Re: [chrony-dev] Seccomp issue on Alpine linux
On Mon, May 29, 2023 at 04:07:37PM +0200, jvoisin wrote: > alpine:/home/jvoisin/chrony/test/system# ./099-scfilter > Testing system call filter in non-destructive tests: > level -1: > 001-minimal BAD > FAIL > alpine:/home/jvoisin/chrony/test/system# > ``` > > What would be the best way to find the root cause/blacklisted syscalls? Try running the failing test as "TEST_SCFILTER=1 ./001-minimal" and see the failing syscall number in the system or audit log. Thanks, -- Miroslav Lichvar -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
Re: [chrony-dev] Seccomp issue on Alpine linux
On 29/05/2023 09:16, Miroslav Lichvar wrote: > On Sun, May 28, 2023 at 07:32:12PM +0200, jvoisin wrote: >>> If you have extracted source code, can you please run these two tests >>> to confirm there are no other seccomp failures on musl? >>> >>> # cd test/system >>> # ./099-scfilter >>> # ./199-scfilter >>> >> >> I'd love to, but the latest master doesn't compile here: > > Compiling from git requires bison installed, or you can copy getdate.c > from a released tarball. It would be nice for `./configure` to check for this :/ Anyway, here are the results: ``` alpine:/home/jvoisin/chrony/test/system# ./199-scfilter Testing system call filter in destructive tests: level -1: 100-clockupdate BAD FAIL alpine:/home/jvoisin/chrony/test/system# ./099-scfilter Testing system call filter in non-destructive tests: level -1: 001-minimal BAD FAIL alpine:/home/jvoisin/chrony/test/system# ``` What would be the best way to find the root cause/blacklisted syscalls? -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
Re: [chrony-dev] Seccomp issue on Alpine linux
On Sun, May 28, 2023 at 07:32:12PM +0200, jvoisin wrote: > > If you have extracted source code, can you please run these two tests > > to confirm there are no other seccomp failures on musl? > > > > # cd test/system > > # ./099-scfilter > > # ./199-scfilter > > > > I'd love to, but the latest master doesn't compile here: Compiling from git requires bison installed, or you can copy getdate.c from a released tarball. -- Miroslav Lichvar -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
