\aosp\out\soong.log

2021/06/16 16:52:54.815584 build/soong/ui/build/build.go:184: Starting build with args: []
2021/06/16 16:52:54.815614 build/soong/ui/build/build.go:185: Environment: [HOSTNAME=81fe32c25a6f TRACE_BEGIN_SOONG=1623833572854843900 TERM=xterm ANDROID_PYTHONPATH=/home/builder/code/aosp/development/python-packages: OLDPWD=/home/builder/code/aosp OUT=/home/builder/code/aosp/out/target/product/generic_x86_64 TARGET_BUILD_VARIANT=eng BUILD_ENV_SEQUENCE_NUMBER=13 ANDROID_BUILD_PATHS=/home/builder/code/aosp/out/soong/host/linux-x86/bin:/home/builder/code/aosp/out/host/linux-x86/bin:/home/builder/code/aosp/prebuilts/gcc/linux-x86/x86/x86_64-linux-android-4.9/bin:/home/builder/code/aosp/development/scripts:/home/builder/code/aosp/prebuilts/devtools/tools:/home/builder/code/aosp/external/selinux/prebuilts/bin:/home/builder/code/aosp/prebuilts/misc/linux-x86/dtc:/home/builder/code/aosp/prebuilts/misc/linux-x86/libufdt:/home/builder/code/aosp/prebuilts/clang/host/linux-x86/llvm-binutils-stable:/home/builder/code/aosp/prebuilts/android-emulator/linux-x86_64:/home/builder/code/aosp/prebuilts/asuite/acloud/linux-x86:/home/builder/code/aosp/prebuilts/asuite/aidegen/linux-x86:/home/builder/code/aosp/prebuilts/asuite/atest/linux-x86: TOP=/home/builder/code/aosp TARGET_BUILD_APPS= TARGET_BUILD_TYPE=release PWD=/home/builder/code/aosp GCC_COLORS=error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01 HOME=/home/disk3/szhou SHLVL=1 ORIGINAL_PWD=/home/builder/code/aosp PYTHONPATH=/home/builder/code/aosp/development/python-packages: TARGET_GCC_VERSION=4.9 ANDROID_SOONG_HOST_OUT=/home/builder/code/aosp/out/soong/host/linux-x86 TARGET_PRODUCT=aosp_x86_64 OUT_DIR=out PYTHONDONTWRITEBYTECODE=1 TMPDIR=/home/builder/code/aosp/out/soong/.temp ASAN_SYMBOLIZER_PATH=/home/builder/code/aosp/prebuilts/clang/host/linux-x86/llvm-binutils-stable/llvm-symbolizer LANG=C.UTF-8 JAVA_HOME=/home/builder/code/aosp/prebuilts/jdk/jdk11/linux-x86 ANDROID_JAVA_HOME=prebuilts/jdk/jdk11/linux-x86 ANDROID_JAVA8_HOME=prebuilts/jdk/jdk8/linux-x86 ANDROID_JAVA9_HOME=prebuilts/jdk/jdk9/linux-x86 ANDROID_JAVA11_HOME=prebuilts/jdk/jdk11/linux-x86 PATH=/home/builder/code/aosp/prebuilts/jdk/jdk11/linux-x86/bin:/home/builder/code/aosp/prebuilts/jdk/jdk11/linux-x86/bin:/home/builder/code/aosp/out/soong/host/linux-x86/bin:/home/builder/code/aosp/out/host/linux-x86/bin:/home/builder/code/aosp/prebuilts/gcc/linux-x86/x86/x86_64-linux-android-4.9/bin:/home/builder/code/aosp/development/scripts:/home/builder/code/aosp/prebuilts/devtools/tools:/home/builder/code/aosp/external/selinux/prebuilts/bin:/home/builder/code/aosp/prebuilts/misc/linux-x86/dtc:/home/builder/code/aosp/prebuilts/misc/linux-x86/libufdt:/home/builder/code/aosp/prebuilts/clang/host/linux-x86/llvm-binutils-stable:/home/builder/code/aosp/prebuilts/android-emulator/linux-x86_64:/home/builder/code/aosp/prebuilts/asuite/acloud/linux-x86:/home/builder/code/aosp/prebuilts/asuite/aidegen/linux-x86:/home/builder/code/aosp/prebuilts/asuite/atest/linux-x86:/opt/mtk/neon_4.8.2_2.6.35_cortex-a9-ubuntu/x86_64/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin BUILD_DATETIME_FILE=out/build_date.txt]
2021/06/16 16:52:54.815674 build/soong/ui/build/build.go:161: Total RAM: 31.4GB
2021/06/16 16:52:55.013537 build/soong/ui/build/sandbox_linux.go:120: [prebuilts/build-tools/linux-x86/bin/nsjail -H android-build -e -u nobody -g nogroup -R / -B /home/builder/code/aosp -B /tmp -B /home/builder/code/aosp/out --disable_clone_newcgroup -- /bin/bash -c if [ $(hostname) == "android-build" ]; then echo "Android" "Success"; else echo Failure; fi]
