From: "Basil L. Contovounesios" via "Bug reports for GNU Emacs, the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org>
To: Philipp Stephani <p.stephani2@gmail.com>
Cc: Glenn Morris <rgm@gnu.org>, 56359@debbugs.gnu.org
Subject: bug#56359: seccomp test failures on RHEL 9.0
Date: Sat, 20 Aug 2022 15:37:16 +0300 [thread overview]
Message-ID: <87y1vjay6b.fsf@tcd.ie> (raw)
In-Reply-To: <2094647B-7360-41F4-8AB0-ADFC835288E8@gmail.com> (Philipp Stephani's message of "Sat, 16 Jul 2022 12:50:01 +0200")
[-- Attachment #1: Type: text/plain, Size: 303 bytes --]
Philipp Stephani [2022-07-16 12:50 +0200] wrote:
>> Am 16.07.2022 um 01:35 schrieb Glenn Morris <rgm@gnu.org>:
>>
>> Philipp Stephani wrote:
>>
>>> Does the attached patch fix the issue?
>>
>> Not entirely. I have to also allow "clone3", then it passes.
Just adding that I get the same on Debian:
[-- Attachment #2: test-out.log --]
[-- Type: text/plain, Size: 31319 bytes --]
$ make test/emacs-tests
make -C test emacs-tests
make[1]: Entering directory '/home/blc/.local/src/emacs/test'
make[2]: Entering directory '/home/blc/.local/src/emacs/test'
GEN src/emacs-tests.log
Running 7 tests (2022-08-20 13:47:47+0300, selector `(not (or (tag :unstable) (tag :nativecomp)))')
Test emacs-tests/bwrap/allows-stdout backtrace:
signal(ert-test-failed (((should (eql status 0)) :form (eql 159 0) :
ert-fail(((should (eql status 0)) :form (eql 159 0) :value nil))
(if (unwind-protect (setq value-166 (apply fn-164 args-165)) (setq f
(let (form-description-168) (if (unwind-protect (setq value-166 (app
(let ((value-166 'ert-form-evaluation-aborted-167)) (let (form-descr
(let* ((fn-164 #'eql) (args-165 (condition-case err (let ((signal-ho
(let ((ert--infos (cons (cons "Info: " (emacs-tests--seccomp-debug s
(let* ((command (concat (mapconcat #'shell-quote-argument (list (fil
(progn (let* ((command (concat (mapconcat #'shell-quote-argument (li
(unwind-protect (progn (let* ((command (concat (mapconcat #'shell-qu
(save-current-buffer (set-buffer temp-buffer) (unwind-protect (progn
(let ((temp-buffer (generate-new-buffer " *temp*" t))) (save-current
(let ((bash (executable-find "bash")) (bwrap (executable-find "bwrap
(closure (t) nil (let ((bash (executable-find "bash")) (bwrap (execu
ert--run-test-internal(#s(ert--test-execution-info :test #s(ert-test
ert-run-test(#s(ert-test :name emacs-tests/bwrap/allows-stdout :docu
ert-run-or-rerun-test(#s(ert--stats :selector ... :tests ... :test-m
ert-run-tests((not (or (tag :unstable) (tag :nativecomp))) #f(compil
ert-run-tests-batch((not (or (tag :unstable) (tag :nativecomp))))
ert-run-tests-batch-and-exit((not (or (tag :unstable) (tag :nativeco
eval((ert-run-tests-batch-and-exit '(not (or (tag :unstable) (tag :n
command-line-1(("-L" ":." "-l" "ert" "-l" "src/emacs-tests.el" "--ev
command-line()
normal-top-level()
Test emacs-tests/bwrap/allows-stdout condition:
Info: Process output:
Potentially relevant Seccomp audit events:
----
type=SECCOMP msg=audit(08/20/22 13:47:48.032:737) : auid=blc uid=root gid=root ses=4 subj==unconfined pid=45735 comm=emacs exe=/home/blc/.local/src/emacs/src/emacs sig=SIGSYS arch=x86_64 syscall=clone3 compat=0 ip=0x7f1a7810a779 code=kill
Potentially useful coredump information:
PID: 45735 (emacs)
UID: 0 (root)
GID: 0 (root)
Signal: 31 (SYS)
Timestamp: Sat 2022-08-20 13:47:48 EEST (496ms ago)
Command Line: /home/blc/.local/src/emacs/src/emacs --quick --batch $'--eval=(message "Hi")'
Executable: /home/blc/.local/src/emacs/src/emacs
Control Group: /user.slice/user-1000.slice/user@1000.service/app.slice/app-org.gnome.Terminal.slice/vte-spawn-f315a4b7-eae9-425e-940f-6c05c5d86ded.scope
Unit: user@1000.service
User Unit: vte-spawn-f315a4b7-eae9-425e-940f-6c05c5d86ded.scope
Slice: user-1000.slice
Owner UID: 1000 (blc)
Boot ID: 4d8867e0dc1e443589a72674d09ab454
Machine ID: 1eaf00d04e87431584dd7dfc9cf6503c
Hostname: tia
Storage: /var/lib/systemd/coredump/core.emacs.0.4d8867e0dc1e443589a72674d09ab454.45735.1660992468000000.zst (present)
Disk Size: 4.3M
Package: systemd/251.3-1
build-id: b2a6a65bc14c6d8bf2cda8b111ef76d28f5fc236
Message: Process 45735 (emacs) of user 0 dumped core.
