Public bug reported: Whenever I start chromium's snap, I get the following messages:
Aug 6 10:50:08 simon-lemur kernel: [10608.138795] audit: type=1326 audit(1596725407.998:159): auid=1000 uid=1000 gid=1000 ses=2 pid=32290 comm="chrome" exe="/snap/chromium/1244/usr/lib/chromium-browser/chrome" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f8f31df4b9f code=0x50000 ...{repeats 3 times}... Aug 6 10:50:08 simon-lemur org.gnome.Shell.desktop[3092]: WARNING: Kernel has no file descriptor comparison support: Operation not permitted Aug 6 10:50:08 simon-lemur kernel: [10608.433753] audit: type=1326 audit(1596725408.290:163): auid=1000 uid=1000 gid=1000 ses=2 pid=32290 comm="ThreadPoolForeg" exe="/snap/chromium/1244/usr/lib/chromium-browser/chrome" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7f8f2b614959 code=0x50000 ...{repeats 4 times}... According to https://github.com/torvalds/linux/blob/master/arch/x86/entry/syscalls/syscall_64.tbl, it seems that syscall 203 is sys_sched_setaffinity and 312 is sys_kcmp. The blocking of sys_kcmp could probably explain the "WARNING: Kernel has no file descriptor comparison support: Operation not permitted" message from org.gnome.Shell.desktop. Additional information $ uname -a Linux simon-lemur 5.4.0-42-generic #46~18.04.1-Ubuntu SMP Fri Jul 10 07:21:24 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ lsb_release -rd Description: Ubuntu 18.04.4 LTS Release: 18.04 $ apt-cache policy snapd snapd: Installed: 2.45.1+18.04.2 Candidate: 2.45.1+18.04.2 Version table: *** 2.45.1+18.04.2 500 500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages 100 /var/lib/dpkg/status 2.32.5+18.04 500 500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages $ snap info chromium name: chromium summary: Chromium web browser, open-source version of Chrome publisher: Canonical✓ store-url: https://snapcraft.io/chromium contact: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bugs?field.tag=snap license: unset description: | An open-source browser project that aims to build a safer, faster, and more stable way for all Internet users to experience the web. commands: - chromium.chromedriver - chromium snap-id: XKEcBqPM06H1Z7zGOdG5fbICuf8NWK5R tracking: latest/stable refresh-date: 7 days ago, at 11:45 EDT channels: latest/stable: 84.0.4147.105 2020-07-30 (1244) 166MB - latest/candidate: 84.0.4147.105 2020-07-30 (1244) 166MB - latest/beta: 85.0.4183.49 2020-07-31 (1248) 167MB - latest/edge: 86.0.4221.3 2020-08-05 (1257) 167MB - installed: 84.0.4147.105 (1244) 166MB - ** Affects: chromium-browser (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890625 Title: chromium: missing syscalls whitelist from seccomp To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1890625/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs