Bug#891267: man-db: i386 or x32 mandb doesn't work due to seccomp filter
On Sat, Apr 28, 2018 at 06:00:00PM +0200, Mikulas Patocka wrote: > On Fri, 30 Mar 2018, Colin Watson wrote: > > Hm, OK. I mean, you could always just make sure that everything man > > needs to call matches, but I guess that's a bit fiddly. Fixed upstream, > > and will be in 2.8.3: > > > > > > https://git.savannah.gnu.org/cgit/man-db.git/commit/?id=770cd67aaf711b2cded9cbc2f9e503ca0f5e73ba > > Hi > > The bug is fixed. > > BTW. maybe you should also allow mixing arm, arm64 and arm64-ilp32 because > they may also be used simultaneously on one machine. I'm aware that these and other combinations are theoretically possible, but I'm holding off until somebody demonstrates an actual need for them rather than just "maybe", since adding them will bloat the seccomp filter and I believe there are practical space limits. -- Colin Watson [cjwat...@debian.org]
Bug#891267: man-db: i386 or x32 mandb doesn't work due to seccomp filter
On Sat, 28 Apr 2018, Mikulas Patocka wrote: > On Fri, 30 Mar 2018, Colin Watson wrote: > > > On Mon, Feb 26, 2018 at 05:54:39AM +0100, Mikulas Patocka wrote: > > > x32 is faster than amd64, so I am running Debian-amd64-sid with x32 > > > foreign architecture and with x32 dash, gcc and other packages. > > > > Hm, OK. I mean, you could always just make sure that everything man > > needs to call matches, but I guess that's a bit fiddly. Fixed upstream, > > and will be in 2.8.3: > > > > > > https://git.savannah.gnu.org/cgit/man-db.git/commit/?id=770cd67aaf711b2cded9cbc2f9e503ca0f5e73ba > > > > -- > > Colin Watson [cjwat...@debian.org] > > Hi > > The bug is fixed. > > BTW. maybe you should also allow mixing arm, arm64 and arm64-ilp32 because > they may also be used simultaneously on one machine. ... and MIPS and POWERPC can mix 32-bit and 64-bit binaries too. Mikulas
Bug#891267: man-db: i386 or x32 mandb doesn't work due to seccomp filter
On Fri, 30 Mar 2018, Colin Watson wrote: > On Mon, Feb 26, 2018 at 05:54:39AM +0100, Mikulas Patocka wrote: > > x32 is faster than amd64, so I am running Debian-amd64-sid with x32 > > foreign architecture and with x32 dash, gcc and other packages. > > Hm, OK. I mean, you could always just make sure that everything man > needs to call matches, but I guess that's a bit fiddly. Fixed upstream, > and will be in 2.8.3: > > > https://git.savannah.gnu.org/cgit/man-db.git/commit/?id=770cd67aaf711b2cded9cbc2f9e503ca0f5e73ba > > -- > Colin Watson [cjwat...@debian.org] Hi The bug is fixed. BTW. maybe you should also allow mixing arm, arm64 and arm64-ilp32 because they may also be used simultaneously on one machine. Mikulas
Bug#891267: man-db: i386 or x32 mandb doesn't work due to seccomp filter
On Mon, Feb 26, 2018 at 05:54:39AM +0100, Mikulas Patocka wrote: > x32 is faster than amd64, so I am running Debian-amd64-sid with x32 > foreign architecture and with x32 dash, gcc and other packages. Hm, OK. I mean, you could always just make sure that everything man needs to call matches, but I guess that's a bit fiddly. Fixed upstream, and will be in 2.8.3: https://git.savannah.gnu.org/cgit/man-db.git/commit/?id=770cd67aaf711b2cded9cbc2f9e503ca0f5e73ba -- Colin Watson [cjwat...@debian.org]
Bug#891267: man-db: i386 or x32 mandb doesn't work due to seccomp filter