Module /home/blc/.local/src/emacs/src/emacs with build-id b2a6a65bc14c6d8bf2cda8b111ef76d28f5fc236
Metadata for module /home/blc/.local/src/emacs/src/emacs owned by FDO found: {
"type" : "deb",
"os" : "debian",
"name" : "systemd",
"architecture" : "amd64",
"version" : "251.3-1",
"debugInfoUrl" : "https://debuginfod.debian.net"
}
Module linux-vdso.so.1 with build-id c9e3a861ce407cfd2ce8f09d76cd130128ae1352
Module libgpg-error.so.0 with build-id 7fdce7d73bd3fde9dc772242e2a0d32fee06ffba
Module libdatrie.so.1 with build-id bdb764243ae69f6faa37d6b969fbbe46cd5476f1
Module libbrotlicommon.so.1 with build-id 3c671f721b58fd96b70ba426a215b3c43847bbf5
Module libicudata.so.71 with build-id c2e714254cd127c573a0f401b369b36455875e5e
Module libblkid.so.1 with build-id d3e947026c74ed40701063d17ae59a2f6e51abcb
Module libfribidi.so.0 with build-id df6a1c7bc544c74c18a8635e3e65965a1fb529c3
Module libpangoft2-1.0.so.0 with build-id 5d1e6389f71ca2629a3347df42eace0bd905e2d7
Module libXdmcp.so.6 with build-id 1d12a8566670c95b1b02e341400060d2d825aade
Module libXau.so.6 with build-id 84ffa90fee1b716cdc7d8349be47ed6ca4761b75
Module libmd.so.0 with build-id bfcdab3e6fabdc0d6f3e3e7d562330e80601a5af
Module libstdc++.so.6 with build-id 7dfada477db09980819a1c06025334829974291d
Module liblz4.so.1 with build-id 964039e18af4b59e5a11f4ad26e9aa5e6a2d5db7
Module libgcrypt.so.20 with build-id d8679f5ba3b9d55740e274eaaf8bea33fa76eaa9
Module libcap.so.2 with build-id a6034f7fc277ee9d9714c2b288b419498225156f
Module librt.so.1 with build-id 7f22e4e1c065a4d32e660f2a4726dacd8514d83e
Module libhogweed.so.6 with build-id bc104618645979735399d88df5bb3b1a81753238
Module libnettle.so.8 with build-id a0fd01631c795d4955e5f6bef9f7e0367b20d13b
Module libtasn1.so.6 with build-id b4bb5ce72e9b65bdfa6d6e38b20bae371d4de7f8
Module libunistring.so.2 with build-id 7d2c9a24ad8e7cb72befdc06cd45cbddd5ee7f48
Module libidn2.so.0 with build-id 631817435528cdf153efd277e62494c990124f26
Module libp11-kit.so.0 with build-id 97832cbdb52c48f1422b9e70802112b0cc6587f3
Module libthai.so.0 with build-id 11b774e6b958fa6734f1a721527e1596e34ecd00
Module libgraphite2.so.3 with build-id 5b00ca1eda239ea043d7eae3b0fd4481560a907e
Module libexpat.so.1 with build-id c0868cbd80e057d01466ce46394075aeb27876d4
Module libbrotlidec.so.1 with build-id 1160b28572b6a6fc5674f5db1333716d4ba9e55f
Module libpcre2-8.so.0 with build-id 5aa43e3778622f4b95261331e97a45be5b87481d
Module libicuuc.so.71 with build-id 0c1744749cfb2e6d9d20139dcf60227b47867b45
Module libxcb-render.so.0 with build-id ca78dfc48f5a2593d9dc3b1d439740c6abad3f1c
Module libxcb-shm.so.0 with build-id 77958cefc38a0b1edb4d0f4b76817b05ac6ec605
Module libpixman-1.so.0 with build-id 2ba0d88f718a0fef93d759cfc90bc650cdee38ba
Module libpcre.so.3 with build-id 612734ba9e42eb4a87f15e845b24a57c99dd9541
Module libffi.so.8 with build-id bb0fa5371874ba431e7cd9dc2df93922de436fa9
Module libmount.so.1 with build-id e29bc51dddfc4e370eb7eac9ff29df81efdbf22c
Module libgmodule-2.0.so.0 with build-id 32f561832b31d1f5aec7f34c0594cc9130a75bc4
Module libgcc_s.so.1 with build-id 6fefc430ca3d24c6cc97810fa2583d4ca0e3794c
Module libpango-1.0.so.0 with build-id 37b2c5dcedb960c3d34f2b46e994fc303830851d
Module libpangocairo-1.0.so.0 with build-id 4851be47f9e74b03ac5907d23fb8bdfdb2c5a444
Module libcairo-gobject.so.2 with build-id 05d67ae9df9913cfc114e0edbeb8bec4a2adc2fb
Module ld-linux-x86-64.so.2 with build-id abf69c277ea8e886c0c83c285d5fe8f81ada6441
Module libdl.so.2 with build-id dd2096999912694a3d4c29ebd26a2e6904ceb1b1
