Still working out kinks in the above, but here's a simpler one. Needs
running in an nspawn container again (steps 1-2 above); should either
succeed (no output) or print "function not implemented", but without
seccomp support nspawn will block it and it will print "not permitted"
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int main()
{
if(syscall(436, 0, 0, 0)) {
perror("close_range");
exit(1);
}
exit(0);
}
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1944436
Title:
Please backport support for "close_range" syscall
Status in libseccomp package in Ubuntu:
New
Bug description:
Please backport support for the "close_range" syscall .. may be as
simple as cherrypicking
https://github.com/seccomp/libseccomp/commit/01e5750e7c84bb14e5a5410c924bed519209db06
from upstream. I've hit problems running buildah in a systemd-nspawn
container, but this will probably affect people trying to run modern
code in other container systems as well, e.g. docker.
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: libseccomp2 2.5.1-1ubuntu1~20.04.1
ProcVersionSignature: Ubuntu 5.4.0-84.94-generic 5.4.133
Uname: Linux 5.4.0-84-generic x86_64
ApportVersion: 2.20.11-0ubuntu27.20
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: Xpra
Date: Tue Sep 21 15:10:54 2021
InstallationDate: Installed on 2017-01-08 (1717 days ago)
InstallationMedia: Xubuntu 16.04 LTS "Xenial Xerus" - Release amd64
(20160420.1)
SourcePackage: libseccomp
UpgradeStatus: Upgraded to focal on 2021-09-02 (19 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1944436/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
