On 29/08/17 05:43, Kamil Dudka wrote: > On Tuesday, August 29, 2017 10:49:17 AM CEST Pádraig Brady wrote: >> We plan to release coreutils-8.28 towards the end of this week, >> so any testing you can do on various different systems between now and then >> would be most welcome. >> >> -------------------------------------- >> >> You can download the coreutils snapshot in xz format (5.2 MB) from: >> https://pixelbeat.org/cu/coreutils-ss.tar.xz >> >> And verify with gpg or md5sum with: >> https://pixelbeat.org/cu/coreutils-ss.tar.xz.sig >> MD5 (coreutils-ss.tar.xz) = f38d980b63f88b66bf2415c3edf6313b >> >> -------------------------------------- >> >> To test follow this standard procedure: >> >> tar -xf coreutils-ss.tar.xz >> cd coreutils-8.27.99-3ebdc3/ >> ./configure && make check VERBOSE=yes >> >> Failures are reported and details are in tests/test-suite.log > > tests/misc/runcon-no-reorder.sh fails on my Fedora 25 VM if and only > if coreutils is compiled _without_ having libseccomp-devel installed: > > FAIL: tests/misc/runcon-no-reorder > ==================================
> + diff -u exp out > --- exp 2017-08-29 14:39:57.481307950 +0200 > +++ out 2017-08-29 14:39:57.486307987 +0200 > @@ -1 +1 @@ > -runcon: runcon may be used only on a SELinux kernel > +runcon: cannot create session Indeed my setsid() is not robust because one really needs to fork first (and check for -1 in the return). However I've investigated a bit more libseccomp doesn't provide that much protection. I.E. there are other ways to input to a tty when passing it to a lower privilege process. So it looks like libseccomp is not worth it, and I'll remove that before release I think. cheers, Pádraig