Module libxcb.so.1 with build-id 81156ba79b0ca3ca8d015453e333d16c3fcdc277
Module libbsd.so.0 with build-id 974e49045a7855a26d47583928fa20dbbfd4f530
Module libuuid.so.1 with build-id 6b0f1c26b65771068f1daa425dae3f769ce41a6c
Module libpthread.so.0 with build-id 2d29a9369ab905675e4f1a580aa84728b137aeee
Module libdeflate.so.0 with build-id 5f5cfff374c1e8ce7a3638de94c67be4b869689c
Module libjbig.so.0 with build-id 22813d3e92e574d81165b92701d721fbe4c1861e
Module libLerc.so.4 with build-id 026b7d95da31ef6e69c69dce122973e0cf41e498
Module liblzma.so.5 with build-id 2be514bf14fac8ce94c74072cd951ac7672bc96e
Module libzstd.so.1 with build-id c483624c22368ac21336433d92ac9ce13e6bb2cc
Module libc.so.6 with build-id cd45acadac8913aca3366a212146d20c13e5150b
Module libXcomposite.so.1 with build-id 0586ef2cab90572a843bb13ef98243e960b12689
Module libsqlite3.so.0 with build-id f9195d0176af0e9f0fa37f73b8ec4687840296c0
Module libXi.so.6 with build-id 2c6fa06f89fc78b5ff61504d8f9994ec8ba546d4
Module libgmp.so.10 with build-id 25c73b398493c695a013a6d9d493a8316aac0fa0
Module libjansson.so.4 with build-id aee56a434cb99db267c03a66f3a4ed597cc53f0a
Module libsystemd.so.0 with build-id 784b632d453559127aeb35c4ec82d234f8bb5092
Metadata for module libsystemd.so.0 owned by FDO found: {
"type" : "deb",
"os" : "debian",
"name" : "systemd",
"architecture" : "amd64",
"version" : "251.3-1",
"debugInfoUrl" : "https://debuginfod.debian.net"
}
Module liblcms2.so.2 with build-id ae1a8f204a11235928b730f01834bab7cca52f33
Module libgnutls.so.30 with build-id 333e23f509b65dbbd4c3f4c2dbbd1fe1296d358a
Module libm17n-flt.so.0 with build-id 80254d7011bb83a362cbf250a21aed6440a4ddce
Module libm17n-core.so.0 with build-id 5ceb915e87d90e49bc37353aed2939fd0d025e46
Module libotf.so.1 with build-id 01f83610c060379c362910a50e23ef9b12c8f3a6
Module libharfbuzz.so.0 with build-id d4a75db68352b8ea150e830e6720dc7f241b6c6c
Module libfontconfig.so.1 with build-id 8c5b644189c8ac1878881b552bb60d3059daffe9
Module libfreetype.so.6 with build-id 5d03f612aa76f7a175f1f23e5275809b0db692a4
Module libselinux.so.1 with build-id 8fee861439dcf268ebe3b4434d0151120e330a7e
Module libtinfo.so.6 with build-id 40d011d30ae4d642136c7d8163ad5a3a1e510820
Module libgpm.so.2 with build-id 07aa4da11c1a00d0765db824bd11b9791bf22942
Module libxml2.so.2 with build-id 3b02baa8c3e85d3601b434a4fdfafd383d29d783
Module libXfixes.so.3 with build-id ce96de14725f38faf01784a9c6a492c1f07c45b9
Module libXinerama.so.1 with build-id 5a76407b56b10810711c5345defbdf4e2dad3897
Module libXrandr.so.2 with build-id 0372dfb32a5c0d113819e1167f75c81c751373a8
Module libdbus-1.so.3 with build-id 35b9afe5fb0bb1d0f4d8154c39015cefc16faff6
Module libacl.so.1 with build-id 10f984c014a2f7b28613cd44a98cf1d2e4a5eb24
Module libcairo.so.2 with build-id 48feebcd296c6d353cf5f6e385180362219f166a
Module libglib-2.0.so.0 with build-id 1697a734f1bc7448cd8772689a1c439343f062f7
Module libgobject-2.0.so.0 with build-id d3bbf3140fc6e369396fdae318b5475f3edc9108
Module libgdk_pixbuf-2.0.so.0 with build-id ac93f985fdfa301d08c69d86e9d1d02fa1475426
Module libgio-2.0.so.0 with build-id ebfbf354e8797e0776196fc1eb1facafb2565fd7
Module libm.so.6 with build-id 5a8b027da6e79fa7d9638f9b1beef0c789e7ce92
Module librsvg-2.so.2 with build-id b07fc77a1604a7e4083885c5cfc33e00e8b9b3ec
Module libasound.so.2 with build-id 9499f0332b625cafb50e5d0fac4b9b70c7bcd0dc
Module libXrender.so.1 with build-id 23dd581f5d93297dc5c508f03e224f9860af8217
