subject:"\[systemd\-devel\] syscvall\-filters killing CGI after update to Fedora 33"

Re: [systemd-devel] syscvall-filters killing CGI after update to Fedora 33

2021-04-22 Thread Lennart Poettering

On Mo, 19.04.21 18:24, Reindl Harald (h.rei...@thelounge.net) wrote:

> after a long time using this SystemCallFilter perl-cgi with Fedora 33 get
> killed - anyone an idea what changed that's obviously covered by the second
> line
>
> SystemCallFilter=@system-service @network-io @privileged
> SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount
> @obsolete @raw-io @reboot @resources @swap

@resources is included in @system-service for a reason: it's syscalls
are typically used by programs. Regular system service use it, and
that's totally OK and expected.

i.e. the basically explicitly created a configuration that can't
work. My recommendation: just drop the second line altogether. Your
first line implements an allowlist already, hence besides the
@resources thing the second line is entirely redundant, and the
@resources stuff you really don't want.

> either the blacklist of the new systemd version convers more than before or
> something changed in the perl stack

Yeah, programs change the APIs they use. System call filters needs to
be put together with an undrstanding what the programs do, and hence
are besten already put togther upstream or by the distro. If you do it
downstream you might run into issues like this.

The idea of @system-service is that it mostly tries to isolate you
from this, but in your case you overrode what it does, so it fell apart.

Lennart

--
Lennart Poettering, Berlin
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] syscvall-filters killing CGI after update to Fedora 33

2021-04-21 Thread Dan Nicholson

On Mon, Apr 19, 2021 at 10:24 AM Reindl Harald  wrote:
>
> after a long time using this SystemCallFilter perl-cgi with Fedora 33
> get killed - anyone an idea what changed that's obviously covered by the
> second line
>
> SystemCallFilter=@system-service @network-io @privileged
> SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount
> @obsolete @raw-io @reboot @resources @swap
>
> either the blacklist of the new systemd version convers more than before
> or something changed in the perl stack
>
> -
>
> Process 7723 (mailgraph.cgi) of user 48 dumped core.#012#012Stack trace
> of thread 7723:#012#0  0x7f14be8e955d syscall (libc.so.6 +
> 0xfc55d)#012#1  0x7f14be2959d2 g_thread_pool_new (libglib-2.0.so.0 +
> 0x839d2)#012#2  0x7f14bde5ae5c g_task_get_type_once (libgio-2.0.so.0
> + 0xabe5c)#012#3  0x7f14bde5af85 g_task_get_type (libgio-2.0.so.0 +
> 0xabf85)#012#4  0x7f14bde5b09d g_task_new (libgio-2.0.so.0 +
> 0xac09d)#012#5  0x7f14bdfd2c4e pango_fc_font_map_init
> (libpangoft2-1.0.so.0 + 0xac4e)#012#6  0x7f14be37db97

I think the following change in pango is now making it spawn a thread
where it didn't before.

https://gitlab.gnome.org/GNOME/pango/-/commit/e4e7a76a173620394a4bff9738d9b156c40e8c45

--
Dan
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] syscvall-filters killing CGI after update to Fedora 33

2021-04-19 Thread Reindl Harald

after a long time using this SystemCallFilter perl-cgi with Fedora 33 
get killed - anyone an idea what changed that's obviously covered by the 
second line


SystemCallFilter=@system-service @network-io @privileged
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount 
@obsolete @raw-io @reboot @resources @swap


either the blacklist of the new systemd version convers more than before 
or something changed in the perl stack


