* bug#56359: seccomp test failures on RHEL 9.0
@ 2022-07-02 17:45 Glenn Morris
2022-07-15 14:12 ` Philipp Stephani
2022-10-06 16:56 ` Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors
0 siblings, 2 replies; 12+ messages in thread
From: Glenn Morris @ 2022-07-02 17:45 UTC (permalink / raw)
To: 56359; +Cc: p.stephani2
Package: emacs
Version: 28.1.90
Severity: minor
emacs-28 at e390396e684 on RHEL 9.0:
2 unexpected results:
FAILED emacs-tests/bwrap/allows-stdout
FAILED emacs-tests/seccomp/allows-stdout
From audit.log:
type=SECCOMP msg=audit(1656773029.676:55047): auid=1000 uid=1000 gid=1000
ses=320 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
pid=2443726 comm="emacs" exe="/src/emacs" sig=31 arch=c000003e syscall=186
compat=0 ip=0x7f3c04d74dfd code=0x80000000AUID="gmorris" UID="gmorris"
GID="gmorris" ARCH=x86_64 SYSCALL=gettid
test/src/emacs-tests.log:
Running 7 tests (2022-07-02 10:39:57-0700, selector `(not (or (tag :unstable) (tag :nativecomp)))')
Test emacs-tests/bwrap/allows-stdout backtrace:
signal(ert-test-failed (((should (eql status 0)) :form (eql 159 0) :
ert-fail(((should (eql status 0)) :form (eql 159 0) :value nil))
(if (unwind-protect (setq value-166 (apply fn-164 args-165)) (setq f
(let (form-description-168) (if (unwind-protect (setq value-166 (app
(let ((value-166 'ert-form-evaluation-aborted-167)) (let (form-descr
(let* ((fn-164 #'eql) (args-165 (condition-case err (let ((signal-ho
(let ((ert--infos (cons (cons "Info: " (emacs-tests--seccomp-debug s
(let* ((command (concat (mapconcat #'shell-quote-argument (list (fil
(progn (let* ((command (concat (mapconcat #'shell-quote-argument (li
(unwind-protect (progn (let* ((command (concat (mapconcat #'shell-qu
(save-current-buffer (set-buffer temp-buffer) (unwind-protect (progn
(let ((temp-buffer (generate-new-buffer " *temp*" t))) (save-current
(let ((bash (executable-find "bash")) (bwrap (executable-find "bwrap
(let ((lexical-binding t)) (let ((bash (executable-find "bash")) (bw
(closure (t) nil (let ((lexical-binding t)) (let ((bash (executable-
ert--run-test-internal(#s(ert--test-execution-info :test #s(ert-test
ert-run-test(#s(ert-test :name emacs-tests/bwrap/allows-stdout :docu
ert-run-or-rerun-test(#s(ert--stats :selector ... :tests ... :test-m
ert-run-tests((not (or (tag :unstable) (tag :nativecomp))) #f(compil
ert-run-tests-batch((not (or (tag :unstable) (tag :nativecomp))))
ert-run-tests-batch-and-exit((not (or (tag :unstable) (tag :nativeco
eval((ert-run-tests-batch-and-exit '(not (or (tag :unstable) (tag :n
command-line-1(("-L" ":." "-l" "ert" "-l" "src/emacs-tests.el" "--ev
command-line()
normal-top-level()
Test emacs-tests/bwrap/allows-stdout condition:
Info: Process output:
Potentially relevant Seccomp audit events:
Error opening config file (Permission denied)
NOTE - using built-in logs: /var/log/audit/audit.log
Error opening /var/log/audit/audit.log (Permission denied)
Potentially useful coredump information:
Hint: You are currently not seeing messages from other users and the system.
Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages.
Pass -q to turn off this notice.
PID: 2491169 (emacs)
UID: 1000 (gmorris)
GID: 1000 (gmorris)
Signal: 31 (SYS)
Timestamp: Sat 2022-07-02 10:39:57 PDT (287ms ago)
Command Line: src/emacs --quick --batch $'--eval=(message "Hi")'
Executable: src/emacs
Control Group: /user.slice/user-1000.slice/session-329.scope
Unit: session-329.scope
Slice: user-1000.slice
Session: 329
Owner UID: 1000 (gmorris)
Boot ID: xxx
Machine ID: xxx
Hostname: xxx
Storage: /var/lib/systemd/coredump/core.emacs.1000.2df2456209984f74a8449c5af10bbcc3.2491169.1656783597000000.zst (present)
Disk Size: 4.0M
Message: Process 2491169 (emacs) of user 1000 dumped core.
Module linux-vdso.so.1 with build-id 987a2da0c3adf0de61f498aa19f074ce4369b168
Module libnss_sss.so.2 with build-id 24fde108de62a0496a81dc540f2144dabe1044bd
Module libdatrie.so.1 with build-id 82e6597b894c705023f5b506b28b555809d806ba
Module libgpg-error.so.0 with build-id 5489c46059340cb4d497235af1f8568d2445d69e
Module libbrotlicommon.so.1 with build-id db04eb63a9beddcde1319be962f5efc4a95d8a9e
Module libblkid.so.1 with build-id d2ca5e74365b5a58e5dca6b672513f4a576048e2
Module libthai.so.0 with build-id b3cdb18cb59b48c0f15c6d67a2f5b558559ae8c2
Module libfribidi.so.0 with build-id 69ac6c03889c58a5e7fd430a4100f21e103ba8d2
Module libgcrypt.so.20 with build-id 9933b5a9a51e38a4d47011e97ad8ec022e6de4be
Module libcap.so.2 with build-id 2e458559b89c79ad80c59a1082aef02c283b022d
Module liblz4.so.1 with build-id 7c5b7e60b06bfbd641512403f019e757cf4a8c08
Module libhogweed.so.6 with build-id 40632ecb97bd8bd45e8cf3d24291367c3b86e3db
Module libnettle.so.8 with build-id 2120e07233e0baf4802af62044a2274434eaa074
Module libtasn1.so.6 with build-id b0c551df320023b8309dddc7d56d2645cd81bd1f
Module libunistring.so.2 with build-id 32f5f73e10dfeeb93b54b2bc21e9e1e4e341c8ca
Module libidn2.so.0 with build-id 5f6a5ea74f06ef9bcc087bf8369c0a8dcaa7ff5d
Module libp11-kit.so.0 with build-id de88b9ea36d398dc2bafd29788204483f3aaccaf
Module libgraphite2.so.3 with build-id 0511434c742be039c731fee8ff37466a858566b0
Module libbrotlidec.so.1 with build-id 2e52b9cd432a4856594c463b96862b9292ecc192
Module libbz2.so.1 with build-id 6492ce13d4e640dd7f3de885da1db1f411768de8
Module libpcre2-8.so.0 with build-id d002c28473f32ac8a193721d04b710d45ac627e9
Module libdbus-glib-1.so.2 with build-id d05e42c8265a3d751bc1b0dbf0403071bbe27ff3
Module liblzma.so.5 with build-id e36b862796c14583e7936ecb7b83b694658e5afa
Module libattr.so.1 with build-id 9cfb2b1c1bb4f5ca5296dc1f4ad4762b87c9bca1
Module libxcb-render.so.0 with build-id c7830b6e0ba50270a73f1152188173c533bc4cd1
Module libxcb-shm.so.0 with build-id c99c063111e4dc85f2cb3463ca54db071e6a2cdc
Module libpixman-1.so.0 with build-id d29acf3201edebcf13f6112f6b1428b32a36bce4
Module libpcre.so.1 with build-id b917c5e8f59b034c94d7698b74de7d0830fede05
Module libffi.so.8 with build-id 7cd62ad687d6e2c299990b75edf97a72d61ed913
Module libmount.so.1 with build-id 2cb3370d622a16c653f486ac9d15a63902d0f73e
Module libgmodule-2.0.so.0 with build-id d3b8fd3ca7601e4e83aed67febd1aa150edd8da6
Module libgcc_s.so.1 with build-id c0fde791071c51b4c029c48e4af4100dc0e36f44
Module libpango-1.0.so.0 with build-id 9730eff2bb112c8765bb3ed72aa1840edf5ab44c
Module libpangoft2-1.0.so.0 with build-id d5af428dd75236e69e1caf25b1fd954672e7c01b
Module libpangocairo-1.0.so.0 with build-id a0464f49a4772d58fc257ae0b7d341c3a5be538a
Module libcairo-gobject.so.2 with build-id b12ae5ae1d2fccdc2ae7eb1e9b519782d74cc55e
Module ld-linux-x86-64.so.2 with build-id 6ae37ed0ebb1900854f7aa8675edddbbf33e8d2a
Module libXau.so.6 with build-id e1ca50098a4973f8d26b2f60297b45562e37d5fb
Module libuuid.so.1 with build-id 198bdb9dc720c8f23f21d512cea4589bd1a67e7b
Module libjbig.so.2.1 with build-id 6ddc11cadd3d7e47ae52ef68ebb422f63400b538
Module libzstd.so.1 with build-id 9bdaae147687d98b3f3a10aeac872a36332481fb
Module libwebp.so.7 with build-id 47de3cd4dcf14b062e6c7bb9dbe3b91fc9468583
Module libc.so.6 with build-id 992b882da302f0c924a40d3125b5164aa02347ce
Module libgmp.so.10 with build-id 37c945a37982b8b0c2e9c2c2e3ab4f88ae3707dd
Module libjansson.so.4 with build-id 3e5df495bbffe3eeac06c1c8f02e684acd825878
Module libsystemd.so.0 with build-id a5e73d43e12e85273392622cd91e93a497762c03
Module liblcms2.so.2 with build-id 96f18893400895adf35051cc1e1ce6c9c9aca199
Module libanl.so.1 with build-id 494c94ca812f48653608e98262aef02178c97523
Module libgnutls.so.30 with build-id 0d02be0970ed3d8251a506fde7e6a849b329b7fe
Module libharfbuzz.so.0 with build-id cce6ad79bc97e8624121c48af8ec2d9b42c536b3
Module libfontconfig.so.1 with build-id e7c14b6d2a0f0086bd1d66dffca67c44086d67b9
Module libfreetype.so.6 with build-id d10b2b13cb38460f96c4fef9a0ee1889f45a7d86
Module libselinux.so.1 with build-id 717e2e8f4427520f02441c0b5a4bc1b861fb648d
Module libgconf-2.so.4 with build-id 702c89120d00f4c7491508d66bc46ec856ab3949
Module libtinfo.so.6 with build-id 78bf96fc6e39f99589acb797b2066abc962a2662
Module libgpm.so.2 with build-id ae6a113bf82c1b3e0c1d27e977590a19e982792d
Module libxml2.so.2 with build-id a7555ce97d2ce3cadcd94f08a69e5ae0eabc36fe
Module libXfixes.so.3 with build-id 3c855bb9cb4a58ae64751084160acea8aeb375be
Module libXinerama.so.1 with build-id 0d12e95ae05fa7f388040742a36a31639cd44f95
Module libXrandr.so.2 with build-id dbac6ac3b299c5195ca18902bc3361c00e340b3a
Module libdbus-1.so.3 with build-id 705356e391bd831d9067687d0436c1c6904c6149
Module libacl.so.1 with build-id f6b78dd866dbad532dda15d7a1f752f62acaf92c
Module libcairo.so.2 with build-id 4feccb843aee923b3cbe9a7ed86fba68c5740f0f
Module libglib-2.0.so.0 with build-id bba9b87f86e5d2fd5c06ab74552f09876a75ecc3
Module libgobject-2.0.so.0 with build-id 385c4d487d0939de86e316114ea503e41e0e528d
Module libgdk_pixbuf-2.0.so.0 with build-id 90e3f7d06fbe40cee8a7f55289c00332b6b2b640
Module libgio-2.0.so.0 with build-id 884e459ede022d5bed173e82eebbc1e30d0496c0
Module libm.so.6 with build-id 06480257823b66b01706ba8224a9f24fc280a5e8
Module librsvg-2.so.2 with build-id 3ed67d7a2eaca05545e6c2e57649b7c44116e8f9
Module libasound.so.2 with build-id d353d160b999019eff238dc24b705865194c6b3f
Module libXrender.so.1 with build-id 8e7c0f4d95e4b65c7be4da42cf4ea4d170e8fa24
Module libxcb.so.1 with build-id 939092fb35541949d60cd73e5d7d943afb9548c2
Module libX11-xcb.so.1 with build-id 9db5e672cff44e417333f6f4c3304be335e1b2b6
Module libX11.so.6 with build-id 9613169aedfb98686eb7dd9114a4d961f5b2c1ca
Module libXext.so.6 with build-id 929e4bf4589e515be6dcab46fae56dbf08f9a686
Module libICE.so.6 with build-id da7b04fa765ba354ad98c2f59d92aff737210dc5
Module libSM.so.6 with build-id 96e7a6c9c5e9b728749b5a97440b8e371b709070
Module libXt.so.6 with build-id 86eae3c9a48e8a214caa2a2ab38b917d46d9823b
Module libXmu.so.6 with build-id e1ecf40edbaac4d482a28a86b7be7654093330b0
Module libXaw.so.7 with build-id 006560e397cf8488a72c65325311be3568fb85eb
Module libXpm.so.4 with build-id 12abc048dd1b3a07d985de672165851448603c80
Module libgif.so.7 with build-id 70bc91735704c1d0e15ef8563c5e3772a6502f94
Module libz.so.1 with build-id 6e327bb976d53cd6a5efe10a74ffa8a7aa051f98
Module libpng16.so.16 with build-id dcba4562fa9caf49ba355d2ccc9f06f7aaa60b8a
Module libjpeg.so.62 with build-id 9c341ea0f2be4009211f9d5df1f481e12e81ab9a
Module libtiff.so.5 with build-id 9bf8445584b606a444bdd481f1bf5cf4d2307164
Module emacs with build-id 3652fdfcc9aadb451b031c89fe025d13c11c43da
Stack trace of thread 2491169:
#0 0x00007fa2fb4e7dfd syscall (libc.so.6 + 0x43dfd)
#1 0x00007fa2fc0c436e sysprof_collector_get (libglib-2.0.so.0 + 0xaa36e)
#2 0x00007fa2fc0c4bfd sysprof_collector_mark_vprintf (libglib-2.0.so.0 + 0xaabfd)
#3 0x00007fa2fc0c1500 g_trace_mark.constprop.0 (libglib-2.0.so.0 + 0xa7500)
#4 0x00007fa2fc09bfa4 g_thread_new_internal (libglib-2.0.so.0 + 0x81fa4)
#5 0x00007fa2fc09c254 g_thread_new (libglib-2.0.so.0 + 0x82254)
#6 0x00007fa2fc06f917 g_get_worker_context (libglib-2.0.so.0 + 0x55917)
#7 0x00007fa2fc06f9ac g_child_watch_source_new (libglib-2.0.so.0 + 0x559ac)
#8 0x0000000000686261 init_process_emacs (emacs + 0x286261)
#9 0x000000000056878c main (emacs + 0x16878c)
#10 0x00007fa2fb4e8e50 __libc_start_call_main (libc.so.6 + 0x44e50)
#11 0x00007fa2fb4e8efc __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x44efc)
#12 0x00000000004199e5 _start (emacs + 0x199e5)
ELF object binary architecture: AMD x86-64
(ert-test-failed
((should
(eql status 0))
:form
(eql 159 0)
:value nil))
FAILED 1/7 emacs-tests/bwrap/allows-stdout (0.234728 sec)
passed 2/7 emacs-tests/seccomp/absent-file (0.011437 sec)
Test emacs-tests/seccomp/allows-stdout backtrace:
signal(ert-test-failed (((should (eql status 0)) :form (eql "Bad sys
ert-fail(((should (eql status 0)) :form (eql "Bad system call" 0) :v
(if (unwind-protect (setq value-102 (apply fn-100 args-101)) (setq f
(let (form-description-104) (if (unwind-protect (setq value-102 (app
(let ((value-102 'ert-form-evaluation-aborted-103)) (let (form-descr
(let* ((fn-100 #'eql) (args-101 (condition-case err (let ((signal-ho
(let ((ert--infos (cons (cons "Info: " (emacs-tests--seccomp-debug s
(let ((start-time (current-time)) (status (call-process emacs nil t
(progn (let ((start-time (current-time)) (status (call-process emacs
(unwind-protect (progn (let ((start-time (current-time)) (status (ca
(save-current-buffer (set-buffer temp-buffer) (unwind-protect (progn
(let ((temp-buffer (generate-new-buffer " *temp*" t))) (save-current
(let ((emacs (expand-file-name invocation-name invocation-directory)
(let ((lexical-binding t)) (let* ((fn-80 #'string-match-p) (args-81
(closure (t) nil (let ((lexical-binding t)) (let* ((fn-80 #'string-m
ert--run-test-internal(#s(ert--test-execution-info :test #s(ert-test
ert-run-test(#s(ert-test :name emacs-tests/seccomp/allows-stdout :do
ert-run-or-rerun-test(#s(ert--stats :selector ... :tests ... :test-m
ert-run-tests((not (or (tag :unstable) (tag :nativecomp))) #f(compil
ert-run-tests-batch((not (or (tag :unstable) (tag :nativecomp))))
ert-run-tests-batch-and-exit((not (or (tag :unstable) (tag :nativeco
eval((ert-run-tests-batch-and-exit '(not (or (tag :unstable) (tag :n
command-line-1(("-L" ":." "-l" "ert" "-l" "src/emacs-tests.el" "--ev
command-line()
normal-top-level()
Test emacs-tests/seccomp/allows-stdout condition:
Info: Process output:
Potentially relevant Seccomp audit events:
Error opening config file (Permission denied)
NOTE - using built-in logs: /var/log/audit/audit.log
Error opening /var/log/audit/audit.log (Permission denied)
Potentially useful coredump information:
Hint: You are currently not seeing messages from other users and the system.
Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages.
Pass -q to turn off this notice.
PID: 2491181 (emacs)
UID: 1000 (gmorris)
GID: 1000 (gmorris)
Signal: 31 (SYS)
Timestamp: Sat 2022-07-02 10:39:57 PDT (882ms ago)
Command Line: src/emacs --quick --batch --seccomp=lib-src/seccomp-filter.bpf $'--eval=(message "Hi")'
Executable: src/emacs
Control Group: /user.slice/user-1000.slice/session-329.scope
Unit: session-329.scope
Slice: user-1000.slice
Session: 329
Owner UID: 1000 (gmorris)
Boot ID: xxx
Machine ID: xxx
Hostname: xxx
Storage: /var/lib/systemd/coredump/core.emacs.1000.2df2456209984f74a8449c5af10bbcc3.2491181.1656783597000000.zst (present)
Disk Size: 4.0M
Message: Process 2491181 (emacs) of user 1000 dumped core.
Module linux-vdso.so.1 with build-id 987a2da0c3adf0de61f498aa19f074ce4369b168
Module libnss_sss.so.2 with build-id 24fde108de62a0496a81dc540f2144dabe1044bd
Module libdatrie.so.1 with build-id 82e6597b894c705023f5b506b28b555809d806ba
Module libgpg-error.so.0 with build-id 5489c46059340cb4d497235af1f8568d2445d69e
Module libbrotlicommon.so.1 with build-id db04eb63a9beddcde1319be962f5efc4a95d8a9e
Module libblkid.so.1 with build-id d2ca5e74365b5a58e5dca6b672513f4a576048e2
Module libthai.so.0 with build-id b3cdb18cb59b48c0f15c6d67a2f5b558559ae8c2
Module libfribidi.so.0 with build-id 69ac6c03889c58a5e7fd430a4100f21e103ba8d2
Module libgcrypt.so.20 with build-id 9933b5a9a51e38a4d47011e97ad8ec022e6de4be
Module libcap.so.2 with build-id 2e458559b89c79ad80c59a1082aef02c283b022d
Module liblz4.so.1 with build-id 7c5b7e60b06bfbd641512403f019e757cf4a8c08
Module libhogweed.so.6 with build-id 40632ecb97bd8bd45e8cf3d24291367c3b86e3db
Module libnettle.so.8 with build-id 2120e07233e0baf4802af62044a2274434eaa074
Module libtasn1.so.6 with build-id b0c551df320023b8309dddc7d56d2645cd81bd1f
Module libunistring.so.2 with build-id 32f5f73e10dfeeb93b54b2bc21e9e1e4e341c8ca
Module libidn2.so.0 with build-id 5f6a5ea74f06ef9bcc087bf8369c0a8dcaa7ff5d
Module libp11-kit.so.0 with build-id de88b9ea36d398dc2bafd29788204483f3aaccaf
Module libgraphite2.so.3 with build-id 0511434c742be039c731fee8ff37466a858566b0
Module libbrotlidec.so.1 with build-id 2e52b9cd432a4856594c463b96862b9292ecc192
Module libbz2.so.1 with build-id 6492ce13d4e640dd7f3de885da1db1f411768de8
Module libpcre2-8.so.0 with build-id d002c28473f32ac8a193721d04b710d45ac627e9
Module libdbus-glib-1.so.2 with build-id d05e42c8265a3d751bc1b0dbf0403071bbe27ff3
Module liblzma.so.5 with build-id e36b862796c14583e7936ecb7b83b694658e5afa
Module libattr.so.1 with build-id 9cfb2b1c1bb4f5ca5296dc1f4ad4762b87c9bca1
Module libxcb-render.so.0 with build-id c7830b6e0ba50270a73f1152188173c533bc4cd1
Module libxcb-shm.so.0 with build-id c99c063111e4dc85f2cb3463ca54db071e6a2cdc
Module libpixman-1.so.0 with build-id d29acf3201edebcf13f6112f6b1428b32a36bce4
Module libpcre.so.1 with build-id b917c5e8f59b034c94d7698b74de7d0830fede05
Module libffi.so.8 with build-id 7cd62ad687d6e2c299990b75edf97a72d61ed913
Module libmount.so.1 with build-id 2cb3370d622a16c653f486ac9d15a63902d0f73e
Module libgmodule-2.0.so.0 with build-id d3b8fd3ca7601e4e83aed67febd1aa150edd8da6
Module libgcc_s.so.1 with build-id c0fde791071c51b4c029c48e4af4100dc0e36f44
Module libpango-1.0.so.0 with build-id 9730eff2bb112c8765bb3ed72aa1840edf5ab44c
Module libpangoft2-1.0.so.0 with build-id d5af428dd75236e69e1caf25b1fd954672e7c01b
Module libpangocairo-1.0.so.0 with build-id a0464f49a4772d58fc257ae0b7d341c3a5be538a
Module libcairo-gobject.so.2 with build-id b12ae5ae1d2fccdc2ae7eb1e9b519782d74cc55e
Module ld-linux-x86-64.so.2 with build-id 6ae37ed0ebb1900854f7aa8675edddbbf33e8d2a
Module libXau.so.6 with build-id e1ca50098a4973f8d26b2f60297b45562e37d5fb
Module libuuid.so.1 with build-id 198bdb9dc720c8f23f21d512cea4589bd1a67e7b
Module libjbig.so.2.1 with build-id 6ddc11cadd3d7e47ae52ef68ebb422f63400b538
Module libzstd.so.1 with build-id 9bdaae147687d98b3f3a10aeac872a36332481fb
Module libwebp.so.7 with build-id 47de3cd4dcf14b062e6c7bb9dbe3b91fc9468583
Module libc.so.6 with build-id 992b882da302f0c924a40d3125b5164aa02347ce
Module libgmp.so.10 with build-id 37c945a37982b8b0c2e9c2c2e3ab4f88ae3707dd
Module libjansson.so.4 with build-id 3e5df495bbffe3eeac06c1c8f02e684acd825878
Module libsystemd.so.0 with build-id a5e73d43e12e85273392622cd91e93a497762c03
Module liblcms2.so.2 with build-id 96f18893400895adf35051cc1e1ce6c9c9aca199
Module libanl.so.1 with build-id 494c94ca812f48653608e98262aef02178c97523
Module libgnutls.so.30 with build-id 0d02be0970ed3d8251a506fde7e6a849b329b7fe
Module libharfbuzz.so.0 with build-id cce6ad79bc97e8624121c48af8ec2d9b42c536b3
Module libfontconfig.so.1 with build-id e7c14b6d2a0f0086bd1d66dffca67c44086d67b9
Module libfreetype.so.6 with build-id d10b2b13cb38460f96c4fef9a0ee1889f45a7d86
Module libselinux.so.1 with build-id 717e2e8f4427520f02441c0b5a4bc1b861fb648d
Module libgconf-2.so.4 with build-id 702c89120d00f4c7491508d66bc46ec856ab3949
Module libtinfo.so.6 with build-id 78bf96fc6e39f99589acb797b2066abc962a2662
Module libgpm.so.2 with build-id ae6a113bf82c1b3e0c1d27e977590a19e982792d
Module libxml2.so.2 with build-id a7555ce97d2ce3cadcd94f08a69e5ae0eabc36fe
Module libXfixes.so.3 with build-id 3c855bb9cb4a58ae64751084160acea8aeb375be
Module libXinerama.so.1 with build-id 0d12e95ae05fa7f388040742a36a31639cd44f95
Module libXrandr.so.2 with build-id dbac6ac3b299c5195ca18902bc3361c00e340b3a
Module libdbus-1.so.3 with build-id 705356e391bd831d9067687d0436c1c6904c6149
Module libacl.so.1 with build-id f6b78dd866dbad532dda15d7a1f752f62acaf92c
Module libcairo.so.2 with build-id 4feccb843aee923b3cbe9a7ed86fba68c5740f0f
Module libglib-2.0.so.0 with build-id bba9b87f86e5d2fd5c06ab74552f09876a75ecc3
Module libgobject-2.0.so.0 with build-id 385c4d487d0939de86e316114ea503e41e0e528d
Module libgdk_pixbuf-2.0.so.0 with build-id 90e3f7d06fbe40cee8a7f55289c00332b6b2b640
Module libgio-2.0.so.0 with build-id 884e459ede022d5bed173e82eebbc1e30d0496c0
Module libm.so.6 with build-id 06480257823b66b01706ba8224a9f24fc280a5e8
Module librsvg-2.so.2 with build-id 3ed67d7a2eaca05545e6c2e57649b7c44116e8f9
Module libasound.so.2 with build-id d353d160b999019eff238dc24b705865194c6b3f
Module libXrender.so.1 with build-id 8e7c0f4d95e4b65c7be4da42cf4ea4d170e8fa24
Module libxcb.so.1 with build-id 939092fb35541949d60cd73e5d7d943afb9548c2
Module libX11-xcb.so.1 with build-id 9db5e672cff44e417333f6f4c3304be335e1b2b6
Module libX11.so.6 with build-id 9613169aedfb98686eb7dd9114a4d961f5b2c1ca
Module libXext.so.6 with build-id 929e4bf4589e515be6dcab46fae56dbf08f9a686
Module libICE.so.6 with build-id da7b04fa765ba354ad98c2f59d92aff737210dc5
Module libSM.so.6 with build-id 96e7a6c9c5e9b728749b5a97440b8e371b709070
Module libXt.so.6 with build-id 86eae3c9a48e8a214caa2a2ab38b917d46d9823b
Module libXmu.so.6 with build-id e1ecf40edbaac4d482a28a86b7be7654093330b0
Module libXaw.so.7 with build-id 006560e397cf8488a72c65325311be3568fb85eb
Module libXpm.so.4 with build-id 12abc048dd1b3a07d985de672165851448603c80
Module libgif.so.7 with build-id 70bc91735704c1d0e15ef8563c5e3772a6502f94
Module libz.so.1 with build-id 6e327bb976d53cd6a5efe10a74ffa8a7aa051f98
Module libpng16.so.16 with build-id dcba4562fa9caf49ba355d2ccc9f06f7aaa60b8a
Module libjpeg.so.62 with build-id 9c341ea0f2be4009211f9d5df1f481e12e81ab9a
Module libtiff.so.5 with build-id 9bf8445584b606a444bdd481f1bf5cf4d2307164
Module emacs with build-id 3652fdfcc9aadb451b031c89fe025d13c11c43da
Stack trace of thread 2491181:
#0 0x00007ff001575dfd syscall (libc.so.6 + 0x43dfd)
#1 0x00007ff00215236e sysprof_collector_get (libglib-2.0.so.0 + 0xaa36e)
#2 0x00007ff002152bfd sysprof_collector_mark_vprintf (libglib-2.0.so.0 + 0xaabfd)
#3 0x00007ff00214f500 g_trace_mark.constprop.0 (libglib-2.0.so.0 + 0xa7500)
#4 0x00007ff002129fa4 g_thread_new_internal (libglib-2.0.so.0 + 0x81fa4)
#5 0x00007ff00212a254 g_thread_new (libglib-2.0.so.0 + 0x82254)
#6 0x00007ff0020fd917 g_get_worker_context (libglib-2.0.so.0 + 0x55917)
#7 0x00007ff0020fd9ac g_child_watch_source_new (libglib-2.0.so.0 + 0x559ac)
#8 0x0000000000686261 init_process_emacs (emacs + 0x286261)
#9 0x000000000056878c main (emacs + 0x16878c)
#10 0x00007ff001576e50 __libc_start_call_main (libc.so.6 + 0x44e50)
#11 0x00007ff001576efc __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x44efc)
#12 0x00000000004199e5 _start (emacs + 0x199e5)
ELF object binary architecture: AMD x86-64
(ert-test-failed
((should
(eql status 0))
:form
(eql "Bad system call" 0)
:value nil))
FAILED 3/7 emacs-tests/seccomp/allows-stdout (0.229277 sec)
passed 4/7 emacs-tests/seccomp/empty-file (0.012597 sec)
passed 5/7 emacs-tests/seccomp/file-too-large (0.093114 sec)
passed 6/7 emacs-tests/seccomp/forbids-subprocess (0.200229 sec)
passed 7/7 emacs-tests/seccomp/invalid-file-size (0.030348 sec)
Ran 7 tests, 5 results as expected, 2 unexpected (2022-07-02 10:39:58-0700, 1.496530 sec)
2 unexpected results:
FAILED emacs-tests/bwrap/allows-stdout
FAILED emacs-tests/seccomp/allows-stdout
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#56359: seccomp test failures on RHEL 9.0
2022-07-02 17:45 bug#56359: seccomp test failures on RHEL 9.0 Glenn Morris
@ 2022-07-15 14:12 ` Philipp Stephani
2022-07-15 23:35 ` Glenn Morris
2022-10-06 16:56 ` Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors
1 sibling, 1 reply; 12+ messages in thread
From: Philipp Stephani @ 2022-07-15 14:12 UTC (permalink / raw)
To: Glenn Morris; +Cc: 56359
[-- Attachment #1: Type: text/plain, Size: 705 bytes --]
Am Sa., 2. Juli 2022 um 19:46 Uhr schrieb Glenn Morris <rgm@gnu.org>:
>
> Package: emacs
> Version: 28.1.90
> Severity: minor
>
> emacs-28 at e390396e684 on RHEL 9.0:
>
> 2 unexpected results:
> FAILED emacs-tests/bwrap/allows-stdout
> FAILED emacs-tests/seccomp/allows-stdout
>
> From audit.log:
>
> type=SECCOMP msg=audit(1656773029.676:55047): auid=1000 uid=1000 gid=1000
> ses=320 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> pid=2443726 comm="emacs" exe="/src/emacs" sig=31 arch=c000003e syscall=186
> compat=0 ip=0x7f3c04d74dfd code=0x80000000AUID="gmorris" UID="gmorris"
> GID="gmorris" ARCH=x86_64 SYSCALL=gettid
Does the attached patch fix the issue?