Module libX11.so.6 with build-id 692ceb08bd361ef2ea7caaa0926de19466d6f3ad
Module libXext.so.6 with build-id 94abf5af6ebe825ecf64f717b6a62d07727af979
Module libICE.so.6 with build-id 6a0429d9840edac7a76507600758dfad21dbae99
Module libSM.so.6 with build-id 934950c93be01703ce94d26738d1f9aa1f7a9096
Module libXt.so.6 with build-id 932a859be84231f3dd466bc0ab6ab50b73924122
Module libXmu.so.6 with build-id 3528615d26bf0f9135a891572710d3dcff99bcd7
Module libXaw3d.so.6 with build-id 6fda728c42c55e0191091b66601f081967e55aa4
Module libwebpdemux.so.2 with build-id b9f941bbea322013385dd6716dbd2289a16f617d
Module libwebp.so.7 with build-id 23fa061dd0c70d882df0f19ca3535ee1c5b142d7
Module libXpm.so.4 with build-id 1f2dd817d18808f7122857a252faa77d6ed56109
Module libgif.so.7 with build-id f9a731f11245de181862edf5563cca8ea9cbc4a3
Module libz.so.1 with build-id e83434bccbc337eb727378b60d562a0a2a1aa297
Module libpng16.so.16 with build-id 033ac7a182a6d139090fbf96d981be8ef242f847
Module libjpeg.so.62 with build-id 368d652b25bccafcf6ab3c9c6381d07fb8393803
Module libtiff.so.5 with build-id 14e6f44bec2833d451aec36cc714e1ecf3827c38
Stack trace of thread 45735:
#0 0x00007f1a7810a779 __clone3 (libc.so.6 + 0x10a779)
ELF object binary architecture: AMD x86-64
(ert-test-failed
((should
(eql status 0))
:form
(eql 159 0)
:value nil))
FAILED 1/7 emacs-tests/bwrap/allows-stdout (0.512569 sec) at src/emacs-tests.el:175
passed 2/7 emacs-tests/seccomp/absent-file (0.020746 sec)
Test emacs-tests/seccomp/allows-stdout backtrace:
signal(ert-test-failed (((should (eql status 0)) :form (eql "Bad sys
ert-fail(((should (eql status 0)) :form (eql "Bad system call" 0) :v
(if (unwind-protect (setq value-102 (apply fn-100 args-101)) (setq f
(let (form-description-104) (if (unwind-protect (setq value-102 (app
(let ((value-102 'ert-form-evaluation-aborted-103)) (let (form-descr
(let* ((fn-100 #'eql) (args-101 (condition-case err (let ((signal-ho
(let ((ert--infos (cons (cons "Info: " (emacs-tests--seccomp-debug s
(let ((start-time (current-time)) (status (call-process emacs nil t
(progn (let ((start-time (current-time)) (status (call-process emacs
(unwind-protect (progn (let ((start-time (current-time)) (status (ca
(save-current-buffer (set-buffer temp-buffer) (unwind-protect (progn
(let ((temp-buffer (generate-new-buffer " *temp*" t))) (save-current
(let ((emacs (expand-file-name invocation-name invocation-directory)
(closure (t) nil (let* ((fn-80 #'string-match-p) (args-81 (condition
ert--run-test-internal(#s(ert--test-execution-info :test #s(ert-test
ert-run-test(#s(ert-test :name emacs-tests/seccomp/allows-stdout :do
ert-run-or-rerun-test(#s(ert--stats :selector ... :tests ... :test-m
ert-run-tests((not (or (tag :unstable) (tag :nativecomp))) #f(compil
ert-run-tests-batch((not (or (tag :unstable) (tag :nativecomp))))
ert-run-tests-batch-and-exit((not (or (tag :unstable) (tag :nativeco
eval((ert-run-tests-batch-and-exit '(not (or (tag :unstable) (tag :n
command-line-1(("-L" ":." "-l" "ert" "-l" "src/emacs-tests.el" "--ev
command-line()
normal-top-level()
Test emacs-tests/seccomp/allows-stdout condition:
Info: Process output:
Potentially relevant Seccomp audit events:
----
type=SECCOMP msg=audit(08/20/22 13:47:48.032:737) : auid=blc uid=root gid=root ses=4 subj==unconfined pid=45735 comm=emacs exe=/home/blc/.local/src/emacs/src/emacs sig=SIGSYS arch=x86_64 syscall=clone3 compat=0 ip=0x7f1a7810a779 code=kill
----
