FS#48608 - [libseccomp] is broken with linux 4.3+ on 32-bit
Attached to Project:
Arch Linux
Opened by Luke Shumaker (lukeshu) - Wednesday, 16 March 2016, 15:52 GMT
Last edited by Doug Newgard (Scimmia) - Wednesday, 01 June 2016, 03:50 GMT
Opened by Luke Shumaker (lukeshu) - Wednesday, 16 March 2016, 15:52 GMT
Last edited by Doug Newgard (Scimmia) - Wednesday, 01 June 2016, 03:50 GMT
|
Details
Description:
Linux 4.3 added[1] raw socket system calls as an alternative to socket calls on 32-bit x86 (they have always existed for 64-bit). libseccomp has its own system call table that must be kept in sync with the kernel's. Because libseccomp's table is no longer in sync with the kernel, seccomp filters socket() and friends fail with EFAULT. Actual breakage caused by this: systemd-nspawn is broken[2]. There is a patch to libseccomp that updates the table[3]. Systemd upstream recommends[2] that distros apply it on 32-bit if they are shipping linux >= 4.3 (until a new libseccomp release happens, anyway). The libseccomp developers say[3] to expect a new release soon, but that was more than 2 weeks ago. Additional info: * package version(s): libseccomp 2.2.3-1, linux >= 4.3 Steps to reproduce: I guess just try to trigger[2] by running systemd-nspawn on 32-bit. [1]: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9dea5dc921 [2]: https://github.com/systemd/systemd/issues/2177 [3]: https://github.com/seccomp/libseccomp/pull/22 |
This task depends upon
Closed by Doug Newgard (Scimmia)
Wednesday, 01 June 2016, 03:50 GMT
Reason for closing: Fixed
Additional comments about closing: libseccomp 2.3.0-1
Wednesday, 01 June 2016, 03:50 GMT
Reason for closing: Fixed
Additional comments about closing: libseccomp 2.3.0-1
Comment by
Luke Shumaker (lukeshu) -
Wednesday, 16 March 2016, 15:53 GMT
Opps, I accidentally put this in extra instead of core.
Comment by
Luke Shumaker (lukeshu) -
Wednesday, 01 June 2016, 03:37 GMT
libseccomp 2.3 has since come out, been packaged, and fixed this.