2021/06/16 16:52:55.015716 build/soong/ui/build/sandbox_linux.go:127: Build sandboxing disabled due to nsjail error.
2021/06/16 16:52:55.015726 build/soong/ui/build/sandbox_linux.go:130: [I][2021-06-16T16:52:55+0800] Mode: STANDALONE_ONCE
2021/06/16 16:52:55.015732 build/soong/ui/build/sandbox_linux.go:130: [I][2021-06-16T16:52:55+0800] Jail parameters: hostname:'android-build', chroot:'', process:'/bin/bash', bind:[::]:0, max_conns_per_ip:0, time_limit:0, personality:0, daemonize:false, clone_newnet:true, clone_newuser:true, clone_newns:true, clone_newpid:true, clone_newipc:true, clone_newuts:true, clone_newcgroup:false, keep_caps:false, disable_no_new_privs:false, max_cpus:0
2021/06/16 16:52:55.015735 build/soong/ui/build/sandbox_linux.go:130: [I][2021-06-16T16:52:55+0800] Mount point: '/' flags:MS_RDONLY type:'tmpfs' options:'' is_dir:true
2021/06/16 16:52:55.015737 build/soong/ui/build/sandbox_linux.go:130: [I][2021-06-16T16:52:55+0800] Mount point: '/' -> '/' flags:MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE type:'' options:'' is_dir:true
2021/06/16 16:52:55.015740 build/soong/ui/build/sandbox_linux.go:130: [I][2021-06-16T16:52:55+0800] Mount point: '/home/builder/code/aosp' -> '/home/builder/code/aosp' flags:MS_BIND|MS_REC|MS_PRIVATE type:'' options:'' is_dir:true
2021/06/16 16:52:55.015742 build/soong/ui/build/sandbox_linux.go:130: [I][2021-06-16T16:52:55+0800] Mount point: '/tmp' -> '/tmp' flags:MS_BIND|MS_REC|MS_PRIVATE type:'' options:'' is_dir:true
2021/06/16 16:52:55.015744 build/soong/ui/build/sandbox_linux.go:130: [I][2021-06-16T16:52:55+0800] Mount point: '/home/builder/code/aosp/out' -> '/home/builder/code/aosp/out' flags:MS_BIND|MS_REC|MS_PRIVATE type:'' options:'' is_dir:true
2021/06/16 16:52:55.015747 build/soong/ui/build/sandbox_linux.go:130: [I][2021-06-16T16:52:55+0800] Mount point: '/proc' flags:MS_RDONLY type:'proc' options:'' is_dir:true
2021/06/16 16:52:55.015749 build/soong/ui/build/sandbox_linux.go:130: [I][2021-06-16T16:52:55+0800] Uid map: inside_uid:65534 outside_uid:1007 count:1 newuidmap:false
2021/06/16 16:52:55.015751 build/soong/ui/build/sandbox_linux.go:130: [I][2021-06-16T16:52:55+0800] Gid map: inside_gid:65534 outside_gid:1007 count:1 newgidmap:false
2021/06/16 16:52:55.015755 build/soong/ui/build/sandbox_linux.go:130: [E][2021-06-16T16:52:55+0800][9596] bool subproc::runChild(nsjconf_t *, int, int, int)():447 clone(flags=CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER|CLONE_NEWPID|CLONE_NEWNET|SIGCHLD) failed. You probably need root privileges if your system doesn't support CLONE_NEWUSER. Alternatively, you might want to recompile your kernel with support for namespaces or check the current value of the kernel.unprivileged_userns_clone sysctl: Operation not permitted
2021/06/16 16:52:55.015758 build/soong/ui/build/sandbox_linux.go:130: [E][2021-06-16T16:52:55+0800][9596] int nsjail::standaloneMode(nsjconf_t *)():146 Couldn't launch the child process
2021/06/16 16:52:55.015761 build/soong/ui/build/sandbox_linux.go:136: nsjail failed with exit status 255
2021/06/16 16:52:55.015768 build/soong/ui/build/exec.go:64: "dumpvars" executing "prebuilts/build-tools/linux-x86/bin/ckati" [prebuilts/build-tools/linux-x86/bin/ckati -f build/make/core/config.mk --color_warnings --kati_stats dump-many-vars MAKECMDGOALS=]
2021/06/16 16:52:55.396789 build/soong/ui/build/exec.go:74: "dumpvars" finished with exit code 0 (381ms real, 346ms user, 47ms system, 363MB maxrss)
2021/06/16 16:52:55.396818 build/soong/ui/build/dumpvars.go:123: NINJA_GOALS droid
2021/06/16 16:52:55.396822 build/soong/ui/build/dumpvars.go:123: KATI_GOALS