[-- Attachment #2: gettid.patch --]
[-- Type: application/octet-stream, Size: 512 bytes --]
diff --git a/lib-src/seccomp-filter.c b/lib-src/seccomp-filter.c
index 9f0de7d64f..090d53d2db 100644
--- a/lib-src/seccomp-filter.c
+++ b/lib-src/seccomp-filter.c
@@ -223,6 +223,7 @@ main (int argc, char **argv)
RULE (SCMP_ACT_ALLOW, SCMP_SYS (getuid));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (geteuid));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (getpid));
+ RULE (SCMP_ACT_ALLOW, SCMP_SYS (gettid));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (getpgrp));
/* Allow operations on open file descriptors. File descriptors are
^ permalink raw reply related [flat|nested] 12+ messages in thread
* bug#56359: seccomp test failures on RHEL 9.0
2022-07-15 14:12 ` Philipp Stephani
@ 2022-07-15 23:35 ` Glenn Morris
2022-07-16 10:50 ` Philipp Stephani
0 siblings, 1 reply; 12+ messages in thread
From: Glenn Morris @ 2022-07-15 23:35 UTC (permalink / raw)
To: Philipp Stephani; +Cc: 56359
Philipp Stephani wrote:
> Does the attached patch fix the issue?
Not entirely. I have to also allow "clone3", then it passes.
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#56359: seccomp test failures on RHEL 9.0
2022-07-15 23:35 ` Glenn Morris
@ 2022-07-16 10:50 ` Philipp Stephani
2022-08-20 12:37 ` Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors
0 siblings, 1 reply; 12+ messages in thread
From: Philipp Stephani @ 2022-07-16 10:50 UTC (permalink / raw)
To: Glenn Morris; +Cc: 56359
> Am 16.07.2022 um 01:35 schrieb Glenn Morris <rgm@gnu.org>:
>
> Philipp Stephani wrote:
>
>> Does the attached patch fix the issue?
>
> Not entirely. I have to also allow "clone3", then it passes.
Hmm, I'm not sure we should allow clone3 unconditionally since it can do lots of things, and I'd expect that its capabilities will only grow over time. OTOH, BPF (or at least the libseccomp library) don't support pointer indirections which would be needed to inspect the structure fields. See https://lwn.net/Articles/822256/.
Any opinions?
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#56359: seccomp test failures on RHEL 9.0
2022-07-16 10:50 ` Philipp Stephani
@ 2022-08-20 12:37 ` Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-11 0:54 ` Lars Ingebrigtsen
0 siblings, 1 reply; 12+ messages in thread
From: Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2022-08-20 12:37 UTC (permalink / raw)
To: Philipp Stephani; +Cc: Glenn Morris, 56359
[-- Attachment #1: Type: text/plain, Size: 303 bytes --]
Philipp Stephani [2022-07-16 12:50 +0200] wrote:
>> Am 16.07.2022 um 01:35 schrieb Glenn Morris <rgm@gnu.org>:
>>
>> Philipp Stephani wrote:
>>
>>> Does the attached patch fix the issue?
>>
>> Not entirely. I have to also allow "clone3", then it passes.
Just adding that I get the same on Debian:
[-- Attachment #2: test-out.log --]
[-- Type: text/plain, Size: 31319 bytes --]
$ make test/emacs-tests
make -C test emacs-tests
make[1]: Entering directory '/home/blc/.local/src/emacs/test'
make[2]: Entering directory '/home/blc/.local/src/emacs/test'
GEN src/emacs-tests.log
Running 7 tests (2022-08-20 13:47:47+0300, selector `(not (or (tag :unstable) (tag :nativecomp)))')
Test emacs-tests/bwrap/allows-stdout backtrace:
signal(ert-test-failed (((should (eql status 0)) :form (eql 159 0) :
ert-fail(((should (eql status 0)) :form (eql 159 0) :value nil))
(if (unwind-protect (setq value-166 (apply fn-164 args-165)) (setq f
(let (form-description-168) (if (unwind-protect (setq value-166 (app
(let ((value-166 'ert-form-evaluation-aborted-167)) (let (form-descr
(let* ((fn-164 #'eql) (args-165 (condition-case err (let ((signal-ho
(let ((ert--infos (cons (cons "Info: " (emacs-tests--seccomp-debug s
(let* ((command (concat (mapconcat #'shell-quote-argument (list (fil
(progn (let* ((command (concat (mapconcat #'shell-quote-argument (li
(unwind-protect (progn (let* ((command (concat (mapconcat #'shell-qu
(save-current-buffer (set-buffer temp-buffer) (unwind-protect (progn
(let ((temp-buffer (generate-new-buffer " *temp*" t))) (save-current
(let ((bash (executable-find "bash")) (bwrap (executable-find "bwrap
(closure (t) nil (let ((bash (executable-find "bash")) (bwrap (execu
ert--run-test-internal(#s(ert--test-execution-info :test #s(ert-test
ert-run-test(#s(ert-test :name emacs-tests/bwrap/allows-stdout :docu
ert-run-or-rerun-test(#s(ert--stats :selector ... :tests ... :test-m
ert-run-tests((not (or (tag :unstable) (tag :nativecomp))) #f(compil
ert-run-tests-batch((not (or (tag :unstable) (tag :nativecomp))))
ert-run-tests-batch-and-exit((not (or (tag :unstable) (tag :nativeco
eval((ert-run-tests-batch-and-exit '(not (or (tag :unstable) (tag :n
command-line-1(("-L" ":." "-l" "ert" "-l" "src/emacs-tests.el" "--ev
command-line()
normal-top-level()
Test emacs-tests/bwrap/allows-stdout condition:
Info: Process output:
Potentially relevant Seccomp audit events:
----
type=SECCOMP msg=audit(08/20/22 13:47:48.032:737) : auid=blc uid=root gid=root ses=4 subj==unconfined pid=45735 comm=emacs exe=/home/blc/.local/src/emacs/src/emacs sig=SIGSYS arch=x86_64 syscall=clone3 compat=0 ip=0x7f1a7810a779 code=kill
Potentially useful coredump information:
PID: 45735 (emacs)
UID: 0 (root)
GID: 0 (root)
Signal: 31 (SYS)
Timestamp: Sat 2022-08-20 13:47:48 EEST (496ms ago)
Command Line: /home/blc/.local/src/emacs/src/emacs --quick --batch $'--eval=(message "Hi")'
Executable: /home/blc/.local/src/emacs/src/emacs
Control Group: /user.slice/user-1000.slice/user@1000.service/app.slice/app-org.gnome.Terminal.slice/vte-spawn-f315a4b7-eae9-425e-940f-6c05c5d86ded.scope
Unit: user@1000.service
User Unit: vte-spawn-f315a4b7-eae9-425e-940f-6c05c5d86ded.scope
Slice: user-1000.slice
Owner UID: 1000 (blc)
Boot ID: 4d8867e0dc1e443589a72674d09ab454
Machine ID: 1eaf00d04e87431584dd7dfc9cf6503c
Hostname: tia
Storage: /var/lib/systemd/coredump/core.emacs.0.4d8867e0dc1e443589a72674d09ab454.45735.1660992468000000.zst (present)
Disk Size: 4.3M
Package: systemd/251.3-1
build-id: b2a6a65bc14c6d8bf2cda8b111ef76d28f5fc236
Message: Process 45735 (emacs) of user 0 dumped core.
