** Description changed: following up the libseccomp SRU to handle newer syscalls: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1876055 docker needs to be updated to support newer syscalls including: 403: clock_gettime64 404: clock_settime64 405: clock_adjtime64 406: clock_getres_time64 407: clock_nanosleep_time64 408: timer_gettime64 409: timer_settime64 410: timerfd_gettime64 411: timerfd_settime64 412: utimensat_time64 413: pselect6_time64 414: ppoll_time64 - here are the relevant changes in moby: - https://github.com/moby/moby/pull/40739/files - these changes need to be applied to the docker.io file "components/engine/profiles/seccomp/default.json" - (moby sources are included in docker.io sources) + here are the relevant changes to backport: + https://github.com/docker/docker-ce/commit/3c5d28f12ba6f3839ae77837633372993a073f57 here is a testcase that ends up calling utimensat_time64 via docker: cd /tmp && git clone https://github.com/xantares/test-seccomp-time64.git && docker build test-seccomp-time64 this affects bionic, but also focal as the same version 19.03 is used
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1886831 Title: whitelist 64-bit time_t syscalls To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1886831/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