type=SECCOMP msg=audit(08/20/22 13:47:48.760:747) : auid=blc uid=root gid=root ses=4 subj==unconfined pid=45794 comm=emacs exe=/home/blc/.local/src/emacs/src/emacs sig=SIGSYS arch=x86_64 syscall=clone3 compat=0 ip=0x7fe35b30a779 code=kill
Potentially useful coredump information:
PID: 45794 (emacs)
UID: 0 (root)
GID: 0 (root)
Signal: 31 (SYS)
Timestamp: Sat 2022-08-20 13:47:48 EEST (1s ago)
Command Line: /home/blc/.local/src/emacs/src/emacs --quick --batch --seccomp=/home/blc/.local/src/emacs/lib-src/seccomp-filter.bpf $'--eval=(message "Hi")'
Executable: /home/blc/.local/src/emacs/src/emacs
Control Group: /user.slice/user-1000.slice/user@1000.service/app.slice/app-org.gnome.Terminal.slice/vte-spawn-f315a4b7-eae9-425e-940f-6c05c5d86ded.scope
Unit: user@1000.service
User Unit: vte-spawn-f315a4b7-eae9-425e-940f-6c05c5d86ded.scope
Slice: user-1000.slice
Owner UID: 1000 (blc)
Boot ID: 4d8867e0dc1e443589a72674d09ab454
Machine ID: 1eaf00d04e87431584dd7dfc9cf6503c
Hostname: tia
Storage: /var/lib/systemd/coredump/core.emacs.0.4d8867e0dc1e443589a72674d09ab454.45794.1660992468000000.zst (present)
Disk Size: 4.3M
Package: systemd/251.3-1
build-id: b2a6a65bc14c6d8bf2cda8b111ef76d28f5fc236
Message: Process 45794 (emacs) of user 0 dumped core.
Module /home/blc/.local/src/emacs/src/emacs with build-id b2a6a65bc14c6d8bf2cda8b111ef76d28f5fc236
Metadata for module /home/blc/.local/src/emacs/src/emacs owned by FDO found: {
"type" : "deb",
"os" : "debian",
"name" : "systemd",
"architecture" : "amd64",
"version" : "251.3-1",
"debugInfoUrl" : "https://debuginfod.debian.net"
}
Module linux-vdso.so.1 with build-id c9e3a861ce407cfd2ce8f09d76cd130128ae1352
Module libgpg-error.so.0 with build-id 7fdce7d73bd3fde9dc772242e2a0d32fee06ffba
Module libdatrie.so.1 with build-id bdb764243ae69f6faa37d6b969fbbe46cd5476f1
Module libbrotlicommon.so.1 with build-id 3c671f721b58fd96b70ba426a215b3c43847bbf5
Module libicudata.so.71 with build-id c2e714254cd127c573a0f401b369b36455875e5e
Module libblkid.so.1 with build-id d3e947026c74ed40701063d17ae59a2f6e51abcb
Module libfribidi.so.0 with build-id df6a1c7bc544c74c18a8635e3e65965a1fb529c3
Module libpangoft2-1.0.so.0 with build-id 5d1e6389f71ca2629a3347df42eace0bd905e2d7
Module libXdmcp.so.6 with build-id 1d12a8566670c95b1b02e341400060d2d825aade
Module libXau.so.6 with build-id 84ffa90fee1b716cdc7d8349be47ed6ca4761b75
Module libmd.so.0 with build-id bfcdab3e6fabdc0d6f3e3e7d562330e80601a5af
Module libstdc++.so.6 with build-id 7dfada477db09980819a1c06025334829974291d
Module liblz4.so.1 with build-id 964039e18af4b59e5a11f4ad26e9aa5e6a2d5db7
Module libgcrypt.so.20 with build-id d8679f5ba3b9d55740e274eaaf8bea33fa76eaa9
Module libcap.so.2 with build-id a6034f7fc277ee9d9714c2b288b419498225156f
Module librt.so.1 with build-id 7f22e4e1c065a4d32e660f2a4726dacd8514d83e
Module libhogweed.so.6 with build-id bc104618645979735399d88df5bb3b1a81753238
Module libnettle.so.8 with build-id a0fd01631c795d4955e5f6bef9f7e0367b20d13b
Module libtasn1.so.6 with build-id b4bb5ce72e9b65bdfa6d6e38b20bae371d4de7f8
Module libunistring.so.2 with build-id 7d2c9a24ad8e7cb72befdc06cd45cbddd5ee7f48
Module libidn2.so.0 with build-id 631817435528cdf153efd277e62494c990124f26
Module libp11-kit.so.0 with build-id 97832cbdb52c48f1422b9e70802112b0cc6587f3
Module libthai.so.0 with build-id 11b774e6b958fa6734f1a721527e1596e34ecd00
Module libgraphite2.so.3 with build-id 5b00ca1eda239ea043d7eae3b0fd4481560a907e
Module libexpat.so.1 with build-id c0868cbd80e057d01466ce46394075aeb27876d4
Module libbrotlidec.so.1 with build-id 1160b28572b6a6fc5674f5db1333716d4ba9e55f