2.2 关键错误提示

从下面的错误看,已经提示权限不够,可能需要root权限。

  • You probably need root privileges if your system doesn’t support CLONE_NEWUSER.
  • sysctl: Operation not permitted
clone(flags=CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER|CLONE_NEWPID|CLONE_NEWNET|SIGCHLD) failed. You probably need root privileges if your system doesn't support CLONE_NEWUSER. Alternatively, you might want to recompile your kernel with support for namespaces or check the current value of the kernel.unprivileged_userns_clone sysctl: Operation not permitted

2.3 google结果

that does look docker-specific. Based on the nsjail readme, it looks like --privileged may be needed, which is unfortunate: https://github.com/google/nsjail#launching-in-docker

2.4 解决办法

添加 --privileged 参数

docker run --privileged  -it --user $(id -u ${
    USER}):$(id -g ${
    USER})   -v $PWD:/home/builder/code  -v /etc/passwd:/etc/passwd:ro -v /etc/group:/etc/group:ro -v /etc/shadow:/etc/shadow:ro   android_mm_build:latest /bin/bash

2.5 关于–privileged 参数

官网原文https://docs.docker.com/engine/reference/run/

–privileged Give extended privileges to this container.

By default, Docker containers are “unprivileged” and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a “privileged” container is given access to all devices (see the documentation on cgroups devices).

When the operator executes docker run --privileged, Docker will enable access to all devices on the host as well as set some configuration in AppArmor or SELinux to allow the container nearly all the same access to the host as processes running outside containers on the host. Additional information about running with --privileged is available on the Docker Blog.

大致是说,不带此参数启动的容器,是不能访问host的device的,而使用了此参数之后,就如同有了root权限,可以像在host上访问device一样,访问各种设备、文件和配置。

