Am 10/04/2024 um 14:17 schrieb Wolfgang Bumiller: > With apparmor 4, when recvmsg() calls are checked by the apparmor LSM > they will always return EINVAL. > This causes very weird issues when apparmor profiles are in use, and a > lot of networking issues in containers (which are always using > apparmor). > > When coming from sys_recvmsg, msg->msg_namelen is explicitly set to > zero early on. (see ____sys_recvmsg in net/socket.c) > We still end up in 'map_addr' where the assumption is that addr != > NULL means addrlen has a valid size. > > This is likely not a final fix, it was suggested by jjohansen on irc > to get things going until this is resolved properly. > > Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> > --- > ...pect-msg_namelen-0-for-recvmsg-calls.patch | 31 +++++++++++++++++++ > 1 file changed, 31 insertions(+) > create mode 100644 > patches/kernel/0012-apparmor-expect-msg_namelen-0-for-recvmsg-calls.patch > >
applied, thanks! _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