Module libpcre2-8.so.0 with build-id 5aa43e3778622f4b95261331e97a45be5b87481d
Module libicuuc.so.71 with build-id 0c1744749cfb2e6d9d20139dcf60227b47867b45
Module libxcb-render.so.0 with build-id ca78dfc48f5a2593d9dc3b1d439740c6abad3f1c
Module libxcb-shm.so.0 with build-id 77958cefc38a0b1edb4d0f4b76817b05ac6ec605
Module libpixman-1.so.0 with build-id 2ba0d88f718a0fef93d759cfc90bc650cdee38ba
Module libpcre.so.3 with build-id 612734ba9e42eb4a87f15e845b24a57c99dd9541
Module libffi.so.8 with build-id bb0fa5371874ba431e7cd9dc2df93922de436fa9
Module libmount.so.1 with build-id e29bc51dddfc4e370eb7eac9ff29df81efdbf22c
Module libgmodule-2.0.so.0 with build-id 32f561832b31d1f5aec7f34c0594cc9130a75bc4
Module libgcc_s.so.1 with build-id 6fefc430ca3d24c6cc97810fa2583d4ca0e3794c
Module libpango-1.0.so.0 with build-id 37b2c5dcedb960c3d34f2b46e994fc303830851d
Module libpangocairo-1.0.so.0 with build-id 4851be47f9e74b03ac5907d23fb8bdfdb2c5a444
Module libcairo-gobject.so.2 with build-id 05d67ae9df9913cfc114e0edbeb8bec4a2adc2fb
Module ld-linux-x86-64.so.2 with build-id abf69c277ea8e886c0c83c285d5fe8f81ada6441
Module libdl.so.2 with build-id dd2096999912694a3d4c29ebd26a2e6904ceb1b1
Module libxcb.so.1 with build-id 81156ba79b0ca3ca8d015453e333d16c3fcdc277
Module libbsd.so.0 with build-id 974e49045a7855a26d47583928fa20dbbfd4f530
Module libuuid.so.1 with build-id 6b0f1c26b65771068f1daa425dae3f769ce41a6c
Module libpthread.so.0 with build-id 2d29a9369ab905675e4f1a580aa84728b137aeee
Module libdeflate.so.0 with build-id 5f5cfff374c1e8ce7a3638de94c67be4b869689c
Module libjbig.so.0 with build-id 22813d3e92e574d81165b92701d721fbe4c1861e
Module libLerc.so.4 with build-id 026b7d95da31ef6e69c69dce122973e0cf41e498
Module liblzma.so.5 with build-id 2be514bf14fac8ce94c74072cd951ac7672bc96e
Module libzstd.so.1 with build-id c483624c22368ac21336433d92ac9ce13e6bb2cc
Module libc.so.6 with build-id cd45acadac8913aca3366a212146d20c13e5150b
Module libXcomposite.so.1 with build-id 0586ef2cab90572a843bb13ef98243e960b12689
Module libsqlite3.so.0 with build-id f9195d0176af0e9f0fa37f73b8ec4687840296c0
Module libXi.so.6 with build-id 2c6fa06f89fc78b5ff61504d8f9994ec8ba546d4
Module libgmp.so.10 with build-id 25c73b398493c695a013a6d9d493a8316aac0fa0
Module libjansson.so.4 with build-id aee56a434cb99db267c03a66f3a4ed597cc53f0a
Module libsystemd.so.0 with build-id 784b632d453559127aeb35c4ec82d234f8bb5092
Metadata for module libsystemd.so.0 owned by FDO found: {
"type" : "deb",
"os" : "debian",
"name" : "systemd",
"architecture" : "amd64",
"version" : "251.3-1",
"debugInfoUrl" : "https://debuginfod.debian.net"
}
Module liblcms2.so.2 with build-id ae1a8f204a11235928b730f01834bab7cca52f33
Module libgnutls.so.30 with build-id 333e23f509b65dbbd4c3f4c2dbbd1fe1296d358a
Module libm17n-flt.so.0 with build-id 80254d7011bb83a362cbf250a21aed6440a4ddce
Module libm17n-core.so.0 with build-id 5ceb915e87d90e49bc37353aed2939fd0d025e46
Module libotf.so.1 with build-id 01f83610c060379c362910a50e23ef9b12c8f3a6
Module libharfbuzz.so.0 with build-id d4a75db68352b8ea150e830e6720dc7f241b6c6c
Module libfontconfig.so.1 with build-id 8c5b644189c8ac1878881b552bb60d3059daffe9
Module libfreetype.so.6 with build-id 5d03f612aa76f7a175f1f23e5275809b0db692a4
Module libselinux.so.1 with build-id 8fee861439dcf268ebe3b4434d0151120e330a7e
Module libtinfo.so.6 with build-id 40d011d30ae4d642136c7d8163ad5a3a1e510820
Module libgpm.so.2 with build-id 07aa4da11c1a00d0765db824bd11b9791bf22942