Module /home/blc/.local/src/emacs/src/emacs with build-id b2a6a65bc14c6d8bf2cda8b111ef76d28f5fc236
Metadata for module /home/blc/.local/src/emacs/src/emacs owned by FDO found: {
"type" : "deb",
"os" : "debian",
"name" : "systemd",
"architecture" : "amd64",
"version" : "251.3-1",
"debugInfoUrl" : "https://debuginfod.debian.net"
}
Module linux-vdso.so.1 with build-id c9e3a861ce407cfd2ce8f09d76cd130128ae1352
Module libgpg-error.so.0 with build-id 7fdce7d73bd3fde9dc772242e2a0d32fee06ffba
Module libdatrie.so.1 with build-id bdb764243ae69f6faa37d6b969fbbe46cd5476f1
Module libbrotlicommon.so.1 with build-id 3c671f721b58fd96b70ba426a215b3c43847bbf5
Module libicudata.so.71 with build-id c2e714254cd127c573a0f401b369b36455875e5e
Module libblkid.so.1 with build-id d3e947026c74ed40701063d17ae59a2f6e51abcb
Module libfribidi.so.0 with build-id df6a1c7bc544c74c18a8635e3e65965a1fb529c3
Module libpangoft2-1.0.so.0 with build-id 5d1e6389f71ca2629a3347df42eace0bd905e2d7
Module libXdmcp.so.6 with build-id 1d12a8566670c95b1b02e341400060d2d825aade
Module libXau.so.6 with build-id 84ffa90fee1b716cdc7d8349be47ed6ca4761b75
Module libmd.so.0 with build-id bfcdab3e6fabdc0d6f3e3e7d562330e80601a5af
Module libstdc++.so.6 with build-id 7dfada477db09980819a1c06025334829974291d
Module liblz4.so.1 with build-id 964039e18af4b59e5a11f4ad26e9aa5e6a2d5db7
Module libgcrypt.so.20 with build-id d8679f5ba3b9d55740e274eaaf8bea33fa76eaa9
Module libcap.so.2 with build-id a6034f7fc277ee9d9714c2b288b419498225156f
Module librt.so.1 with build-id 7f22e4e1c065a4d32e660f2a4726dacd8514d83e
Module libhogweed.so.6 with build-id bc104618645979735399d88df5bb3b1a81753238
Module libnettle.so.8 with build-id a0fd01631c795d4955e5f6bef9f7e0367b20d13b
Module libtasn1.so.6 with build-id b4bb5ce72e9b65bdfa6d6e38b20bae371d4de7f8
Module libunistring.so.2 with build-id 7d2c9a24ad8e7cb72befdc06cd45cbddd5ee7f48
Module libidn2.so.0 with build-id 631817435528cdf153efd277e62494c990124f26
Module libp11-kit.so.0 with build-id 97832cbdb52c48f1422b9e70802112b0cc6587f3
Module libthai.so.0 with build-id 11b774e6b958fa6734f1a721527e1596e34ecd00
Module libgraphite2.so.3 with build-id 5b00ca1eda239ea043d7eae3b0fd4481560a907e
Module libexpat.so.1 with build-id c0868cbd80e057d01466ce46394075aeb27876d4
Module libbrotlidec.so.1 with build-id 1160b28572b6a6fc5674f5db1333716d4ba9e55f
Module libpcre2-8.so.0 with build-id 5aa43e3778622f4b95261331e97a45be5b87481d
Module libicuuc.so.71 with build-id 0c1744749cfb2e6d9d20139dcf60227b47867b45
Module libxcb-render.so.0 with build-id ca78dfc48f5a2593d9dc3b1d439740c6abad3f1c
Module libxcb-shm.so.0 with build-id 77958cefc38a0b1edb4d0f4b76817b05ac6ec605
Module libpixman-1.so.0 with build-id 2ba0d88f718a0fef93d759cfc90bc650cdee38ba
Module libpcre.so.3 with build-id 612734ba9e42eb4a87f15e845b24a57c99dd9541
Module libffi.so.8 with build-id bb0fa5371874ba431e7cd9dc2df93922de436fa9
Module libmount.so.1 with build-id e29bc51dddfc4e370eb7eac9ff29df81efdbf22c
Module libgmodule-2.0.so.0 with build-id 32f561832b31d1f5aec7f34c0594cc9130a75bc4
Module libgcc_s.so.1 with build-id 6fefc430ca3d24c6cc97810fa2583d4ca0e3794c
Module libpango-1.0.so.0 with build-id 37b2c5dcedb960c3d34f2b46e994fc303830851d
Module libpangocairo-1.0.so.0 with build-id 4851be47f9e74b03ac5907d23fb8bdfdb2c5a444
Module libcairo-gobject.so.2 with build-id 05d67ae9df9913cfc114e0edbeb8bec4a2adc2fb
Module ld-linux-x86-64.so.2 with build-id abf69c277ea8e886c0c83c285d5fe8f81ada6441
Module libdl.so.2 with build-id dd2096999912694a3d4c29ebd26a2e6904ceb1b1
Module libxcb.so.1 with build-id 81156ba79b0ca3ca8d015453e333d16c3fcdc277
Module libbsd.so.0 with build-id 974e49045a7855a26d47583928fa20dbbfd4f530
Module libuuid.so.1 with build-id 6b0f1c26b65771068f1daa425dae3f769ce41a6c
Module libpthread.so.0 with build-id 2d29a9369ab905675e4f1a580aa84728b137aeee
Module libdeflate.so.0 with build-id 5f5cfff374c1e8ce7a3638de94c67be4b869689c
Module libjbig.so.0 with build-id 22813d3e92e574d81165b92701d721fbe4c1861e
Module libLerc.so.4 with build-id 026b7d95da31ef6e69c69dce122973e0cf41e498
Module liblzma.so.5 with build-id 2be514bf14fac8ce94c74072cd951ac7672bc96e
Module libzstd.so.1 with build-id c483624c22368ac21336433d92ac9ce13e6bb2cc
Module libc.so.6 with build-id cd45acadac8913aca3366a212146d20c13e5150b
Module libXcomposite.so.1 with build-id 0586ef2cab90572a843bb13ef98243e960b12689
Module libsqlite3.so.0 with build-id f9195d0176af0e9f0fa37f73b8ec4687840296c0
Module libXi.so.6 with build-id 2c6fa06f89fc78b5ff61504d8f9994ec8ba546d4
Module libgmp.so.10 with build-id 25c73b398493c695a013a6d9d493a8316aac0fa0
Module libjansson.so.4 with build-id aee56a434cb99db267c03a66f3a4ed597cc53f0a
Module libsystemd.so.0 with build-id 784b632d453559127aeb35c4ec82d234f8bb5092
Metadata for module libsystemd.so.0 owned by FDO found: {
"type" : "deb",
"os" : "debian",
"name" : "systemd",
"architecture" : "amd64",
"version" : "251.3-1",
"debugInfoUrl" : "https://debuginfod.debian.net"
}
Module liblcms2.so.2 with build-id ae1a8f204a11235928b730f01834bab7cca52f33
Module libgnutls.so.30 with build-id 333e23f509b65dbbd4c3f4c2dbbd1fe1296d358a
Module libm17n-flt.so.0 with build-id 80254d7011bb83a362cbf250a21aed6440a4ddce
Module libm17n-core.so.0 with build-id 5ceb915e87d90e49bc37353aed2939fd0d025e46
Module libotf.so.1 with build-id 01f83610c060379c362910a50e23ef9b12c8f3a6
Module libharfbuzz.so.0 with build-id d4a75db68352b8ea150e830e6720dc7f241b6c6c
Module libfontconfig.so.1 with build-id 8c5b644189c8ac1878881b552bb60d3059daffe9
Module libfreetype.so.6 with build-id 5d03f612aa76f7a175f1f23e5275809b0db692a4
Module libselinux.so.1 with build-id 8fee861439dcf268ebe3b4434d0151120e330a7e
Module libtinfo.so.6 with build-id 40d011d30ae4d642136c7d8163ad5a3a1e510820
Module libgpm.so.2 with build-id 07aa4da11c1a00d0765db824bd11b9791bf22942
Module libxml2.so.2 with build-id 3b02baa8c3e85d3601b434a4fdfafd383d29d783
Module libXfixes.so.3 with build-id ce96de14725f38faf01784a9c6a492c1f07c45b9
Module libXinerama.so.1 with build-id 5a76407b56b10810711c5345defbdf4e2dad3897
Module libXrandr.so.2 with build-id 0372dfb32a5c0d113819e1167f75c81c751373a8
Module libdbus-1.so.3 with build-id 35b9afe5fb0bb1d0f4d8154c39015cefc16faff6
Module libacl.so.1 with build-id 10f984c014a2f7b28613cd44a98cf1d2e4a5eb24
Module libcairo.so.2 with build-id 48feebcd296c6d353cf5f6e385180362219f166a
Module libglib-2.0.so.0 with build-id 1697a734f1bc7448cd8772689a1c439343f062f7
Module libgobject-2.0.so.0 with build-id d3bbf3140fc6e369396fdae318b5475f3edc9108
Module libgdk_pixbuf-2.0.so.0 with build-id ac93f985fdfa301d08c69d86e9d1d02fa1475426
Module libgio-2.0.so.0 with build-id ebfbf354e8797e0776196fc1eb1facafb2565fd7
Module libm.so.6 with build-id 5a8b027da6e79fa7d9638f9b1beef0c789e7ce92
Module librsvg-2.so.2 with build-id b07fc77a1604a7e4083885c5cfc33e00e8b9b3ec
Module libasound.so.2 with build-id 9499f0332b625cafb50e5d0fac4b9b70c7bcd0dc
Module libXrender.so.1 with build-id 23dd581f5d93297dc5c508f03e224f9860af8217
Module libX11.so.6 with build-id 692ceb08bd361ef2ea7caaa0926de19466d6f3ad
Module libXext.so.6 with build-id 94abf5af6ebe825ecf64f717b6a62d07727af979
Module libICE.so.6 with build-id 6a0429d9840edac7a76507600758dfad21dbae99
Module libSM.so.6 with build-id 934950c93be01703ce94d26738d1f9aa1f7a9096
Module libXt.so.6 with build-id 932a859be84231f3dd466bc0ab6ab50b73924122
Module libXmu.so.6 with build-id 3528615d26bf0f9135a891572710d3dcff99bcd7
Module libXaw3d.so.6 with build-id 6fda728c42c55e0191091b66601f081967e55aa4
Module libwebpdemux.so.2 with build-id b9f941bbea322013385dd6716dbd2289a16f617d
Module libwebp.so.7 with build-id 23fa061dd0c70d882df0f19ca3535ee1c5b142d7
Module libXpm.so.4 with build-id 1f2dd817d18808f7122857a252faa77d6ed56109
Module libgif.so.7 with build-id f9a731f11245de181862edf5563cca8ea9cbc4a3
Module libz.so.1 with build-id e83434bccbc337eb727378b60d562a0a2a1aa297
Module libpng16.so.16 with build-id 033ac7a182a6d139090fbf96d981be8ef242f847
Module libjpeg.so.62 with build-id 368d652b25bccafcf6ab3c9c6381d07fb8393803
Module libtiff.so.5 with build-id 14e6f44bec2833d451aec36cc714e1ecf3827c38
Stack trace of thread 45735:
#0 0x00007f1a7810a779 __clone3 (libc.so.6 + 0x10a779)
ELF object binary architecture: AMD x86-64
(ert-test-failed
((should
(eql status 0))
:form
(eql 159 0)
:value nil))
FAILED 1/7 emacs-tests/bwrap/allows-stdout (0.512569 sec) at src/emacs-tests.el:175
passed 2/7 emacs-tests/seccomp/absent-file (0.020746 sec)
Test emacs-tests/seccomp/allows-stdout backtrace:
signal(ert-test-failed (((should (eql status 0)) :form (eql "Bad sys
ert-fail(((should (eql status 0)) :form (eql "Bad system call" 0) :v
(if (unwind-protect (setq value-102 (apply fn-100 args-101)) (setq f
(let (form-description-104) (if (unwind-protect (setq value-102 (app
(let ((value-102 'ert-form-evaluation-aborted-103)) (let (form-descr
(let* ((fn-100 #'eql) (args-101 (condition-case err (let ((signal-ho
(let ((ert--infos (cons (cons "Info: " (emacs-tests--seccomp-debug s
(let ((start-time (current-time)) (status (call-process emacs nil t
(progn (let ((start-time (current-time)) (status (call-process emacs
(unwind-protect (progn (let ((start-time (current-time)) (status (ca
(save-current-buffer (set-buffer temp-buffer) (unwind-protect (progn
(let ((temp-buffer (generate-new-buffer " *temp*" t))) (save-current
(let ((emacs (expand-file-name invocation-name invocation-directory)
(closure (t) nil (let* ((fn-80 #'string-match-p) (args-81 (condition
ert--run-test-internal(#s(ert--test-execution-info :test #s(ert-test
ert-run-test(#s(ert-test :name emacs-tests/seccomp/allows-stdout :do
ert-run-or-rerun-test(#s(ert--stats :selector ... :tests ... :test-m
ert-run-tests((not (or (tag :unstable) (tag :nativecomp))) #f(compil
ert-run-tests-batch((not (or (tag :unstable) (tag :nativecomp))))
ert-run-tests-batch-and-exit((not (or (tag :unstable) (tag :nativeco
eval((ert-run-tests-batch-and-exit '(not (or (tag :unstable) (tag :n
command-line-1(("-L" ":." "-l" "ert" "-l" "src/emacs-tests.el" "--ev
command-line()
normal-top-level()
Test emacs-tests/seccomp/allows-stdout condition:
Info: Process output:
Potentially relevant Seccomp audit events:
----
type=SECCOMP msg=audit(08/20/22 13:47:48.032:737) : auid=blc uid=root gid=root ses=4 subj==unconfined pid=45735 comm=emacs exe=/home/blc/.local/src/emacs/src/emacs sig=SIGSYS arch=x86_64 syscall=clone3 compat=0 ip=0x7f1a7810a779 code=kill
----
type=SECCOMP msg=audit(08/20/22 13:47:48.760:747) : auid=blc uid=root gid=root ses=4 subj==unconfined pid=45794 comm=emacs exe=/home/blc/.local/src/emacs/src/emacs sig=SIGSYS arch=x86_64 syscall=clone3 compat=0 ip=0x7fe35b30a779 code=kill
Potentially useful coredump information:
PID: 45794 (emacs)
UID: 0 (root)
GID: 0 (root)
Signal: 31 (SYS)
Timestamp: Sat 2022-08-20 13:47:48 EEST (1s ago)
Command Line: /home/blc/.local/src/emacs/src/emacs --quick --batch --seccomp=/home/blc/.local/src/emacs/lib-src/seccomp-filter.bpf $'--eval=(message "Hi")'
Executable: /home/blc/.local/src/emacs/src/emacs
Control Group: /user.slice/user-1000.slice/user@1000.service/app.slice/app-org.gnome.Terminal.slice/vte-spawn-f315a4b7-eae9-425e-940f-6c05c5d86ded.scope
Unit: user@1000.service
User Unit: vte-spawn-f315a4b7-eae9-425e-940f-6c05c5d86ded.scope
Slice: user-1000.slice
Owner UID: 1000 (blc)
Boot ID: 4d8867e0dc1e443589a72674d09ab454
Machine ID: 1eaf00d04e87431584dd7dfc9cf6503c
Hostname: tia
Storage: /var/lib/systemd/coredump/core.emacs.0.4d8867e0dc1e443589a72674d09ab454.45794.1660992468000000.zst (present)
Disk Size: 4.3M
Package: systemd/251.3-1
build-id: b2a6a65bc14c6d8bf2cda8b111ef76d28f5fc236
Message: Process 45794 (emacs) of user 0 dumped core.