On Sun, 25 Feb 2018, Colin Watson wrote: > On Fri, Feb 23, 2018 at 11:34:32PM +0100, Mikulas Patocka wrote: > > Mandb recently started to apply seccomp policy to its subprocesses. > > Unfortunatelly, the seccom policy is badly written, so that > > mandb for foreign architectures (i386 or x32) crashes. > > > >* What exactly did you do (or not do) that was effective (or > > ineffective)? > > > > Install man-db:i386 or man-db:x32 on an amd64 system, try to view some > > manpage and you'll get crashes. > > > > The bug also happens if you use man-db:amd64, but /bin/sh is pointing > > to i386 or x32 shell (i.e. if you install dash:i386 or dash:x32 and > > make it a default shell). > > I guess I could add some other likely architectures to the filter, but > it's not particularly clear which ones I should add in general. The > scenarios above seem like rather contrived situations: can you explain > how and why you have an installation like this so that I can better > understand it? > > -- > Colin Watson [cjwat...@debian.org] x32 is faster than amd64, so I am running Debian-amd64-sid with x32 foreign architecture and with x32 dash, gcc and other packages. Mikulas
Bug#891267: man-db: i386 or x32 mandb doesn't work due to seccomp filter
On Fri, Feb 23, 2018 at 11:34:32PM +0100, Mikulas Patocka wrote: > Mandb recently started to apply seccomp policy to its subprocesses. > Unfortunatelly, the seccom policy is badly written, so that > mandb for foreign architectures (i386 or x32) crashes. > >* What exactly did you do (or not do) that was effective (or > ineffective)? > > Install man-db:i386 or man-db:x32 on an amd64 system, try to view some > manpage and you'll get crashes. > > The bug also happens if you use man-db:amd64, but /bin/sh is pointing > to i386 or x32 shell (i.e. if you install dash:i386 or dash:x32 and > make it a default shell). I guess I could add some other likely architectures to the filter, but it's not particularly clear which ones I should add in general. The scenarios above seem like rather contrived situations: can you explain how and why you have an installation like this so that I can better understand it? -- Colin Watson [cjwat...@debian.org]
Bug#891267: man-db: i386 or x32 mandb doesn't work due to seccomp filter
Package: man-db Version: 2.8.1-1 Severity: normal Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? Mandb recently started to apply seccomp policy to its subprocesses. Unfortunatelly, the seccom policy is badly written, so that mandb for foreign architectures (i386 or x32) crashes. * What exactly did you do (or not do) that was effective (or ineffective)? Install man-db:i386 or man-db:x32 on an amd64 system, try to view some manpage and you'll get crashes. The bug also happens if you use man-db:amd64, but /bin/sh is pointing to i386 or x32 shell (i.e. if you install dash:i386 or dash:x32 and make it a default shell). * What was the outcome of this action? man with any man page fails with SIGSYS signals. * What outcome did you expect instead? mandb should work. *** End of the template - remove these template lines *** -- System Information: Debian Release: buster/sid APT prefers unreleased APT policy: (500, 'unreleased'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386, x32 Kernel: Linux 4.15.0-1-amd64 (SMP w/12 CPU cores) Locale: LANG=cs_CZ.utf8, LC_CTYPE=cs_CZ.utf8 (charmap=UTF-8), LANGUAGE=cs_CZ.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages man-db depends on: ii bsdmainutils 11.1.2 ii debconf [debconf-2.0] 1.5.65 ii dpkg 1.19.0.5 ii groff-base 1.22.3-10 ii libc6 2.26-6 ii libgdbm5 1.14.1-4 ii libpipeline1 1.5.0-1 ii libseccomp22.3.1-2.1 ii zlib1g 1:1.2.8.dfsg-5 man-db recommends no packages. Versions of packages man-db suggests: pn apparmor pn groff ii less487-0.1 ii lynx [www-browser] 2.8.9dev16-3 ii w3m [www-browser] 0.5.3-36 -- Configuration Files: /etc/manpath.config changed [not included] -- debconf information: man-db/auto-update: true man-db/install-setuid: false