-

Process 7723 (mailgraph.cgi) of user 48 dumped core.#012#012Stack trace 
of thread 7723:#012#0  0x7f14be8e955d syscall (libc.so.6 + 
0xfc55d)#012#1  0x7f14be2959d2 g_thread_pool_new (libglib-2.0.so.0 + 
0x839d2)#012#2  0x7f14bde5ae5c g_task_get_type_once (libgio-2.0.so.0 
+ 0xabe5c)#012#3  0x7f14bde5af85 g_task_get_type (libgio-2.0.so.0 + 
0xabf85)#012#4  0x7f14bde5b09d g_task_new (libgio-2.0.so.0 + 
0xac09d)#012#5  0x7f14bdfd2c4e pango_fc_font_map_init 
(libpangoft2-1.0.so.0 + 0xac4e)#012#6  0x7f14be37db97 
g_type_create_instance (libgobject-2.0.so.0 + 0x39b97)#012#7 
0x7f14be3668c5 g_object_new_internal (libgobject-2.0.so.0 + 
0x228c5)#012#8  0x7f14be36769d g_object_new_with_properties 
(libgobject-2.0.so.0 + 0x2369d)#012#9  0x7f14be368311 g_object_new 
(libgobject-2.0.so.0 + 0x24311)#012#10 0x7f14be5f4d63 rrd_graph_init 
(librrd.so.8 + 0x1cd63)#012#11 0x7f14be5ef33a rrd_graph_v 
(librrd.so.8 + 0x1733a)#012#12 0x7f14be5f3653 rrd_graph (librrd.so.8 
+ 0x1b653)#012#13 0x7f14be639318 n/a (RRDs.so + 0x6318)#012#14 
0x7f14beac02b7 Perl_pp_entersub (libperl.so.5.32 + 0x1082b7)#012#15 
0x7f14beab8040 Perl_runops_standard (libperl.so.5.32 + 
0x100040)#012#16 0x7f14bea36c6c perl_run (libperl.so.5.32 + 
0x7ec6c)#012#17 0x556a6005934a main (perl + 0x134a)#012#18 
0x7f14be8151e2 __libc_start_main (libc.so.6 + 0x281e2)#012#19 
0x556a6005938e _start (perl + 0x138e)


Process 2374487 (smokeping_cgi) of user 48 dumped core.#012#012Stack 
trace of thread 2374487:#012#0  0x7f1b1850655d syscall (libc.so.6 + 
0xfc55d)#012#1  0x7f1b17e409d2 g_thread_pool_new (libglib-2.0.so.0 + 
0x839d2)#012#2  0x7f1b17a05e5c g_task_get_type_once (libgio-2.0.so.0 
+ 0xabe5c)#012#3  0x7f1b17a05f85 g_task_get_type (libgio-2.0.so.0 + 
0xabf85)#012#4  0x7f1b17a0609d g_task_new (libgio-2.0.so.0 + 
0xac09d)#012#5  0x7f1b17b7dc4e pango_fc_font_map_init 
(libpangoft2-1.0.so.0 + 0xac4e)#012#6  0x7f1b17f28b97 
g_type_create_instance (libgobject-2.0.so.0 + 0x39b97)#012#7 
0x7f1b17f118c5 g_object_new_internal (libgobject-2.0.so.0 + 
0x228c5)#012#8  0x7f1b17f1269d g_object_new_with_properties 
(libgobject-2.0.so.0 + 0x2369d)#012#9  0x7f1b17f13311 g_object_new 
(libgobject-2.0.so.0 + 0x24311)#012#10 0x7f1b1819fd63 rrd_graph_init 
(librrd.so.8 + 0x1cd63)#012#11 0x7f1b1819a33a rrd_graph_v 
(librrd.so.8 + 0x1733a)#012#12 0x7f1b1819e653 rrd_graph (librrd.so.8 
+ 0x1b653)#012#13 0x7f1b181fc318 n/a (RRDs.so + 0x6318)#012#14 
0x7f1b186dd2b7 Perl_pp_entersub (libperl.so.5.32 + 0x1082b7)#012#15 
0x7f1b186d5040 Perl_runops_standard (libperl.so.5.32 + 
0x100040)#012#16 0x7f1b18653c6c perl_run (libperl.so.5.32 + 
0x7ec6c)#012#17 0x5599a814734a main (perl + 0x134a)#012#18 
0x7f1b184321e2 __libc_start_main (libc.so.6 + 0x281e2)#012#19 
0x5599a814738e _start (perl + 0x138e)

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] syscvall-filters killing CGI after update to Fedora 33

Re: [systemd-devel] syscvall-filters killing CGI after update to Fedora 33

[systemd-devel] syscvall-filters killing CGI after update to Fedora 33

3 matches

Site Navigation

Mail list logo

Footer information