Module /home/blc/.local/src/emacs/src/emacs with build-id b2a6a65bc14c6d8bf2cda8b111ef76d28f5fc236
Metadata for module /home/blc/.local/src/emacs/src/emacs owned by FDO found: {
"type" : "deb",
"os" : "debian",
"name" : "systemd",
"architecture" : "amd64",
"version" : "251.3-1",
"debugInfoUrl" : "https://debuginfod.debian.net"
}
Module linux-vdso.so.1 with build-id c9e3a861ce407cfd2ce8f09d76cd130128ae1352
Module libgpg-error.so.0 with build-id 7fdce7d73bd3fde9dc772242e2a0d32fee06ffba
Module libdatrie.so.1 with build-id bdb764243ae69f6faa37d6b969fbbe46cd5476f1
Module libbrotlicommon.so.1 with build-id 3c671f721b58fd96b70ba426a215b3c43847bbf5
Module libicudata.so.71 with build-id c2e714254cd127c573a0f401b369b36455875e5e
Module libblkid.so.1 with build-id d3e947026c74ed40701063d17ae59a2f6e51abcb
Module libfribidi.so.0 with build-id df6a1c7bc544c74c18a8635e3e65965a1fb529c3
Module libpangoft2-1.0.so.0 with build-id 5d1e6389f71ca2629a3347df42eace0bd905e2d7
Module libXdmcp.so.6 with build-id 1d12a8566670c95b1b02e341400060d2d825aade
Module libXau.so.6 with build-id 84ffa90fee1b716cdc7d8349be47ed6ca4761b75
Module libmd.so.0 with build-id bfcdab3e6fabdc0d6f3e3e7d562330e80601a5af
Module libstdc++.so.6 with build-id 7dfada477db09980819a1c06025334829974291d
Module liblz4.so.1 with build-id 964039e18af4b59e5a11f4ad26e9aa5e6a2d5db7
Module libgcrypt.so.20 with build-id d8679f5ba3b9d55740e274eaaf8bea33fa76eaa9
Module libcap.so.2 with build-id a6034f7fc277ee9d9714c2b288b419498225156f
Module librt.so.1 with build-id 7f22e4e1c065a4d32e660f2a4726dacd8514d83e
Module libhogweed.so.6 with build-id bc104618645979735399d88df5bb3b1a81753238
Module libnettle.so.8 with build-id a0fd01631c795d4955e5f6bef9f7e0367b20d13b
Module libtasn1.so.6 with build-id b4bb5ce72e9b65bdfa6d6e38b20bae371d4de7f8
Module libunistring.so.2 with build-id 7d2c9a24ad8e7cb72befdc06cd45cbddd5ee7f48
Module libidn2.so.0 with build-id 631817435528cdf153efd277e62494c990124f26
Module libp11-kit.so.0 with build-id 97832cbdb52c48f1422b9e70802112b0cc6587f3
Module libthai.so.0 with build-id 11b774e6b958fa6734f1a721527e1596e34ecd00
Module libgraphite2.so.3 with build-id 5b00ca1eda239ea043d7eae3b0fd4481560a907e
Module libexpat.so.1 with build-id c0868cbd80e057d01466ce46394075aeb27876d4
Module libbrotlidec.so.1 with build-id 1160b28572b6a6fc5674f5db1333716d4ba9e55f
Module libpcre2-8.so.0 with build-id 5aa43e3778622f4b95261331e97a45be5b87481d
Module libicuuc.so.71 with build-id 0c1744749cfb2e6d9d20139dcf60227b47867b45
Module libxcb-render.so.0 with build-id ca78dfc48f5a2593d9dc3b1d439740c6abad3f1c
Module libxcb-shm.so.0 with build-id 77958cefc38a0b1edb4d0f4b76817b05ac6ec605
Module libpixman-1.so.0 with build-id 2ba0d88f718a0fef93d759cfc90bc650cdee38ba
Module libpcre.so.3 with build-id 612734ba9e42eb4a87f15e845b24a57c99dd9541
Module libffi.so.8 with build-id bb0fa5371874ba431e7cd9dc2df93922de436fa9
Module libmount.so.1 with build-id e29bc51dddfc4e370eb7eac9ff29df81efdbf22c
Module libgmodule-2.0.so.0 with build-id 32f561832b31d1f5aec7f34c0594cc9130a75bc4
Module libgcc_s.so.1 with build-id 6fefc430ca3d24c6cc97810fa2583d4ca0e3794c
Module libpango-1.0.so.0 with build-id 37b2c5dcedb960c3d34f2b46e994fc303830851d
Module libpangocairo-1.0.so.0 with build-id 4851be47f9e74b03ac5907d23fb8bdfdb2c5a444
Module libcairo-gobject.so.2 with build-id 05d67ae9df9913cfc114e0edbeb8bec4a2adc2fb
Module ld-linux-x86-64.so.2 with build-id abf69c277ea8e886c0c83c285d5fe8f81ada6441
Module libdl.so.2 with build-id dd2096999912694a3d4c29ebd26a2e6904ceb1b1
Module libxcb.so.1 with build-id 81156ba79b0ca3ca8d015453e333d16c3fcdc277
Module libbsd.so.0 with build-id 974e49045a7855a26d47583928fa20dbbfd4f530
Module libuuid.so.1 with build-id 6b0f1c26b65771068f1daa425dae3f769ce41a6c
Module libpthread.so.0 with build-id 2d29a9369ab905675e4f1a580aa84728b137aeee
Module libdeflate.so.0 with build-id 5f5cfff374c1e8ce7a3638de94c67be4b869689c
Module libjbig.so.0 with build-id 22813d3e92e574d81165b92701d721fbe4c1861e
Module libLerc.so.4 with build-id 026b7d95da31ef6e69c69dce122973e0cf41e498
Module liblzma.so.5 with build-id 2be514bf14fac8ce94c74072cd951ac7672bc96e
Module libzstd.so.1 with build-id c483624c22368ac21336433d92ac9ce13e6bb2cc
Module libc.so.6 with build-id cd45acadac8913aca3366a212146d20c13e5150b
Module libXcomposite.so.1 with build-id 0586ef2cab90572a843bb13ef98243e960b12689
Module libsqlite3.so.0 with build-id f9195d0176af0e9f0fa37f73b8ec4687840296c0
Module libXi.so.6 with build-id 2c6fa06f89fc78b5ff61504d8f9994ec8ba546d4
Module libgmp.so.10 with build-id 25c73b398493c695a013a6d9d493a8316aac0fa0
Module libjansson.so.4 with build-id aee56a434cb99db267c03a66f3a4ed597cc53f0a
Module libsystemd.so.0 with build-id 784b632d453559127aeb35c4ec82d234f8bb5092
Metadata for module libsystemd.so.0 owned by FDO found: {
"type" : "deb",
"os" : "debian",
"name" : "systemd",
"architecture" : "amd64",
"version" : "251.3-1",
"debugInfoUrl" : "https://debuginfod.debian.net"
}
Module liblcms2.so.2 with build-id ae1a8f204a11235928b730f01834bab7cca52f33
Module libgnutls.so.30 with build-id 333e23f509b65dbbd4c3f4c2dbbd1fe1296d358a
Module libm17n-flt.so.0 with build-id 80254d7011bb83a362cbf250a21aed6440a4ddce
Module libm17n-core.so.0 with build-id 5ceb915e87d90e49bc37353aed2939fd0d025e46
Module libotf.so.1 with build-id 01f83610c060379c362910a50e23ef9b12c8f3a6
Module libharfbuzz.so.0 with build-id d4a75db68352b8ea150e830e6720dc7f241b6c6c
Module libfontconfig.so.1 with build-id 8c5b644189c8ac1878881b552bb60d3059daffe9
Module libfreetype.so.6 with build-id 5d03f612aa76f7a175f1f23e5275809b0db692a4
Module libselinux.so.1 with build-id 8fee861439dcf268ebe3b4434d0151120e330a7e
Module libtinfo.so.6 with build-id 40d011d30ae4d642136c7d8163ad5a3a1e510820
Module libgpm.so.2 with build-id 07aa4da11c1a00d0765db824bd11b9791bf22942
Module libxml2.so.2 with build-id 3b02baa8c3e85d3601b434a4fdfafd383d29d783
Module libXfixes.so.3 with build-id ce96de14725f38faf01784a9c6a492c1f07c45b9
Module libXinerama.so.1 with build-id 5a76407b56b10810711c5345defbdf4e2dad3897
Module libXrandr.so.2 with build-id 0372dfb32a5c0d113819e1167f75c81c751373a8
Module libdbus-1.so.3 with build-id 35b9afe5fb0bb1d0f4d8154c39015cefc16faff6
Module libacl.so.1 with build-id 10f984c014a2f7b28613cd44a98cf1d2e4a5eb24
Module libcairo.so.2 with build-id 48feebcd296c6d353cf5f6e385180362219f166a
Module libglib-2.0.so.0 with build-id 1697a734f1bc7448cd8772689a1c439343f062f7
Module libgobject-2.0.so.0 with build-id d3bbf3140fc6e369396fdae318b5475f3edc9108
Module libgdk_pixbuf-2.0.so.0 with build-id ac93f985fdfa301d08c69d86e9d1d02fa1475426
Module libgio-2.0.so.0 with build-id ebfbf354e8797e0776196fc1eb1facafb2565fd7
Module libm.so.6 with build-id 5a8b027da6e79fa7d9638f9b1beef0c789e7ce92
Module librsvg-2.so.2 with build-id b07fc77a1604a7e4083885c5cfc33e00e8b9b3ec
Module libasound.so.2 with build-id 9499f0332b625cafb50e5d0fac4b9b70c7bcd0dc
Module libXrender.so.1 with build-id 23dd581f5d93297dc5c508f03e224f9860af8217
Module libX11.so.6 with build-id 692ceb08bd361ef2ea7caaa0926de19466d6f3ad
Module libXext.so.6 with build-id 94abf5af6ebe825ecf64f717b6a62d07727af979
Module libICE.so.6 with build-id 6a0429d9840edac7a76507600758dfad21dbae99
Module libSM.so.6 with build-id 934950c93be01703ce94d26738d1f9aa1f7a9096
Module libXt.so.6 with build-id 932a859be84231f3dd466bc0ab6ab50b73924122
Module libXmu.so.6 with build-id 3528615d26bf0f9135a891572710d3dcff99bcd7
Module libXaw3d.so.6 with build-id 6fda728c42c55e0191091b66601f081967e55aa4
Module libwebpdemux.so.2 with build-id b9f941bbea322013385dd6716dbd2289a16f617d
Module libwebp.so.7 with build-id 23fa061dd0c70d882df0f19ca3535ee1c5b142d7
Module libXpm.so.4 with build-id 1f2dd817d18808f7122857a252faa77d6ed56109
Module libgif.so.7 with build-id f9a731f11245de181862edf5563cca8ea9cbc4a3
Module libz.so.1 with build-id e83434bccbc337eb727378b60d562a0a2a1aa297
Module libpng16.so.16 with build-id 033ac7a182a6d139090fbf96d981be8ef242f847
Module libjpeg.so.62 with build-id 368d652b25bccafcf6ab3c9c6381d07fb8393803
Module libtiff.so.5 with build-id 14e6f44bec2833d451aec36cc714e1ecf3827c38
Stack trace of thread 45794:
#0 0x00007fe35b30a779 __clone3 (libc.so.6 + 0x10a779)
ELF object binary architecture: AMD x86-64
(ert-test-failed
((should
(eql status 0))
:form
(eql "Bad system call" 0)
:value nil))
FAILED 3/7 emacs-tests/seccomp/allows-stdout (0.469686 sec) at src/emacs-tests.el:122
passed 4/7 emacs-tests/seccomp/empty-file (0.018709 sec)
passed 5/7 emacs-tests/seccomp/file-too-large (0.037040 sec)
passed 6/7 emacs-tests/seccomp/forbids-subprocess (0.450736 sec)
passed 7/7 emacs-tests/seccomp/invalid-file-size (0.032066 sec)
Ran 7 tests, 5 results as expected, 2 unexpected (2022-08-20 13:47:49+0300, 1.870842 sec)
2 unexpected results:
FAILED emacs-tests/bwrap/allows-stdout
FAILED emacs-tests/seccomp/allows-stdout
make[2]: *** [Makefile:174: src/emacs-tests.log] Error 1
make[2]: Leaving directory '/home/blc/.local/src/emacs/test'
make[1]: *** [Makefile:240: src/emacs-tests] Error 2
make[1]: Leaving directory '/home/blc/.local/src/emacs/test'
make: *** [Makefile:1022: test/emacs-tests] Error 2
[-- Attachment #3: Type: text/plain, Size: 4073 bytes --]
This with:
$ /lib/x86_64-linux-gnu/libc.so.6
GNU C Library (Debian GLIBC 2.34-3) stable release version 2.34.
Copyright (C) 2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 11.3.0.
libc ABIs: UNIQUE IFUNC ABSOLUTE
> Hmm, I'm not sure we should allow clone3 unconditionally since it can do lots of
> things, and I'd expect that its capabilities will only grow over time. OTOH, BPF
> (or at least the libseccomp library) don't support pointer indirections which
> would be needed to inspect the structure fields. See
> https://lwn.net/Articles/822256/.
> Any opinions?
No opinion from me, but FWIW Docker seems to allow clone3 in its default
policy:
https://github.com/docker/docker-ce/commit/522fcd0056
https://github.com/containerd/containerd/pull/5982
Thanks,
--
Basil
In GNU Emacs 29.0.50 (build 1, x86_64-pc-linux-gnu, X toolkit, cairo version 1.16.0, Xaw3d scroll bars)
of 2022-08-20 built on tia
Repository revision: 3312710fd672021b17983ef2287dbd57a9a110a1
Repository branch: master
Windowing system distributor 'The X.Org Foundation', version 11.0.12101004
System Description: Debian GNU/Linux bookworm/sid
Configured using:
'configure 'CFLAGS=-Og -ggdb3' --config-cache --prefix=/home/blc/.local
--enable-checking=structs --with-file-notification=yes
--with-x-toolkit=lucid --with-x'
Configured features:
ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG
JSON LCMS2 LIBOTF LIBSELINUX LIBSYSTEMD LIBXML2 M17N_FLT MODULES NOTIFY
INOTIFY PDUMPER PNG RSVG SECCOMP SOUND SQLITE3 THREADS TIFF
TOOLKIT_SCROLL_BARS WEBP X11 XAW3D XDBE XIM XINPUT2 XPM LUCID ZLIB
Important settings:
value of $LANG: en_IE.UTF-8
value of $XMODIFIERS: @im=ibus
locale-coding-system: utf-8-unix
Major mode: Lisp Interaction
Minor modes in effect:
tooltip-mode: t
global-eldoc-mode: t
eldoc-mode: t
show-paren-mode: t
electric-indent-mode: t
mouse-wheel-mode: t
tool-bar-mode: t
menu-bar-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
blink-cursor-mode: t
line-number-mode: t
indent-tabs-mode: t
transient-mark-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
Load-path shadows:
None found.
