Control: fixed -1 libseccomp/2.5.5-1


On 25.05.24 08:48, Tianon Gravi wrote:
Source: libseccomp
Version: 2.5.4-1
Severity: normal

Hi!  When using Docker in bookworm (current stable) and trying to run
containers based on newer distributions (like the recently released
Alpine 3.20), they will sometimes attempt to invoke newer syscalls like
fchmodat2.  Due to the way syscalls that libseccomp does not know about
interact with Docker's seccomp profiles, these sometimes get EPERM
instead of ENOSYS like they should, which breaks their fallback.

Is there any chance of getting these newer syscalls into some version in
bookworm? (backports is very acceptable, but it *seems* like this might
be appropriate for a stable update too?  I very much defer to your
wisdom/experience! <3)

I think this is suitable for a stable update. At least I've pushed the same
kind of change to bullseye.
I've opened #1071920 for the release team.

I think you're probably already way more aware than I am, but from my
own look at the changes in the 2.5.5 upstream release, they're pretty
minimal (a few typo fixes and the desired syscall table updates [1]), so
perhaps 2.5.5 would be appropriate/sufficient and it's not necessary to
backport the patch by itself
While the source changes of 2.5.5 look reasonably small, it looks different
when you diff the tarballs with pre-generated C and autotools files.
That's why I prefer to cherry-pick the commit.


Reply via email to