文章标签:
容器
Docker
Android开发
关键词:
Android源码
Docker error
Android Build
Docker disabled
Docker build
阿迷创客
目录
相关文章
计蒙不吃鱼
|
10月前
|
XML 搜索推荐 Android开发
Android改变进度条控件progressbar的样式(根据源码修改)
本文介绍了如何基于Android源码自定义ProgressBar样式。首先分析了系统源码中ProgressBar样式的定义,发现其依赖一张旋转图片实现动画效果。接着分两步指导开发者实现自定义:1) 模仿源码创建一个旋转动画XML文件(放置在drawable文件夹),修改图片为自定义样式;2) 在UI控件中通过`indeterminateDrawable`属性应用该动画。最终实现简单且个性化的ProgressBar效果,附带效果图展示。
计蒙不吃鱼
615 2
山东布谷科技_sun
|
11月前
|
NoSQL 应用服务中间件 PHP
布谷一对一直播源码android版环境配置流程及功能明细
部署需基于 CentOS 7.9 系统,硬盘不低于 40G,使用宝塔面板安装环境,包括 PHP 7.3(含 Redis、Fileinfo 扩展)、Nginx、MySQL 5.6、Redis 和最新 Composer。Swoole 扩展需按步骤配置。2021.08.05 后部署需将站点目录设为 public 并用 ThinkPHP 伪静态。开发环境建议 Windows 操作系统与最新 Android Studio,基础配置涉及 APP 名称修改、接口域名更换、包名调整及第三方登录分享(如 QQ、微信)的配置,同时需完成阿里云与腾讯云相关设置。
山东布谷科技_sun
270 5
游客lijmi4663rgsa
|
JavaScript Java Docker
干货含源码!如何用Java后端操作Docker(命令行篇)
只有锻炼思维才能可持续地解决问题,只有思维才是真正值得学习和分享的核心要素。如果这篇博客能给您带来一点帮助,麻烦您点个赞支持一下,还可以收藏起来以备不时之需,有疑问和错误欢迎在评论区指出~
游客lijmi4663rgsa
289 0
尹正杰
|
应用服务中间件 nginx Docker
Docker镜像-基于DockerFile制作编译版nginx镜像
这篇文章介绍了如何基于Dockerfile制作一个编译版的nginx镜像,并提供了详细的步骤和命令。
尹正杰
1679 17
Docker镜像-基于DockerFile制作编译版nginx镜像
阿迷创客
|
开发工具 uml git
AOSP源码下载方法,解决repo sync错误:android-13.0.0_r82
本文分享了下载AOSP源码的方法,包括如何使用repo工具和处理常见的repo sync错误,以及配置Python环境以确保顺利同步特定版本的AOSP代码。
阿迷创客
2903 0
AOSP源码下载方法,解决repo sync错误:android-13.0.0_r82
爱吃龙利鱼
|
网络协议 应用服务中间件 Linux
docker常见报错提示WARNING: IPv4 forwarding is disabled. Networking will not work.或/usr/bin/docker-current:
### 故障与解决方法概览 1. **故障现象**:运行 `docker run -d -P httpd:centos` 时提示“IPv4转发已禁用,网络将无法工作”。 - **解决方法**:通过编辑 `/etc/sysctl.conf` 设置 `net.ipv4.ip_forward=1` 并执行 `sysctl -p` 启用路由转发,然后重启 Docker 服务。
爱吃龙利鱼
891 0
阿迷创客
|
开发工具 Android开发 git
全志H713 Android 11 :给AOSP源码,新增一个Product
本文介绍了在全志H713 Android 11平台上新增名为myboard的产品的步骤,包括创建新的device目录、编辑配置文件、新增内核配置、记录差异列表以及编译kernel和Android系统的详细过程。
阿迷创客
1351 0
Liuqz2009
|
API 开发工具 Android开发
Android源码下载
Android源码下载
Liuqz2009
2433 0
ansondroider
|
存储 Ubuntu Linux
linphone android sdk 源码下载编译
linphone android sdk 源码下载编译
ansondroider
2073 0
linphone android sdk 源码下载编译
Coder个人博客
|
Ubuntu Java Linux
Android13源码下载及全编译流程
Android13源码下载及全编译流程
Coder个人博客
1273 0
Android13源码下载及全编译流程

热门文章

最新文章

  • 1
    最佳实践系列丨Docker EE 大规模部署指南(一)
  • 2
    Docker容器内Permission denied解决方法
  • 3
    推荐3款 Docker 认证的实用免费插件,帮助您快速构建云原生应用程序!
  • 4
    【云栖大会】Docker与阿里云达成战略合作 为企业级客户提供容器服务
  • 5
    Docker Enterprise 正式对 Windows Server 2019 提供支持服务
  • 6
    DeepFace【部署 03】轻量级人脸识别和面部属性分析框架deepface在Linux环境下服务部署(conda虚拟环境+docker)
  • 7
    Docker-compose 运行MySQL 连接不上
  • 8
    十一、Docker搭建部署SpringCloud微服务项目Demo(二)
  • 9
    【云原生】Docker网络Overlay搭建Consul实现跨主机通信
  • 10
    K8S 1.20 弃用 Docker 评估之 Docker 和 OCI 镜像格式的差别
  • 1
    Android与iOS的比较:哪个更适合你?
    739
  • 2
    Android 生成jar installable 控制生成的是dex还是class
    590
  • 3
    探索Android与iOS平台的安全性:一场永无止境的较量
    539
  • 4
    构建高效Android应用:Kotlin协程的实践指南
    235
  • 5
    构建高效Android应用:Kotlin协程的全面指南
    213
  • 6
    构建高效Android应用:采用Kotlin协程优化网络请求
    408
  • 7
    构建高效Android应用:Kotlin与Jetpack的实践之路未来技术的融合潮流:区块链、物联网与虚拟现实的交汇点
    195
  • 8
    提升Android应用性能的实用策略
    225
  • 9
    提升安卓应用性能的十大技巧
    321
  • 10
    Android 开发中的内存优化策略
    274

    • 相关课程

    更多
  • 基于Docker与Jenkins实现自动化部署
  • Docker 快速入门
  • Docker完全自学手册图文教程
  • 开源Android容器化框架Atlas开发者指南
  • AI开发者的Docker实践
  • Docker 入门

    • 相关电子书

    更多
  • 58同城Android客户端Walle框架演进与实践之路
  • Android组件化实现
  • 蚂蚁聚宝Android秒级编译——Freeline

    • 推荐镜像

    更多
  • docker-ce
  • docker-toolbox
    • 下一篇
    云安全中心:病毒查杀