Features:
(shadow sort mail-extr emacsbug message mailcap yank-media puny dired
dired-loaddefs rfc822 mml mml-sec password-cache epa derived epg rfc6068
epg-config gnus-util text-property-search time-date subr-x mm-decode
mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader
cl-loaddefs cl-lib sendmail rfc2047 rfc2045 ietf-drums mm-util
mail-prsvr mail-utils rmc iso-transl tooltip eldoc paren electric
uniquify ediff-hook vc-hooks lisp-float-type elisp-mode mwheel
term/x-win x-win term/common-win x-dnd tool-bar dnd fontset image
regexp-opt fringe tabulated-list replace newcomment text-mode lisp-mode
prog-mode register page tab-bar menu-bar rfn-eshadow isearch easymenu
timer select scroll-bar mouse jit-lock font-lock syntax font-core
term/tty-colors frame minibuffer nadvice seq simple cl-generic
indonesian philippine cham georgian utf-8-lang misc-lang vietnamese
tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek
romanian slovak czech european ethiopic indian cyrillic chinese
composite emoji-zwj charscript charprop case-table epa-hook
jka-cmpr-hook help abbrev obarray oclosure cl-preloaded button loaddefs
faces cus-face macroexp files window text-properties overlay sha1 md5
base64 format env code-pages mule custom widget keymap
hashtable-print-readable backquote threads dbusbind inotify lcms2
dynamic-setting system-font-setting font-render-setting cairo x-toolkit
xinput2 x multi-tty make-network-process emacs)
Memory information:
((conses 16 36336 7449)
(symbols 48 5084 0)
(strings 32 13829 1888)
(string-bytes 1 381827)
(vectors 16 9205)
(vector-slots 8 145425 12943)
(floats 8 23 25)
(intervals 56 236 0)
(buffers 992 10))
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#56359: seccomp test failures on RHEL 9.0
2022-07-02 17:45 bug#56359: seccomp test failures on RHEL 9.0 Glenn Morris
2022-07-15 14:12 ` Philipp Stephani
@ 2022-10-06 16:56 ` Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 11:56 ` Lars Ingebrigtsen
1 sibling, 1 reply; 12+ messages in thread
From: Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2022-10-06 16:56 UTC (permalink / raw)
To: p.stephani2; +Cc: 56359, Glenn Morris
found 56359 28.2.50
found 56359 29.0.50
quit
Glenn Morris [2022-07-02 13:45 -0400] wrote:
> emacs-28 at e390396e684 on RHEL 9.0:
>
> 2 unexpected results:
> FAILED emacs-tests/bwrap/allows-stdout
> FAILED emacs-tests/seccomp/allows-stdout
I'm still seeing these failures. Considering their history (bug#47708,
bug#47828, bug#51073, bug#53504, bug#57301), perhaps these tests should
be tagged as :unstable?
Thanks,
--
Basil
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#56359: seccomp test failures on RHEL 9.0
2022-10-06 16:56 ` Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors
@ 2022-10-07 11:56 ` Lars Ingebrigtsen
0 siblings, 0 replies; 12+ messages in thread
From: Lars Ingebrigtsen @ 2022-10-07 11:56 UTC (permalink / raw)
To: p.stephani2; +Cc: Basil L. Contovounesios, 56359, Glenn Morris
"Basil L. Contovounesios" via "Bug reports for GNU Emacs, the Swiss army
knife of text editors" <bug-gnu-emacs@gnu.org> writes:
> Glenn Morris [2022-07-02 13:45 -0400] wrote:
>
>> emacs-28 at e390396e684 on RHEL 9.0:
>>
>> 2 unexpected results:
>> FAILED emacs-tests/bwrap/allows-stdout
>> FAILED emacs-tests/seccomp/allows-stdout
>
> I'm still seeing these failures. Considering their history (bug#47708,
> bug#47828, bug#51073, bug#53504, bug#57301), perhaps these tests should
> be tagged as :unstable?
They've certainly been problematic, so perhaps that's the best solution
as this point. Perhaps it would be possible to avoid marking them as
unstable on platforms they're known to be working (and should continue
working)? I'm not at all sure how to get as such a list, though.
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#56359: seccomp test failures on RHEL 9.0
2022-08-20 12:37 ` Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors
@ 2022-10-11 0:54 ` Lars Ingebrigtsen
2022-10-11 12:36 ` Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors
0 siblings, 1 reply; 12+ messages in thread
From: Lars Ingebrigtsen @ 2022-10-11 0:54 UTC (permalink / raw)
To: Basil L. Contovounesios; +Cc: Glenn Morris, Philipp Stephani, 56359
I've now applied Philipp's patch (adding gettid), and Paul has fixed
other bits here in 345de32a.
Does the tests pass on RHEL on "master" now?
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#56359: seccomp test failures on RHEL 9.0
2022-10-11 0:54 ` Lars Ingebrigtsen
@ 2022-10-11 12:36 ` Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-11 17:43 ` Paul Eggert
0 siblings, 1 reply; 12+ messages in thread
From: Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2022-10-11 12:36 UTC (permalink / raw)
To: Lars Ingebrigtsen; +Cc: Glenn Morris, Philipp Stephani, Paul Eggert, 56359
[-- Attachment #1: Type: text/plain, Size: 285 bytes --]
Lars Ingebrigtsen [2022-10-11 02:54 +0200] wrote:
> I've now applied Philipp's patch (adding gettid), and Paul has fixed
> other bits here in 345de32a.
Thanks.
> Does the tests pass on RHEL on "master" now?
Can't say for RHEL, but on Debian I get an error for syscall=pidfd_open:
[-- Attachment #2: emacs-tests.log --]
[-- Type: text/plain, Size: 29308 bytes --]
Running 7 tests (2022-10-11 15:27:16+0300, selector `(not (or (tag :expensive-test) (tag :unstable) (tag :nativecomp)))')
Test emacs-tests/bwrap/allows-stdout backtrace:
signal(ert-test-failed (((should (eql status 0)) :form (eql 159 0) :
ert-fail(((should (eql status 0)) :form (eql 159 0) :value nil))
#f(compiled-function () #<bytecode -0xe0c79656d3a65ec>)()
ert--run-test-internal(#s(ert--test-execution-info :test #s(ert-test
ert-run-test(#s(ert-test :name emacs-tests/bwrap/allows-stdout :docu
ert-run-or-rerun-test(#s(ert--stats :selector (not (or ... ... ...))
ert-run-tests((not (or (tag :expensive-test) (tag :unstable) (tag :n
ert-run-tests-batch((not (or (tag :expensive-test) (tag :unstable) (
ert-run-tests-batch-and-exit((not (or (tag :expensive-test) (tag :un
eval((ert-run-tests-batch-and-exit '(not (or (tag :expensive-test) (
command-line-1(("-L" ":." "-l" "ert" "-l" "src/emacs-tests" "--eval"
command-line()
normal-top-level()
Test emacs-tests/bwrap/allows-stdout condition:
Info: Process output:
Potentially relevant Seccomp audit events:
----
type=SECCOMP msg=audit(10/11/22 15:27:16.211:2373) : auid=blc uid=root gid=root ses=3 subj=unconfined pid=318911 comm=emacs exe=/home/blc/.local/src/emacs/src/emacs sig=SIGSYS arch=x86_64 syscall=pidfd_open compat=0 ip=0x7f37c9503859 code=kill
Potentially useful coredump information:
PID: 318911 (emacs)
UID: 0 (root)
GID: 0 (root)
Signal: 31 (SYS)
Timestamp: Tue 2022-10-11 15:27:16 EEST (593ms ago)
Command Line: /home/blc/.local/src/emacs/src/emacs --quick --batch $'--eval=(message "Hi")'
Executable: /home/blc/.local/src/emacs/src/emacs
Control Group: /user.slice/user-1000.slice/user@1000.service/app.slice/app-org.gnome.Terminal.slice/vte-spawn-03d902e7-d88b-42b9-8e05-540e380186c3.scope
Unit: user@1000.service
User Unit: vte-spawn-03d902e7-d88b-42b9-8e05-540e380186c3.scope
Slice: user-1000.slice
Owner UID: 1000 (blc)
Boot ID: 5f7a30b1c98644cd92904f59658b6bd7
Machine ID: 1eaf00d04e87431584dd7dfc9cf6503c
Hostname: tia
Storage: /var/lib/systemd/coredump/core.emacs.0.5f7a30b1c98644cd92904f59658b6bd7.318911.1665491236000000.zst (present)
Disk Size: 4.2M
Package: systemd/251.5-1
build-id: 104d02501574655e7bf9d87f14c9d6a537b0446f
Message: Process 318911 (emacs) of user 0 dumped core.
Module /home/blc/.local/src/emacs/src/emacs with build-id 104d02501574655e7bf9d87f14c9d6a537b0446f
Metadata for module /home/blc/.local/src/emacs/src/emacs owned by FDO found: {
"type" : "deb",
"os" : "debian",
"name" : "systemd",
"architecture" : "amd64",
"version" : "251.5-1",
"debugInfoUrl" : "https://debuginfod.debian.net"
}
Module linux-vdso.so.1 with build-id e14a78332591687c6ecc5aaab7d80c97f73059c7
Module libgpg-error.so.0 with build-id 7fdce7d73bd3fde9dc772242e2a0d32fee06ffba
Module libdatrie.so.1 with build-id 57f62fe2ce6d6db200f0f8cfee3cc987b25a9e2f
Module libbrotlicommon.so.1 with build-id 3c671f721b58fd96b70ba426a215b3c43847bbf5
Module libicudata.so.71 with build-id c2e714254cd127c573a0f401b369b36455875e5e
Module libblkid.so.1 with build-id d3e947026c74ed40701063d17ae59a2f6e51abcb
Module libfribidi.so.0 with build-id df6a1c7bc544c74c18a8635e3e65965a1fb529c3
Module libpangoft2-1.0.so.0 with build-id 7665226d35e490413282233bb338a8ad7fa67343
Module libXdmcp.so.6 with build-id 1d12a8566670c95b1b02e341400060d2d825aade
Module libXau.so.6 with build-id 84ffa90fee1b716cdc7d8349be47ed6ca4761b75
Module libmd.so.0 with build-id bfcdab3e6fabdc0d6f3e3e7d562330e80601a5af
Module libstdc++.so.6 with build-id 00bbb52a4fbeaea07adbaa5ddc677c5d83686151
Module liblz4.so.1 with build-id 29e700d84270c3d01e8e156816591eb4e1b1ea77
Module libgcrypt.so.20 with build-id d8679f5ba3b9d55740e274eaaf8bea33fa76eaa9
Module libcap.so.2 with build-id a6034f7fc277ee9d9714c2b288b419498225156f
Module libhogweed.so.6 with build-id 568595f2db0c8a2a59fc8aeb153db78ca51d0168
Module libnettle.so.8 with build-id df9d509c9055db57df09603aab0fc4c66ad2837c
Module libtasn1.so.6 with build-id 1d312752ce136a80ebceeb73404c90fbd4e4f78d
Module libunistring.so.2 with build-id 926062d8c8d5bfcbfaf7bad9b41cf4f073ee521e
Module libidn2.so.0 with build-id ddba28970641f1f110f7585d57dc5867e2ee4ffd
Module libp11-kit.so.0 with build-id 97832cbdb52c48f1422b9e70802112b0cc6587f3
Module libthai.so.0 with build-id 11b774e6b958fa6734f1a721527e1596e34ecd00
Module libgraphite2.so.3 with build-id 5b00ca1eda239ea043d7eae3b0fd4481560a907e
Module libexpat.so.1 with build-id 0fa805792649d58f26fa59d23e9f5355ba67cca2
Module libbrotlidec.so.1 with build-id 1160b28572b6a6fc5674f5db1333716d4ba9e55f
Module libicuuc.so.71 with build-id 0c1744749cfb2e6d9d20139dcf60227b47867b45
Module libxcb-render.so.0 with build-id ca78dfc48f5a2593d9dc3b1d439740c6abad3f1c
Module libxcb-shm.so.0 with build-id 77958cefc38a0b1edb4d0f4b76817b05ac6ec605
Module libpixman-1.so.0 with build-id 2ba0d88f718a0fef93d759cfc90bc650cdee38ba
Module libpcre2-8.so.0 with build-id 5aa43e3778622f4b95261331e97a45be5b87481d
Module libffi.so.8 with build-id bb0fa5371874ba431e7cd9dc2df93922de436fa9
Module libmount.so.1 with build-id e29bc51dddfc4e370eb7eac9ff29df81efdbf22c
Module libgmodule-2.0.so.0 with build-id aebe8374486d296d7f8719f4cd5c2c6cdab1b700
Module libgcc_s.so.1 with build-id ff2b0e1755c393b12a0264f0115b14e8c9b6afcf
Module libpango-1.0.so.0 with build-id 56468d1b5210773cf31bb8be42a16ef199a38b86
Module libpangocairo-1.0.so.0 with build-id d625ce8d575bda90b74d2a3a89120405e3202d27
Module libcairo-gobject.so.2 with build-id 05d67ae9df9913cfc114e0edbeb8bec4a2adc2fb
Module ld-linux-x86-64.so.2 with build-id 2ec911d934ee173b32b5625478021b9423297733
Module libdl.so.2 with build-id 99d3223bb13e4fd9ac0c12a317ec58792029ba45
Module libxcb.so.1 with build-id 81156ba79b0ca3ca8d015453e333d16c3fcdc277
Module libbsd.so.0 with build-id 59d1016d46647c60df4cb173dc39fc1c0d98d370
Module libuuid.so.1 with build-id 6b0f1c26b65771068f1daa425dae3f769ce41a6c
Module libpthread.so.0 with build-id 153269de6762974703648c928443c1dc953e9bf0
Module libdeflate.so.0 with build-id 8dd45d05f8c7bacfe3e762adce0626c61767fe22
Module libjbig.so.0 with build-id 22813d3e92e574d81165b92701d721fbe4c1861e
Module libLerc.so.4 with build-id 026b7d95da31ef6e69c69dce122973e0cf41e498
Module liblzma.so.5 with build-id 2be514bf14fac8ce94c74072cd951ac7672bc96e
Module libzstd.so.1 with build-id c483624c22368ac21336433d92ac9ce13e6bb2cc
Module libc.so.6 with build-id 27c3fba848db13b62a9bcaf7439610ca18cd1787
Module libXcomposite.so.1 with build-id 0586ef2cab90572a843bb13ef98243e960b12689
