So to summarize: in zesty, artful `scmp_sys_resolver -a x86 socket` will
return: `-101`. The syscalls are still there in the kernel and libc its
just that libseccomp reports a pseudo number again (which it did not in
xenial).
The reason why we are seeing negative syscall numbers from libseccomp
Fwiw, this is longer working on zesty and newer:
"""
#include
#include
int main(int argc, char **argv) {
int sys_num = seccomp_syscall_resolve_name("socket");
printf("%d ", sys_num);
}
"""
returns -101 now. I think I know what is going on and will provide a patch
shortly.
--
You
** Also affects: glibc (Ubuntu Zesty)
Importance: Undecided
Status: New
** Also affects: libseccomp (Ubuntu Zesty)
Importance: Undecided
Status: New
** Also affects: glibc (Ubuntu Artful)
Importance: High
Status: Fix Released
** Also affects: libseccomp (Ubuntu
FYI, >=16.10 has libseccomp >= 2.3. xenial has 2.2.3-3ubuntu3 that
includes updated syscall tables for this (https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=809556 and
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1554098).
>=16.04 have 4.4 kernels and updated glibc.
** Bug watch
** Also affects: glibc (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: libseccomp (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: glibc (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: libseccomp (Ubuntu
While this bug is still open, developers may either:
* install snaps with --devmode (eg, snap install --devmode /path/to/snap)
* add 'socketcall' to /var/lib/snapd/seccomp/profiles/snap.your.app
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: libseccomp (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1576066
Title:
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: glibc (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1576066
Title:
hello-world.sh that is.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1576066
Title:
32bit glibc calls old socketcall() syscall, causing seccomp problems
To manage notifications about this bug go
Note, this affects even hello-world.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1576066
Title:
32bit glibc calls old socketcall() syscall, causing seccomp problems
To manage notifications about
** Changed in: libseccomp (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1576066
Title:
32bit glibc calls old socketcall() syscall, causing seccomp problems
@Jamie, the gnome-calculator one on i386 with confinment enabled hits a
system call error, I'm happy to test candidate debs if that's useful
** Tags added: snap-desktop-issue
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I'll take a look at this. I'll try an updated libseccomp with xenial's
glibc and a > 4.2 kernel and if this works, I'll pursue an SRU. Is there
a simple test case or snap that I can use to verify it is broken with
old seccomp and working with new?
** Changed in: libseccomp (Ubuntu)
Importance:
** Also affects: libseccomp (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1576066
Title:
32bit glibc calls old socketcall() syscall, causing
Hi, glibc was updated to use the new syscalls in 16.04, and does not use
socketcall. Previous editions should not be updated.
However the problem that Sebastien has, and has also been reported to
Docker, is that libseccomp in 16.04 has not been updated to 2.3.0 which
supports the direct non
setting to high, that makes some snap not work on i386
** Changed in: glibc (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1576066
Title:
32bit glibc calls
16 matches
Mail list logo