On 11/21/21 8:14 AM, Reinhard Tartler wrote:
> Source: docker.io
> Version: 20.10.5+dfsg1-1
> Severity: serious
> Justification: FTBFS - prevents depending packages from migrating
>
> the docker.io package FTBFS on mipsen in the same way:
>
> -
> https://buildd.debian.org/status/fetch.php?pkg=docker.io&arch=mips64el&ver=20.10.10%2Bdfsg1-1&stamp=1636015943&raw=0
> -
> https://buildd.debian.org/status/fetch.php?pkg=docker.io&arch=mipsel&ver=20.10.10%2Bdfsg1-1&stamp=1636015191&raw=0
>
> === Failed
> === FAIL: profiles/seccomp TestUnmarshalDefaultProfile (0.15s)
> seccomp_test.go:68: assertion failed:
> --- expected.Syscalls
> +++ profile.Syscalls
> []*seccomp.Syscall{
> ... // 14 identical elements
> &{Names: {"clone"}, Action: "SCMP_ACT_ALLOW", Args: {&{Value:
> 2114060288, Op: "SCMP_CMP_MASKED_EQ"}}, Excludes: {Caps: {"CAP_SYS_ADMIN"},
> Arches: {"s390", "s390x"}}},
> &{Names: {"clone"}, Action: "SCMP_ACT_ALLOW", Args: {&{Index:
> 1, Value: 2114060288, Op: "SCMP_CMP_MASKED_EQ"}}, Comment: "s390 parameter
> ordering for clone is different", ...},
> &{
> Name: "",
> Names: {"clone3"},
> Action: "SCMP_ACT_ERRNO",
> - ErrnoRet: &89,
> + ErrnoRet: &38,
> Args: {},
> Comment: "",
> ... // 2 identical fields
> },
> &{Names: {"reboot"}, Action: "SCMP_ACT_ALLOW", Args: {},
> Includes: {Caps: {"CAP_SYS_BOOT"}}, ...},
> &{Names: {"chroot"}, Action: "SCMP_ACT_ALLOW", Args: {},
> Includes: {Caps: {"CAP_SYS_CHROOT"}}, ...},
> ... // 8 identical elements
> }
>
I've been looking at the upstream source code changes:
https://github.com/moby/moby/commits/master/profiles/seccomp
but it's not obvious (at least not to me) which might be related. I'm aware
that there have been "recent" glibc changes
wrt to the clone3 syscall that required adaptation in docker and podman, but
I'm a bit surprised to see this issue on mipsen only.
-rt