Module libsqlite3.so.0 with build-id 32f1b847ed24dec95841095b18bac68d420ab268
Module libXi.so.6 with build-id 60f9e002b7042dc62091e10622202c9c2e8a093c
Module libgmp.so.10 with build-id 0c00b6d88e6ba3d5177fdae0bd46d8b9d007dc59
Module libjansson.so.4 with build-id aee56a434cb99db267c03a66f3a4ed597cc53f0a
Module libsystemd.so.0 with build-id cc8981b2d8d45ec2f9520277b7f56de7c79dfdb4
Metadata for module libsystemd.so.0 owned by FDO found: {
"type" : "deb",
"os" : "debian",
"name" : "systemd",
"architecture" : "amd64",
"version" : "251.5-1",
"debugInfoUrl" : "https://debuginfod.debian.net"
}
Module libz.so.1 with build-id 19168f84642e8fe27700f92388598565e59048ee
Module liblcms2.so.2 with build-id 722394b7032f9933b9bdd5dc1bae3212e62c2f5e
Module libgnutls.so.30 with build-id 333e23f509b65dbbd4c3f4c2dbbd1fe1296d358a
Module libm17n-flt.so.0 with build-id 80254d7011bb83a362cbf250a21aed6440a4ddce
Module libm17n-core.so.0 with build-id 5ceb915e87d90e49bc37353aed2939fd0d025e46
Module libotf.so.1 with build-id 1a89538b29cabc88ff5f609c5dd0080d9ce421e7
Module libharfbuzz.so.0 with build-id e0b44ba44fec74d8e3adee232f6477dd3bc7e0f2
Module libfontconfig.so.1 with build-id 3209e243ebaf08c058f6a17b9037cbdfecc3e72c
Module libfreetype.so.6 with build-id 5d03f612aa76f7a175f1f23e5275809b0db692a4
Module libselinux.so.1 with build-id 827b23e6391a3374fa79e36bca36c41c8e6d29e4
Module libtinfo.so.6 with build-id 40d011d30ae4d642136c7d8163ad5a3a1e510820
Module libgpm.so.2 with build-id 07aa4da11c1a00d0765db824bd11b9791bf22942
Module libxml2.so.2 with build-id 3b02baa8c3e85d3601b434a4fdfafd383d29d783
Module libXfixes.so.3 with build-id 515e2f9139aadc9e275abbfe7c0aa49a0d31b8cb
Module libXinerama.so.1 with build-id 5a76407b56b10810711c5345defbdf4e2dad3897
Module libXrandr.so.2 with build-id 0372dfb32a5c0d113819e1167f75c81c751373a8
Module libdbus-1.so.3 with build-id d5f96ed72fb9faefa5d75bbc79db165e895f506f
Module libacl.so.1 with build-id 10f984c014a2f7b28613cd44a98cf1d2e4a5eb24
Module libcairo.so.2 with build-id 48feebcd296c6d353cf5f6e385180362219f166a
Module libglib-2.0.so.0 with build-id bb4f45b154fabbfb52325e26388bc1eb94154c5a
Module libgobject-2.0.so.0 with build-id e085864b2e5e90fe1dcd4a9c4698a0446e7f79ff
Module libgdk_pixbuf-2.0.so.0 with build-id 2c2c8cf1085b910a682d0ac9078dce999e2a875f
Module libgio-2.0.so.0 with build-id bf0e6362e7b2f342570cc7d28c2708b09b3634c9
Module libm.so.6 with build-id 89539382d8498ed1ab6426f442dbfd2976e9303c
Module librsvg-2.so.2 with build-id db07b8609508e07840554ca6563f953996daa8e9
Module libasound.so.2 with build-id 9499f0332b625cafb50e5d0fac4b9b70c7bcd0dc
Module libXrender.so.1 with build-id 23dd581f5d93297dc5c508f03e224f9860af8217
Module libX11.so.6 with build-id 692ceb08bd361ef2ea7caaa0926de19466d6f3ad
Module libXext.so.6 with build-id d3ac3e1515190245564a30a611f4a2a4eb94a617
Module libICE.so.6 with build-id 6a0429d9840edac7a76507600758dfad21dbae99
Module libSM.so.6 with build-id 934950c93be01703ce94d26738d1f9aa1f7a9096
Module libXt.so.6 with build-id 932a859be84231f3dd466bc0ab6ab50b73924122
Module libXmu.so.6 with build-id 3528615d26bf0f9135a891572710d3dcff99bcd7
Module libXaw3d.so.6 with build-id 6fda728c42c55e0191091b66601f081967e55aa4
Module libwebp.so.7 with build-id 23fa061dd0c70d882df0f19ca3535ee1c5b142d7
Module libwebpdemux.so.2 with build-id b9f941bbea322013385dd6716dbd2289a16f617d
Module libXpm.so.4 with build-id 1f2dd817d18808f7122857a252faa77d6ed56109
Module libgif.so.7 with build-id f9a731f11245de181862edf5563cca8ea9cbc4a3
Module libpng16.so.16 with build-id 24720328fb61293ea32d8283c030fc0431082f65
Module libjpeg.so.62 with build-id 12da81e724cd81f4c71e54182d94d21f2bab27df
Module libtiff.so.5 with build-id 14e6f44bec2833d451aec36cc714e1ecf3827c38
Stack trace of thread 318911:
#0 0x00007f37c9503859 syscall (libc.so.6 + 0x103859)
#1 0x00007f37ca2d28d0 g_child_watch_source_new (libglib-2.0.so.0 + 0x558d0)
#2 0x000055e207d55f57 n/a (/home/blc/.local/src/emacs/src/emacs + 0x1e4f57)
ELF object binary architecture: AMD x86-64
(ert-test-failed
((should
(eql status 0))
:form
(eql 159 0)
:value nil))
FAILED 1/7 emacs-tests/bwrap/allows-stdout (0.413491 sec) at src/emacs-tests.el:175
passed 2/7 emacs-tests/seccomp/absent-file (0.033529 sec)
Test emacs-tests/seccomp/allows-stdout backtrace:
signal(ert-test-failed (((should (eql status 0)) :form (eql "Bad sys
ert-fail(((should (eql status 0)) :form (eql "Bad system call" 0) :v
#f(compiled-function () #<bytecode -0x436deb186b34287>)()
ert--run-test-internal(#s(ert--test-execution-info :test #s(ert-test
ert-run-test(#s(ert-test :name emacs-tests/seccomp/allows-stdout :do
ert-run-or-rerun-test(#s(ert--stats :selector (not (or ... ... ...))
ert-run-tests((not (or (tag :expensive-test) (tag :unstable) (tag :n
ert-run-tests-batch((not (or (tag :expensive-test) (tag :unstable) (
ert-run-tests-batch-and-exit((not (or (tag :expensive-test) (tag :un
eval((ert-run-tests-batch-and-exit '(not (or (tag :expensive-test) (
command-line-1(("-L" ":." "-l" "ert" "-l" "src/emacs-tests" "--eval"
command-line()
normal-top-level()
Test emacs-tests/seccomp/allows-stdout condition:
Info: Process output:
Potentially relevant Seccomp audit events:
----
type=SECCOMP msg=audit(10/11/22 15:27:16.211:2373) : auid=blc uid=root gid=root ses=3 subj=unconfined pid=318911 comm=emacs exe=/home/blc/.local/src/emacs/src/emacs sig=SIGSYS arch=x86_64 syscall=pidfd_open compat=0 ip=0x7f37c9503859 code=kill
----
type=SECCOMP msg=audit(10/11/22 15:27:16.823:2383) : auid=blc uid=root gid=root ses=3 subj=unconfined pid=318937 comm=emacs exe=/home/blc/.local/src/emacs/src/emacs sig=SIGSYS arch=x86_64 syscall=pidfd_open compat=0 ip=0x7f7669903859 code=kill
Potentially useful coredump information:
PID: 318937 (emacs)
UID: 0 (root)
GID: 0 (root)
Signal: 31 (SYS)
Timestamp: Tue 2022-10-11 15:27:16 EEST (1s ago)
Command Line: /home/blc/.local/src/emacs/src/emacs --quick --batch --seccomp=/home/blc/.local/src/emacs/lib-src/seccomp-filter.bpf $'--eval=(message "Hi")'
Executable: /home/blc/.local/src/emacs/src/emacs
Control Group: /user.slice/user-1000.slice/user@1000.service/app.slice/app-org.gnome.Terminal.slice/vte-spawn-03d902e7-d88b-42b9-8e05-540e380186c3.scope
Unit: user@1000.service
User Unit: vte-spawn-03d902e7-d88b-42b9-8e05-540e380186c3.scope
Slice: user-1000.slice
Owner UID: 1000 (blc)
Boot ID: 5f7a30b1c98644cd92904f59658b6bd7
Machine ID: 1eaf00d04e87431584dd7dfc9cf6503c
Hostname: tia
Storage: /var/lib/systemd/coredump/core.emacs.0.5f7a30b1c98644cd92904f59658b6bd7.318937.1665491236000000.zst (present)
Disk Size: 4.2M
Package: systemd/251.5-1
build-id: 104d02501574655e7bf9d87f14c9d6a537b0446f
Message: Process 318937 (emacs) of user 0 dumped core.
Module /home/blc/.local/src/emacs/src/emacs with build-id 104d02501574655e7bf9d87f14c9d6a537b0446f
Metadata for module /home/blc/.local/src/emacs/src/emacs owned by FDO found: {
"type" : "deb",
"os" : "debian",
"name" : "systemd",
"architecture" : "amd64",
"version" : "251.5-1",
"debugInfoUrl" : "https://debuginfod.debian.net"
}
Module linux-vdso.so.1 with build-id e14a78332591687c6ecc5aaab7d80c97f73059c7
Module libgpg-error.so.0 with build-id 7fdce7d73bd3fde9dc772242e2a0d32fee06ffba
Module libdatrie.so.1 with build-id 57f62fe2ce6d6db200f0f8cfee3cc987b25a9e2f
Module libbrotlicommon.so.1 with build-id 3c671f721b58fd96b70ba426a215b3c43847bbf5
Module libicudata.so.71 with build-id c2e714254cd127c573a0f401b369b36455875e5e
Module libblkid.so.1 with build-id d3e947026c74ed40701063d17ae59a2f6e51abcb
Module libfribidi.so.0 with build-id df6a1c7bc544c74c18a8635e3e65965a1fb529c3
Module libpangoft2-1.0.so.0 with build-id 7665226d35e490413282233bb338a8ad7fa67343
Module libXdmcp.so.6 with build-id 1d12a8566670c95b1b02e341400060d2d825aade
Module libXau.so.6 with build-id 84ffa90fee1b716cdc7d8349be47ed6ca4761b75
Module libmd.so.0 with build-id bfcdab3e6fabdc0d6f3e3e7d562330e80601a5af
Module libstdc++.so.6 with build-id 00bbb52a4fbeaea07adbaa5ddc677c5d83686151
Module liblz4.so.1 with build-id 29e700d84270c3d01e8e156816591eb4e1b1ea77
Module libgcrypt.so.20 with build-id d8679f5ba3b9d55740e274eaaf8bea33fa76eaa9
Module libcap.so.2 with build-id a6034f7fc277ee9d9714c2b288b419498225156f
Module libhogweed.so.6 with build-id 568595f2db0c8a2a59fc8aeb153db78ca51d0168
Module libnettle.so.8 with build-id df9d509c9055db57df09603aab0fc4c66ad2837c
Module libtasn1.so.6 with build-id 1d312752ce136a80ebceeb73404c90fbd4e4f78d
Module libunistring.so.2 with build-id 926062d8c8d5bfcbfaf7bad9b41cf4f073ee521e
Module libidn2.so.0 with build-id ddba28970641f1f110f7585d57dc5867e2ee4ffd
Module libp11-kit.so.0 with build-id 97832cbdb52c48f1422b9e70802112b0cc6587f3
Module libthai.so.0 with build-id 11b774e6b958fa6734f1a721527e1596e34ecd00
Module libgraphite2.so.3 with build-id 5b00ca1eda239ea043d7eae3b0fd4481560a907e
Module libexpat.so.1 with build-id 0fa805792649d58f26fa59d23e9f5355ba67cca2
Module libbrotlidec.so.1 with build-id 1160b28572b6a6fc5674f5db1333716d4ba9e55f
Module libicuuc.so.71 with build-id 0c1744749cfb2e6d9d20139dcf60227b47867b45
Module libxcb-render.so.0 with build-id ca78dfc48f5a2593d9dc3b1d439740c6abad3f1c
Module libxcb-shm.so.0 with build-id 77958cefc38a0b1edb4d0f4b76817b05ac6ec605
Module libpixman-1.so.0 with build-id 2ba0d88f718a0fef93d759cfc90bc650cdee38ba
Module libpcre2-8.so.0 with build-id 5aa43e3778622f4b95261331e97a45be5b87481d
Module libffi.so.8 with build-id bb0fa5371874ba431e7cd9dc2df93922de436fa9
Module libmount.so.1 with build-id e29bc51dddfc4e370eb7eac9ff29df81efdbf22c
Module libgmodule-2.0.so.0 with build-id aebe8374486d296d7f8719f4cd5c2c6cdab1b700
Module libgcc_s.so.1 with build-id ff2b0e1755c393b12a0264f0115b14e8c9b6afcf
Module libpango-1.0.so.0 with build-id 56468d1b5210773cf31bb8be42a16ef199a38b86
Module libpangocairo-1.0.so.0 with build-id d625ce8d575bda90b74d2a3a89120405e3202d27
Module libcairo-gobject.so.2 with build-id 05d67ae9df9913cfc114e0edbeb8bec4a2adc2fb
Module ld-linux-x86-64.so.2 with build-id 2ec911d934ee173b32b5625478021b9423297733
Module libdl.so.2 with build-id 99d3223bb13e4fd9ac0c12a317ec58792029ba45
Module libxcb.so.1 with build-id 81156ba79b0ca3ca8d015453e333d16c3fcdc277
Module libbsd.so.0 with build-id 59d1016d46647c60df4cb173dc39fc1c0d98d370
Module libuuid.so.1 with build-id 6b0f1c26b65771068f1daa425dae3f769ce41a6c
Module libpthread.so.0 with build-id 153269de6762974703648c928443c1dc953e9bf0
Module libdeflate.so.0 with build-id 8dd45d05f8c7bacfe3e762adce0626c61767fe22
Module libjbig.so.0 with build-id 22813d3e92e574d81165b92701d721fbe4c1861e
Module libLerc.so.4 with build-id 026b7d95da31ef6e69c69dce122973e0cf41e498
Module liblzma.so.5 with build-id 2be514bf14fac8ce94c74072cd951ac7672bc96e
Module libzstd.so.1 with build-id c483624c22368ac21336433d92ac9ce13e6bb2cc
Module libc.so.6 with build-id 27c3fba848db13b62a9bcaf7439610ca18cd1787
Module libXcomposite.so.1 with build-id 0586ef2cab90572a843bb13ef98243e960b12689
Module libsqlite3.so.0 with build-id 32f1b847ed24dec95841095b18bac68d420ab268
Module libXi.so.6 with build-id 60f9e002b7042dc62091e10622202c9c2e8a093c
Module libgmp.so.10 with build-id 0c00b6d88e6ba3d5177fdae0bd46d8b9d007dc59
Module libjansson.so.4 with build-id aee56a434cb99db267c03a66f3a4ed597cc53f0a
Module libsystemd.so.0 with build-id cc8981b2d8d45ec2f9520277b7f56de7c79dfdb4
Metadata for module libsystemd.so.0 owned by FDO found: {
"type" : "deb",
"os" : "debian",
"name" : "systemd",
"architecture" : "amd64",
"version" : "251.5-1",
"debugInfoUrl" : "https://debuginfod.debian.net"
}
Module libz.so.1 with build-id 19168f84642e8fe27700f92388598565e59048ee
Module liblcms2.so.2 with build-id 722394b7032f9933b9bdd5dc1bae3212e62c2f5e
