Your message dated Wed, 8 Nov 2023 07:36:49 +0000
with message-id <[email protected]>
and subject line Re: Bug#968073: Acknowledgement (libseccomp2: backport to
avoid blocking new syscalls)
has caused the Debian Bug report #968073,
regarding libseccomp2: backport to avoid blocking new syscalls
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
968073: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968073
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libseccomp2
Version: 2.3.3-4
X-Debbugs-CC: [email protected], [email protected], [email protected],
[email protected]
Severity: important
This version of libseccomp2 does not recognize 64-bit
time-related syscalls, such as `clock_gettime64`,
returning EPERM to them by deefault.
This will not cause problem when vDSO is successfully used
because no syscall is actually invoked. But when vDSO is disabled
or it falls back to syscall, disaster will happen.
In my case, I install Docker on Debian buster armhf with latest
packages on a Raspberry Pi. When using `ubuntu:20.04` image,
almost every program (like date, tar, apt) needing time will
fail due to `clock_gettime64` is blocked by libseccomp2.
This will affect all syscalls used in new glibc / vDSO fallback
but unknown to libseccomp2, which is a serious problem.
This could not be solved by simply modifying seccomp profiles
for old version of libseccomp2 does not recognize these syscalls
at all. However upgrading it to testing (2.4.3-1) could solve it.
I recommend backport the patches of libseccomp2 to buster,
or just upgrade its version (>= 2.4.2).
Some references (also containing patches):
Ubuntu[1][2], Fedora[3], lwn.net[4], libseccomp[5]
[1]: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1876055
[2]: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1868720
[3]: https://bugzilla.redhat.com/show_bug.cgi?id=1770154
[4]: https://lwn.net/Articles/795128/
[5]: https://github.com/seccomp/libseccomp/releases/tag/v2.4.2
Cheers,
--
Shengqi Chen
--- End Message ---
--- Begin Message ---
Version: 2.4.2-1
Sorry for the late response. Fix confirmed.
--
Shengqi Chen
> 2020年8月8日 12:03,Debian Bug Tracking System <[email protected]> 写道:
>
> Thank you for filing a new Bug report with Debian.
>
> You can follow progress on this Bug here: 968073:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968073.
>
> This is an automatically generated reply to let you know your message
> has been received.
>
> Your message is being forwarded to the package maintainers and other
> interested parties for their attention; they will reply in due course.
>
> As you requested using X-Debbugs-CC, your message was also forwarded to
> [email protected], [email protected], [email protected], [email protected]
> (after having been given a Bug report number, if it did not have one).
>
> Your message has been sent to the package maintainer(s):
> Kees Cook <[email protected]>
>
> If you wish to submit further information on this problem, please
> send it to [email protected].
>
> Please do not send mail to [email protected] unless you wish
> to report a problem with the Bug-tracking system.
>
> --
> 968073: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968073
> Debian Bug Tracking System
> Contact [email protected] with problems
--- End Message ---
