** Changed in: libseccomp (Ubuntu Xenial)
Status: Confirmed => In Progress
** Changed in: libseccomp (Ubuntu Bionic)
Status: Confirmed => In Progress
** Changed in: libseccomp (Ubuntu Focal)
Status: Confirmed => In Progress
** Changed in: libseccomp (Ubuntu Groovy)
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: libseccomp (Ubuntu Groovy)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891810
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: libseccomp (Ubuntu Focal)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891810
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: libseccomp (Ubuntu Bionic)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891810
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: libseccomp (Ubuntu Xenial)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891810
** Changed in: libseccomp (Ubuntu Xenial)
Importance: Undecided => Medium
** Changed in: libseccomp (Ubuntu Focal)
Importance: Undecided => Medium
** Changed in: libseccomp (Ubuntu Groovy)
Importance: Undecided => Medium
** Changed in: libseccomp (Ubuntu Hirsute)
Importance:
** Patch added: "libseccomp_2.5.1-1ubuntu1~20.04.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1891810/+attachment/5476578/+files/libseccomp_2.5.1-1ubuntu1~20.04.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Patch added: "libseccomp_2.5.1-1ubuntu1~20.10.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1891810/+attachment/5476579/+files/libseccomp_2.5.1-1ubuntu1~20.10.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Patch added: "libseccomp_2.5.1-1ubuntu1~18.04.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1891810/+attachment/5476577/+files/libseccomp_2.5.1-1ubuntu1~18.04.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Description changed:
- The version of libseccomp2 in bionic does not know about the openat2
- syscall.
+ [Impact]
- In my particular usecase, I was trying to run podman/buildah in an
- nspawn container, using fuse-overlayfs. This leads to peculiar failure
- modes as described in this issue:
Updating libseccomp to 2.5.1 breaks the systemd unit tests on ppc64el
since the behaviour around filtering of the multiplexed socket() system
call changes - as such a fix for systemd in
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1918696 is also
required.
--
You received this bug
** Also affects: libseccomp (Ubuntu Hirsute)
Importance: Undecided
Assignee: Alex Murray (alexmurray)
Status: New
** Changed in: libseccomp (Ubuntu Hirsute)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Ah, looks like I don't need to do anything for focal's systemd-nspawn
other than add openat2 to SyscallFilters= in the .nspawn file. With
that, and the seccomp from the PPA, everything seems OK - thank you!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
OK, this is getting complicated. seccomp 2.5.0 and systemd-nspawn both
have bugs which when combined cause most/all syscall filters to actually
be disabled! See
https://github.com/seccomp/libseccomp/issues/273#issuecomment-668458070
So I think your new packages are probably OK, but as they pull
Attached is a trivial test case, needs to be run in a container by a
container manager that uses seccomp for syscall filtering (e.g. nspawn.)
It should either silently succeed or print "openat2: Function not
implemented" ; if seccomp combined with the container manager (e.g.
nspawn) blocks the
Hmm, I tested with libseccomp2_2.5.1-0ubuntu0.20.04.1_test4_amd64.deb
from the PPA and it doesn't seem to fix the openat2 problem - just
realised I should have added I'm now using focal not bionic for my
container host.. will try to investigate why once I'm back on my desktop
machine.
--
You
I have packages for 2.5.1 in the ubuntu-security-proposed PPA at
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa if
you would like to give them a try I would appreciate any feedback etc.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Any progress on this? I've just run into it again, and due to my
appalling memory have spent two hours debugging and now discovered my
own bug report again :/
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Also affects: libseccomp (Ubuntu Groovy)
Importance: Undecided
Assignee: Alex Murray (alexmurray)
Status: New
** Also affects: libseccomp (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: libseccomp (Ubuntu Bionic)
Importance: Undecided
I was planning on doing an SRU to backport
b3206ad5645dceda89538ea8acc984078ab697ab for openat2 etc anyway so
assigning this to me.
** Changed in: libseccomp (Ubuntu)
Assignee: (unassigned) => Alex Murray (alexmurray)
--
You received this bug notification because you are a member of Ubuntu
Actually, I recommend not looking at 2.5.0 or master until
https://github.com/seccomp/libseccomp/issues/273 is fixed! Definitely a
security issue.
** Bug watch added: github.com/seccomp/libseccomp/issues #273
https://github.com/seccomp/libseccomp/issues/273
--
You received this bug
21 matches
Mail list logo