Module libgnutls.so.30 with build-id 333e23f509b65dbbd4c3f4c2dbbd1fe1296d358a
Module libm17n-flt.so.0 with build-id 80254d7011bb83a362cbf250a21aed6440a4ddce
Module libm17n-core.so.0 with build-id 5ceb915e87d90e49bc37353aed2939fd0d025e46
Module libotf.so.1 with build-id 1a89538b29cabc88ff5f609c5dd0080d9ce421e7
Module libharfbuzz.so.0 with build-id e0b44ba44fec74d8e3adee232f6477dd3bc7e0f2
Module libfontconfig.so.1 with build-id 3209e243ebaf08c058f6a17b9037cbdfecc3e72c
Module libfreetype.so.6 with build-id 5d03f612aa76f7a175f1f23e5275809b0db692a4
Module libselinux.so.1 with build-id 827b23e6391a3374fa79e36bca36c41c8e6d29e4
Module libtinfo.so.6 with build-id 40d011d30ae4d642136c7d8163ad5a3a1e510820
Module libgpm.so.2 with build-id 07aa4da11c1a00d0765db824bd11b9791bf22942
Module libxml2.so.2 with build-id 3b02baa8c3e85d3601b434a4fdfafd383d29d783
Module libXfixes.so.3 with build-id 515e2f9139aadc9e275abbfe7c0aa49a0d31b8cb
Module libXinerama.so.1 with build-id 5a76407b56b10810711c5345defbdf4e2dad3897
Module libXrandr.so.2 with build-id 0372dfb32a5c0d113819e1167f75c81c751373a8
Module libdbus-1.so.3 with build-id d5f96ed72fb9faefa5d75bbc79db165e895f506f
Module libacl.so.1 with build-id 10f984c014a2f7b28613cd44a98cf1d2e4a5eb24
Module libcairo.so.2 with build-id 48feebcd296c6d353cf5f6e385180362219f166a
Module libglib-2.0.so.0 with build-id bb4f45b154fabbfb52325e26388bc1eb94154c5a
Module libgobject-2.0.so.0 with build-id e085864b2e5e90fe1dcd4a9c4698a0446e7f79ff
Module libgdk_pixbuf-2.0.so.0 with build-id 2c2c8cf1085b910a682d0ac9078dce999e2a875f
Module libgio-2.0.so.0 with build-id bf0e6362e7b2f342570cc7d28c2708b09b3634c9
Module libm.so.6 with build-id 89539382d8498ed1ab6426f442dbfd2976e9303c
Module librsvg-2.so.2 with build-id db07b8609508e07840554ca6563f953996daa8e9
Module libasound.so.2 with build-id 9499f0332b625cafb50e5d0fac4b9b70c7bcd0dc
Module libXrender.so.1 with build-id 23dd581f5d93297dc5c508f03e224f9860af8217
Module libX11.so.6 with build-id 692ceb08bd361ef2ea7caaa0926de19466d6f3ad
Module libXext.so.6 with build-id d3ac3e1515190245564a30a611f4a2a4eb94a617
Module libICE.so.6 with build-id 6a0429d9840edac7a76507600758dfad21dbae99
Module libSM.so.6 with build-id 934950c93be01703ce94d26738d1f9aa1f7a9096
Module libXt.so.6 with build-id 932a859be84231f3dd466bc0ab6ab50b73924122
Module libXmu.so.6 with build-id 3528615d26bf0f9135a891572710d3dcff99bcd7
Module libXaw3d.so.6 with build-id 6fda728c42c55e0191091b66601f081967e55aa4
Module libwebp.so.7 with build-id 23fa061dd0c70d882df0f19ca3535ee1c5b142d7
Module libwebpdemux.so.2 with build-id b9f941bbea322013385dd6716dbd2289a16f617d
Module libXpm.so.4 with build-id 1f2dd817d18808f7122857a252faa77d6ed56109
Module libgif.so.7 with build-id f9a731f11245de181862edf5563cca8ea9cbc4a3
Module libpng16.so.16 with build-id 24720328fb61293ea32d8283c030fc0431082f65
Module libjpeg.so.62 with build-id 12da81e724cd81f4c71e54182d94d21f2bab27df
Module libtiff.so.5 with build-id 14e6f44bec2833d451aec36cc714e1ecf3827c38
Stack trace of thread 318937:
#0 0x00007f7669903859 syscall (libc.so.6 + 0x103859)
#1 0x00007f766a7328d0 g_child_watch_source_new (libglib-2.0.so.0 + 0x558d0)
#2 0x000055d2e7fddf57 n/a (/home/blc/.local/src/emacs/src/emacs + 0x1e4f57)
ELF object binary architecture: AMD x86-64
(ert-test-failed
((should
(eql status 0))
:form
(eql "Bad system call" 0)
:value nil))
FAILED 3/7 emacs-tests/seccomp/allows-stdout (0.407281 sec) at src/emacs-tests.el:122
passed 4/7 emacs-tests/seccomp/empty-file (0.033093 sec)
passed 5/7 emacs-tests/seccomp/file-too-large (0.046143 sec)
passed 6/7 emacs-tests/seccomp/forbids-subprocess (0.378007 sec)
passed 7/7 emacs-tests/seccomp/invalid-file-size (0.020792 sec)
Ran 7 tests, 5 results as expected, 2 unexpected (2022-10-11 15:27:17+0300, 1.557409 sec)
2 unexpected results:
FAILED emacs-tests/bwrap/allows-stdout
FAILED emacs-tests/seccomp/allows-stdout
[-- Attachment #3: Type: text/plain, Size: 3131 bytes --]
--
Basil
In GNU Emacs 29.0.50 (build 1, x86_64-pc-linux-gnu, X toolkit, cairo
version 1.16.0, Xaw3d scroll bars) of 2022-10-11 built on tia
Repository revision: 61b6da5acef2d550022c664e628346539ba1852f
Repository branch: master
Windowing system distributor 'The X.Org Foundation', version 11.0.12101004
System Description: Debian GNU/Linux bookworm/sid
Configured using:
'configure 'CFLAGS=-Og -ggdb3' -C --prefix=/home/blc/.local
--enable-checking=structs --with-file-notification=yes
--with-x-toolkit=lucid --with-x'
Configured features:
ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG
JSON LCMS2 LIBOTF LIBSELINUX LIBSYSTEMD LIBXML2 M17N_FLT MODULES NOTIFY
INOTIFY PDUMPER PNG RSVG SECCOMP SOUND SQLITE3 THREADS TIFF
TOOLKIT_SCROLL_BARS WEBP X11 XAW3D XDBE XIM XINPUT2 XPM LUCID ZLIB
Important settings:
value of $LANG: en_IE.UTF-8
value of $XMODIFIERS: @im=ibus
locale-coding-system: utf-8-unix
Major mode: Lisp Interaction
Minor modes in effect:
tooltip-mode: t
global-eldoc-mode: t
eldoc-mode: t
show-paren-mode: t
electric-indent-mode: t
mouse-wheel-mode: t
tool-bar-mode: t
menu-bar-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
blink-cursor-mode: t
line-number-mode: t
indent-tabs-mode: t
transient-mark-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
Load-path shadows:
None found.
Features:
(shadow sort mail-extr emacsbug message mailcap yank-media puny dired
dired-loaddefs rfc822 mml mml-sec password-cache epa derived epg rfc6068
epg-config gnus-util text-property-search time-date subr-x mm-decode
mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader
cl-loaddefs cl-lib sendmail rfc2047 rfc2045 ietf-drums mm-util
mail-prsvr mail-utils rmc iso-transl tooltip eldoc paren electric
uniquify ediff-hook vc-hooks lisp-float-type elisp-mode mwheel
term/x-win x-win term/common-win x-dnd tool-bar dnd fontset image
regexp-opt fringe tabulated-list replace newcomment text-mode lisp-mode
prog-mode register page tab-bar menu-bar rfn-eshadow isearch easymenu
timer select scroll-bar mouse jit-lock font-lock syntax font-core
term/tty-colors frame minibuffer nadvice seq simple cl-generic
indonesian philippine cham georgian utf-8-lang misc-lang vietnamese
tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek
romanian slovak czech european ethiopic indian cyrillic chinese
composite emoji-zwj charscript charprop case-table epa-hook
jka-cmpr-hook help abbrev obarray oclosure cl-preloaded button loaddefs
faces cus-face macroexp files window text-properties overlay sha1 md5
base64 format env code-pages mule custom widget keymap
hashtable-print-readable backquote threads dbusbind inotify lcms2
dynamic-setting system-font-setting font-render-setting cairo x-toolkit
xinput2 x multi-tty make-network-process emacs)
Memory information:
((conses 16 36541 7827)
(symbols 48 5112 0)
(strings 32 13858 1890)
(string-bytes 1 380306)
(vectors 16 9260)
(vector-slots 8 147216 12174)
(floats 8 23 25)
(intervals 56 242 0)
(buffers 1000 10))
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#56359: seccomp test failures on RHEL 9.0
2022-10-11 12:36 ` Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors
@ 2022-10-11 17:43 ` Paul Eggert
2022-10-11 19:47 ` Lars Ingebrigtsen
0 siblings, 1 reply; 12+ messages in thread
From: Paul Eggert @ 2022-10-11 17:43 UTC (permalink / raw)
To: Basil L. Contovounesios, Lars Ingebrigtsen
Cc: Glenn Morris, Philipp Stephani, 56359
On 2022-10-11 05:36, Basil L. Contovounesios wrote:
> Lars Ingebrigtsen [2022-10-11 02:54 +0200] wrote:
>
>> I've now applied Philipp's patch (adding gettid), and Paul has fixed
>> other bits here in 345de32a.
I didn't know about Bug#56359 when I "fixed" those other bits.
My "fix" involved allowing all uses of clone3, which (as Philipp noted
in August) is problematic. I'm not sure what's being tested for, but if
clone3 lets you evade the checks then the test is arguably more trouble
than it's worth. Would marking it as :unstable lessen the number of
false alarms we're getting? If not, perhaps we should remove it or mark
it as :dont-use-unless-you-know-what-youre-doing or whatever.
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#56359: seccomp test failures on RHEL 9.0
2022-10-11 17:43 ` Paul Eggert
@ 2022-10-11 19:47 ` Lars Ingebrigtsen
2022-10-18 9:32 ` Philipp Stephani
0 siblings, 1 reply; 12+ messages in thread
From: Lars Ingebrigtsen @ 2022-10-11 19:47 UTC (permalink / raw)
To: Paul Eggert
Cc: Basil L. Contovounesios, Glenn Morris, Philipp Stephani, 56359
Paul Eggert <eggert@cs.ucla.edu> writes:
> My "fix" involved allowing all uses of clone3, which (as Philipp noted
> in August) is problematic. I'm not sure what's being tested for, but
> if clone3 lets you evade the checks then the test is arguably more
> trouble than it's worth. Would marking it as :unstable lessen the
> number of false alarms we're getting? If not, perhaps we should remove
> it or mark it as :dont-use-unless-you-know-what-youre-doing or
> whatever.
And pidfd_open also sounds like a non-safe call (without looking at it
closely).
Skimming the tests, they seem to test pretty basic functionality in the
seccomp area -- that is, without allowing pidfd_open/clone3, nothing
will be able to run using the seccomp functionality. But since those
are somewhat unsafe, then... what's the point?
But I may be missing how this is supposed to be used altogether.
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#56359: seccomp test failures on RHEL 9.0
2022-10-11 19:47 ` Lars Ingebrigtsen
@ 2022-10-18 9:32 ` Philipp Stephani
0 siblings, 0 replies; 12+ messages in thread
From: Philipp Stephani @ 2022-10-18 9:32 UTC (permalink / raw)
To: Lars Ingebrigtsen
Cc: Basil L. Contovounesios, Glenn Morris, Paul Eggert, 56359
Am Di., 11. Okt. 2022 um 21:47 Uhr schrieb Lars Ingebrigtsen <larsi@gnus.org>:
>
> Paul Eggert <eggert@cs.ucla.edu> writes:
>
> > My "fix" involved allowing all uses of clone3, which (as Philipp noted
> > in August) is problematic. I'm not sure what's being tested for, but
> > if clone3 lets you evade the checks then the test is arguably more
> > trouble than it's worth. Would marking it as :unstable lessen the
> > number of false alarms we're getting? If not, perhaps we should remove
> > it or mark it as :dont-use-unless-you-know-what-youre-doing or
> > whatever.
>
> And pidfd_open also sounds like a non-safe call (without looking at it
> closely).
>
> Skimming the tests, they seem to test pretty basic functionality in the
> seccomp area -- that is, without allowing pidfd_open/clone3, nothing
> will be able to run using the seccomp functionality. But since those
> are somewhat unsafe, then... what's the point?
Neither pidfd_open nor clone3 are "unsafe". The concern is that clone3
might expand its functionality to eventually allow unsafe operations
like opening network sockets, and with its interface there's no way
for a seccomp filter to prevent that. One option might be to have
clone3 return ENOSYS, if the caller falls back to clone in that case.
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2022-10-18 9:32 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-02 17:45 bug#56359: seccomp test failures on RHEL 9.0 Glenn Morris
2022-07-15 14:12 ` Philipp Stephani
2022-07-15 23:35 ` Glenn Morris
2022-07-16 10:50 ` Philipp Stephani
2022-08-20 12:37 ` Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-11 0:54 ` Lars Ingebrigtsen
2022-10-11 12:36 ` Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-11 17:43 ` Paul Eggert
2022-10-11 19:47 ` Lars Ingebrigtsen
2022-10-18 9:32 ` Philipp Stephani
2022-10-06 16:56 ` Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 11:56 ` Lars Ingebrigtsen
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).