I tried to #undef __NR_socket in the systemd sources, to see where this
value is actually being used. Turns out it is in
https://github.com/systemd/systemd/blob/master/src/nspawn/nspawn.c#L1577
in setup_seccomp():
r = seccomp_rule_add(
seccomp,
SCMP_ACT_ERRNO(EAFNOSUPPORT),
SCMP_SYS(socket),
2,
SCMP_A0(SCMP_CMP_EQ, AF_NETLINK),
SCMP_A2(SCMP_CMP_EQ, NETLINK_AUDIT));
if (r < 0) {
log_error_errno(r, "Failed to add audit seccomp rule: %m");
where SCMP_SYS is a macro from libseccomp-dev (/usr/include/seccomp.h):
/**
* Convert a syscall name into the associated syscall number
* @param x the syscall name
*/
#define SCMP_SYS(x) (__NR_##x)
So this links the new syscall definition to seccomp. Apparently
seccomp_rule_add() (in the same seccomp.h file) behaves differently if
the syscall is defined. I just wonder how this actually built on i386
with the 4.2.0 kernel headers which did not have __NR_socket defined?
With current 4.3 kernel headers, the value of SCMP_SYS(socket) == 359,
as defined above. With the previous 4.2 kernel headers, the value is
4294967195 == 0xFFFFFF9B instead, apparently some auto-generated value.
So this explains how it built before.
So it looks like this might be between libseccomp and the kernel now?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1526358
Title:
xenial/i386 regression: nspawn fails with "Failed to add audit seccomp
rule: Bad address"
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1526358/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