Module libxml2.so.2 with build-id 3b02baa8c3e85d3601b434a4fdfafd383d29d783
Module libXfixes.so.3 with build-id ce96de14725f38faf01784a9c6a492c1f07c45b9
Module libXinerama.so.1 with build-id 5a76407b56b10810711c5345defbdf4e2dad3897
Module libXrandr.so.2 with build-id 0372dfb32a5c0d113819e1167f75c81c751373a8
Module libdbus-1.so.3 with build-id 35b9afe5fb0bb1d0f4d8154c39015cefc16faff6
Module libacl.so.1 with build-id 10f984c014a2f7b28613cd44a98cf1d2e4a5eb24
Module libcairo.so.2 with build-id 48feebcd296c6d353cf5f6e385180362219f166a
Module libglib-2.0.so.0 with build-id 1697a734f1bc7448cd8772689a1c439343f062f7
Module libgobject-2.0.so.0 with build-id d3bbf3140fc6e369396fdae318b5475f3edc9108
Module libgdk_pixbuf-2.0.so.0 with build-id ac93f985fdfa301d08c69d86e9d1d02fa1475426
Module libgio-2.0.so.0 with build-id ebfbf354e8797e0776196fc1eb1facafb2565fd7
Module libm.so.6 with build-id 5a8b027da6e79fa7d9638f9b1beef0c789e7ce92
Module librsvg-2.so.2 with build-id b07fc77a1604a7e4083885c5cfc33e00e8b9b3ec
Module libasound.so.2 with build-id 9499f0332b625cafb50e5d0fac4b9b70c7bcd0dc
Module libXrender.so.1 with build-id 23dd581f5d93297dc5c508f03e224f9860af8217
Module libX11.so.6 with build-id 692ceb08bd361ef2ea7caaa0926de19466d6f3ad
Module libXext.so.6 with build-id 94abf5af6ebe825ecf64f717b6a62d07727af979
Module libICE.so.6 with build-id 6a0429d9840edac7a76507600758dfad21dbae99
Module libSM.so.6 with build-id 934950c93be01703ce94d26738d1f9aa1f7a9096
Module libXt.so.6 with build-id 932a859be84231f3dd466bc0ab6ab50b73924122
Module libXmu.so.6 with build-id 3528615d26bf0f9135a891572710d3dcff99bcd7
Module libXaw3d.so.6 with build-id 6fda728c42c55e0191091b66601f081967e55aa4
Module libwebpdemux.so.2 with build-id b9f941bbea322013385dd6716dbd2289a16f617d
Module libwebp.so.7 with build-id 23fa061dd0c70d882df0f19ca3535ee1c5b142d7
Module libXpm.so.4 with build-id 1f2dd817d18808f7122857a252faa77d6ed56109
Module libgif.so.7 with build-id f9a731f11245de181862edf5563cca8ea9cbc4a3
Module libz.so.1 with build-id e83434bccbc337eb727378b60d562a0a2a1aa297
Module libpng16.so.16 with build-id 033ac7a182a6d139090fbf96d981be8ef242f847
Module libjpeg.so.62 with build-id 368d652b25bccafcf6ab3c9c6381d07fb8393803
Module libtiff.so.5 with build-id 14e6f44bec2833d451aec36cc714e1ecf3827c38
Stack trace of thread 45794:
#0 0x00007fe35b30a779 __clone3 (libc.so.6 + 0x10a779)
ELF object binary architecture: AMD x86-64
(ert-test-failed
((should
(eql status 0))
:form
(eql "Bad system call" 0)
:value nil))
FAILED 3/7 emacs-tests/seccomp/allows-stdout (0.469686 sec) at src/emacs-tests.el:122
passed 4/7 emacs-tests/seccomp/empty-file (0.018709 sec)
passed 5/7 emacs-tests/seccomp/file-too-large (0.037040 sec)
passed 6/7 emacs-tests/seccomp/forbids-subprocess (0.450736 sec)
passed 7/7 emacs-tests/seccomp/invalid-file-size (0.032066 sec)
Ran 7 tests, 5 results as expected, 2 unexpected (2022-08-20 13:47:49+0300, 1.870842 sec)
2 unexpected results:
FAILED emacs-tests/bwrap/allows-stdout
FAILED emacs-tests/seccomp/allows-stdout
make[2]: *** [Makefile:174: src/emacs-tests.log] Error 1
make[2]: Leaving directory '/home/blc/.local/src/emacs/test'
make[1]: *** [Makefile:240: src/emacs-tests] Error 2
make[1]: Leaving directory '/home/blc/.local/src/emacs/test'
make: *** [Makefile:1022: test/emacs-tests] Error 2
[-- Attachment #3: Type: text/plain, Size: 4073 bytes --]
This with:
$ /lib/x86_64-linux-gnu/libc.so.6
GNU C Library (Debian GLIBC 2.34-3) stable release version 2.34.
