FS#67978 - [firefox] Endless seccomp sandbox violation messages fill system logs after startup

Attached to Project: Arch Linux
Opened by Michel Koss (MichelKoss1) - Wednesday, 23 September 2020, 22:25 GMT
Last edited by Jan Alexander Steffens (heftig) - Thursday, 24 September 2020, 18:49 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Jan de Groot (JGC)
Jan Alexander Steffens (heftig)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 3
Private No

Details

Description:

After launch it start to print seccomp sandbox violation messages in a loop which fills all system logs in a matter of time. Example below:

Sandbox: unsupported fd-relative fstatat(33, "", 0x772E6E40DEE0, 4096)
Sandbox: seccomp sandbox violation: pid 78, tid 78, syscall 262, args 33 105997348032911 131041301946080 4096 4096 1.
Sandbox: unsupported fd-relative fstatat(33, "", 0x772E6E40DDD0, 4096)
Sandbox: seccomp sandbox violation: pid 78, tid 78, syscall 262, args 33 105997348032911 131041301945808 4096 4096 1.
Sandbox: unsupported fd-relative fstatat(31, "", 0x78F29F2736B0, 4096)
Sandbox: seccomp sandbox violation: pid 132, tid 132, syscall 262, args 31 109526025425295 132983447566000 4096 4096 1.
Sandbox: unsupported fd-relative fstatat(31, "", 0x78F29F2735A0, 4096)
Sandbox: seccomp sandbox violation: pid 132, tid 132, syscall 262, args 31 109526025425295 132983447565728 4096 4096 1.
Sandbox: unsupported flags 2048 in fstatat(-100, "/home/user/.config/gtk-3.0/colors.css", 0x606762AFD8A0, 2304)
Sandbox: seccomp sandbox violation: pid 78, tid 101, syscall 262, args 4294967196 105997164508032 105997153589408 2304 2304 1.
Sandbox: unsupported flags 2048 in fstatat(-100, "/home/user/.config/gtk-3.0/colors.css", 0x606762AFD8A0, 2304)
Sandbox: seccomp sandbox violation: pid 78, tid 101, syscall 262, args 4294967196 105997164716736 105997153589408 2304 2304 1.
Sandbox: unsupported fd-relative fstatat(51, "", 0x772E6E40FCD0, 4096)


Adding syscall no 262 to whitelist is a temporary workaround.

Similar report for debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970196

I wasn't able to reproduce it in official firefox flatpak so this may be downstream issue.

Additional info:
* Firefox 80,81, fresh config

Steps to reproduce:
Launch firefox and observe flood of messages in journal.
This task depends upon

Closed by  Jan Alexander Steffens (heftig)
Thursday, 24 September 2020, 18:49 GMT
Reason for closing:  Fixed
Additional comments about closing:  firefox 81.0-2
Comment by loqs (loqs) - Thursday, 24 September 2020, 00:32 GMT
https://bugzilla.mozilla.org/show_bug.cgi?id=1660901 ?
Comment by Michel Koss (MichelKoss1) - Thursday, 24 September 2020, 10:35 GMT
@loqs thx, indeed this looks fairly similar (although there is no crash for me). Some Arch user reported that this is related to glib 2.66 and upstream ff fix solved it: https://bugzilla.mozilla.org/show_bug.cgi?id=1660901#c15

I would like to ask Arch to backport aforementioned patch https://hg.mozilla.org/mozilla-central/rev/80baa04419c4 to ff 81 because this bug is so annoying.
Comment by Magnus Boman (katt) - Thursday, 24 September 2020, 12:21 GMT
I had this bug at one point (2020-09-13), creating a 179GB xorg-session.log file before I realised something was up, restarting firefox made it go away though so I never reported it.
Comment by Jakub Gołębicki (ashton) - Thursday, 24 September 2020, 17:57 GMT
It's currently happening to me as well, for now untill it's resolved i linked .xsession-error to /dev/null since I was worried it'd affect my ssd

Loading...