Your message dated Sun, 16 Jun 2024 20:33:50 +0000
with message-id <[email protected]>
and subject line Bug#1071822: fixed in libseccomp 2.5.4-1+deb12u1
has caused the Debian Bug report #1071822,
regarding libseccomp2: missing support for newer syscalls like fchmodat2 in
bookworm(-backports)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1071822: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071822
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libseccomp
Version: 2.5.4-1
Severity: normal
X-Debbugs-Cc: [email protected]
Hi! When using Docker in bookworm (current stable) and trying to run
containers based on newer distributions (like the recently released
Alpine 3.20), they will sometimes attempt to invoke newer syscalls like
fchmodat2. Due to the way syscalls that libseccomp does not know about
interact with Docker's seccomp profiles, these sometimes get EPERM
instead of ENOSYS like they should, which breaks their fallback.
Is there any chance of getting these newer syscalls into some version in
bookworm? (backports is very acceptable, but it *seems* like this might
be appropriate for a stable update too? I very much defer to your
wisdom/experience! <3)
I think you're probably already way more aware than I am, but from my
own look at the changes in the 2.5.5 upstream release, they're pretty
minimal (a few typo fixes and the desired syscall table updates [1]), so
perhaps 2.5.5 would be appropriate/sufficient and it's not necessary to
backport the patch by itself?
[1]: https://github.com/seccomp/libseccomp/compare/v2.5.4...v2.5.5
-- System Information:
Debian Release: 12.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-21-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
--- End Message ---
--- Begin Message ---
Source: libseccomp
Source-Version: 2.5.4-1+deb12u1
Done: Felix Geyer <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libseccomp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Felix Geyer <[email protected]> (supplier of updated libseccomp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 25 May 2024 20:36:52 +0200
Source: libseccomp
Architecture: source
Version: 2.5.4-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Kees Cook <[email protected]>
Changed-By: Felix Geyer <[email protected]>
Closes: 1071822
Changes:
libseccomp (2.5.4-1+deb12u1) bookworm; urgency=medium
.
* Add support for syscalls up to Linux 6.7. (Closes: #1071822)
Checksums-Sha1:
b666765746207d3d8a9439b46dca6077e16a3ffb 2708 libseccomp_2.5.4-1+deb12u1.dsc
13e8fabc807fa3c905fb95ebfbd63bd2cfc7e1cc 18080
libseccomp_2.5.4-1+deb12u1.debian.tar.xz
Checksums-Sha256:
0ab1448c7206ee928f97a24d04300cfd3bb26babb4238c82fb71f507b5148595 2708
libseccomp_2.5.4-1+deb12u1.dsc
665fc6ad1b9887207b0af1a293a2d7975e2df503a2618d1808b970081f9672f6 18080
libseccomp_2.5.4-1+deb12u1.debian.tar.xz
Files:
7c6b56570726adf24e209a38b83deaf7 2708 libs optional
libseccomp_2.5.4-1+deb12u1.dsc
a997a8a045be9f5e0444f8e78b5d940e 18080 libs optional
libseccomp_2.5.4-1+deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEFkxwUS95KUdnZKtW/iLG/YMTXUUFAmZt08wACgkQ/iLG/YMT
XUVo6w/7BgIH0m46GmGpfrVK4AZybVUaZtyyMBgYTpv8BOEJDoRrDmqzQJ+UBe57
MkfK9uNbJj5z1T5lsRa13kXkEe8/LV5kHjUypB7glZzKHjemAlMyIpIM3i0yPga/
s5ASTTyrzw/NxcjHlveUoG7WXIBXjyyP2gnXi8xRsm1oHwt+yTbERdv5PSk69jrP
UVOkawS4ySBwmz+kexzGLK/AS5f1lwmAFNrCtAwfvTVHlZhf4W3F90YvN9Y3MpyZ
3rj8/JTAgr9PFPUGh1favF0CqpM1zDa6GKQupkfPOGvd7gYv819VH9WJkCzv9ORI
tyYWFx/yz0+4t3I5um2FHeHJUMkJW9taJmVaHTwvSxZjC2dtw5JhwKm1IlUQ7vsM
ejAy742fwde8fZQ1YAnzOj1NQOG2XmcKpJCr9r8AAtalNhfKP2/fH9FjsWZUEXIo
E6yCvOj2gqysveDHnr224Y3dO7kAAkMk2iVDczufx8Yr5LeMaPY4jzAjSUT2vwlH
tj+nJrJAz81nuQi+EvYGDNak3LRo8r3Ro6oiZ4XKjEz/U7M7Ed+YrFPHbVK5AmTc
CTrMtLij/AZlhJJbehpAN4wlnllzJ5bKXbSQ3u9AjNG2hlucK6B6B+RPkRwqaDbL
W6pYH1ur1F5zEGAjdUYxjETmX/70jsw+XLFTUiCTkfQXL7iVfK8=
=oiwi
-----END PGP SIGNATURE-----
pgpwiRELyuuc1.pgp
Description: PGP signature
--- End Message ---