Copyright (C) 2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 11.3.0.
libc ABIs: UNIQUE IFUNC ABSOLUTE
> Hmm, I'm not sure we should allow clone3 unconditionally since it can do lots of
> things, and I'd expect that its capabilities will only grow over time. OTOH, BPF
> (or at least the libseccomp library) don't support pointer indirections which
> would be needed to inspect the structure fields. See
> https://lwn.net/Articles/822256/.
> Any opinions?
No opinion from me, but FWIW Docker seems to allow clone3 in its default
policy:
https://github.com/docker/docker-ce/commit/522fcd0056
https://github.com/containerd/containerd/pull/5982
Thanks,
--
Basil
In GNU Emacs 29.0.50 (build 1, x86_64-pc-linux-gnu, X toolkit, cairo version 1.16.0, Xaw3d scroll bars)
of 2022-08-20 built on tia
Repository revision: 3312710fd672021b17983ef2287dbd57a9a110a1
Repository branch: master
Windowing system distributor 'The X.Org Foundation', version 11.0.12101004
System Description: Debian GNU/Linux bookworm/sid
Configured using:
'configure 'CFLAGS=-Og -ggdb3' --config-cache --prefix=/home/blc/.local
--enable-checking=structs --with-file-notification=yes
--with-x-toolkit=lucid --with-x'
Configured features:
ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG
JSON LCMS2 LIBOTF LIBSELINUX LIBSYSTEMD LIBXML2 M17N_FLT MODULES NOTIFY
INOTIFY PDUMPER PNG RSVG SECCOMP SOUND SQLITE3 THREADS TIFF
TOOLKIT_SCROLL_BARS WEBP X11 XAW3D XDBE XIM XINPUT2 XPM LUCID ZLIB
Important settings:
value of $LANG: en_IE.UTF-8
value of $XMODIFIERS: @im=ibus
locale-coding-system: utf-8-unix
Major mode: Lisp Interaction
Minor modes in effect:
tooltip-mode: t
global-eldoc-mode: t
eldoc-mode: t
show-paren-mode: t
electric-indent-mode: t
mouse-wheel-mode: t
tool-bar-mode: t
menu-bar-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
blink-cursor-mode: t
line-number-mode: t
indent-tabs-mode: t
transient-mark-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
Load-path shadows:
None found.
Features:
(shadow sort mail-extr emacsbug message mailcap yank-media puny dired
dired-loaddefs rfc822 mml mml-sec password-cache epa derived epg rfc6068
epg-config gnus-util text-property-search time-date subr-x mm-decode
mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader
cl-loaddefs cl-lib sendmail rfc2047 rfc2045 ietf-drums mm-util
mail-prsvr mail-utils rmc iso-transl tooltip eldoc paren electric
uniquify ediff-hook vc-hooks lisp-float-type elisp-mode mwheel
term/x-win x-win term/common-win x-dnd tool-bar dnd fontset image
regexp-opt fringe tabulated-list replace newcomment text-mode lisp-mode
prog-mode register page tab-bar menu-bar rfn-eshadow isearch easymenu
timer select scroll-bar mouse jit-lock font-lock syntax font-core
term/tty-colors frame minibuffer nadvice seq simple cl-generic
indonesian philippine cham georgian utf-8-lang misc-lang vietnamese
tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek
romanian slovak czech european ethiopic indian cyrillic chinese
composite emoji-zwj charscript charprop case-table epa-hook
jka-cmpr-hook help abbrev obarray oclosure cl-preloaded button loaddefs
faces cus-face macroexp files window text-properties overlay sha1 md5
base64 format env code-pages mule custom widget keymap
hashtable-print-readable backquote threads dbusbind inotify lcms2
dynamic-setting system-font-setting font-render-setting cairo x-toolkit
xinput2 x multi-tty make-network-process emacs)
Memory information:
((conses 16 36336 7449)
(symbols 48 5084 0)
(strings 32 13829 1888)
(string-bytes 1 381827)
(vectors 16 9205)
(vector-slots 8 145425 12943)
(floats 8 23 25)
(intervals 56 236 0)
(buffers 992 10))
next prev parent reply other threads:[~2022-08-20 12:37 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-02 17:45 bug#56359: seccomp test failures on RHEL 9.0 Glenn Morris
2022-07-15 14:12 ` Philipp Stephani
2022-07-15 23:35 ` Glenn Morris
2022-07-16 10:50 ` Philipp Stephani
2022-08-20 12:37 ` Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors [this message]
2022-10-11 0:54 ` Lars Ingebrigtsen
2022-10-11 12:36 ` Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-11 17:43 ` Paul Eggert
2022-10-11 19:47 ` Lars Ingebrigtsen
2022-10-18 9:32 ` Philipp Stephani
2022-10-06 16:56 ` Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 11:56 ` Lars Ingebrigtsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y1vjay6b.fsf@tcd.ie \
--to=bug-gnu-emacs@gnu.org \
--cc=56359@debbugs.gnu.org \
--cc=contovob@tcd.ie \
--cc=p.stephani2@gmail.com \
--cc=rgm@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).