From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: "Basil L. Contovounesios" via "Bug reports for GNU Emacs, the Swiss army knife of text editors" Newsgroups: gmane.emacs.bugs Subject: bug#56359: seccomp test failures on RHEL 9.0 Date: Sat, 20 Aug 2022 15:37:16 +0300 Message-ID: <87y1vjay6b.fsf@tcd.ie> References: <2094647B-7360-41F4-8AB0-ADFC835288E8@gmail.com> Reply-To: "Basil L. Contovounesios" Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="1148"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux) Cc: Glenn Morris , 56359@debbugs.gnu.org To: Philipp Stephani Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sat Aug 20 14:38:14 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oPNjx-00006H-Hv for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 20 Aug 2022 14:38:13 +0200 Original-Received: from localhost ([::1]:60920 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oPNjv-0001DD-3K for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 20 Aug 2022 08:38:12 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:55328) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oPNjm-0001D3-Gx for bug-gnu-emacs@gnu.org; Sat, 20 Aug 2022 08:38:02 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:41748) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oPNjm-0006Ou-8X for bug-gnu-emacs@gnu.org; Sat, 20 Aug 2022 08:38:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oPNjl-0006aH-QI for bug-gnu-emacs@gnu.org; Sat, 20 Aug 2022 08:38:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: "Basil L. Contovounesios" Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 20 Aug 2022 12:38:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 56359 X-GNU-PR-Package: emacs Original-Received: via spool by 56359-submit@debbugs.gnu.org id=B56359.166099905125264 (code B ref 56359); Sat, 20 Aug 2022 12:38:01 +0000 Original-Received: (at 56359) by debbugs.gnu.org; 20 Aug 2022 12:37:31 +0000 Original-Received: from localhost ([127.0.0.1]:59726 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oPNjF-0006ZO-Qj for submit@debbugs.gnu.org; Sat, 20 Aug 2022 08:37:31 -0400 Original-Received: from mail-ej1-f49.google.com ([209.85.218.49]:47009) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oPNjC-0006Z8-87 for 56359@debbugs.gnu.org; Sat, 20 Aug 2022 08:37:29 -0400 Original-Received: by mail-ej1-f49.google.com with SMTP id y13so13242836ejp.13 for <56359@debbugs.gnu.org>; Sat, 20 Aug 2022 05:37:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tcd.ie; s=google21; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:from:to:cc; bh=ZEN7QkJLI4RSW7miaARz8wuSU/WsNIxEHhN6n3d8jAk=; b=Q4QlavLCvIJtQWL+n95HMWa235I12wjGFaAZ7yFjnPcVrY9BkNs6iTLsdYbTWP6pJU Yg+YwN9zXJsqyRZiLue98iGapyILsKd2FKQcZLy4Z2PcE2gsi+cTOb3CKfnz3VjZ9KVb OX4aqamkS7sV97tla3DFDAYC+25pDP1ArSjSFEcqWPQ7WGJxgtMKsyJdd5QIJwWIsndu hT77ZVVEQsU2VCUdRDdRwvN/IyzzcWA2+s/bxT+HodsJfX1WdSdcBvUs+/dYgm78YJcg MDLvt3KUToQiMqaqJ/wNX1wKvp4kc7zCm5aLsvPd/yVqFwtsRRMZ00uHGTa/4nJfzpPg 8SSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:x-gm-message-state:from:to:cc; bh=ZEN7QkJLI4RSW7miaARz8wuSU/WsNIxEHhN6n3d8jAk=; b=j4KoxEfOeFjEtE3tyiXzXHFs7iHt0HSEtWzIzxG2yWG9kGLHu117EWqlnzYHNeb66l 1dDm+GBhyv7BVBIzjMvTWR1aff04M6x1BWD1Hk6S9WEiC90StGdPO+KgNHbL4/0/EYXj kSM6u6vlozG5E3DKfOIlDSlYh28KmwcnyR+9IBtMwbNymj92mVxS8WEt7aunKz/WtaDj ByGFVWY8BExPEGYQA+j+hb7l0ObxSdAAcXIqWD6ZgzsqiVqNUdiQ481rJNHOdhKxdm/3 Q1lbkukiofTUBMg6v+WZQM9nzzK/Xh56npGoIP66tbWkRUSTDNW2WR3uAPIJsk2ouF9R B1fA== X-Gm-Message-State: ACgBeo3AX8RVvFW+GeNOyxYP+UdJux/+0FqDzBlNRttiR99D1+RAcDjZ DWKUIvjINjT7vAc7U7X9vo1fMQ== X-Google-Smtp-Source: AA6agR4XX6sNpBfk0s9VbFKY65n6WzGiTlRErOiDCbX0PJe3C9JZJ1RKXztkwKBINPPt4qZe10eS0w== X-Received: by 2002:a17:907:7245:b0:732:f72f:44e3 with SMTP id ds5-20020a170907724500b00732f72f44e3mr7621241ejc.503.1660999039248; Sat, 20 Aug 2022 05:37:19 -0700 (PDT) Original-Received: from localhost ([2a02:587:3214:333a:c0e9:1ff6:e263:f443]) by smtp.gmail.com with ESMTPSA id k23-20020a17090632d700b0073d3fc555dcsm1957684ejk.98.2022.08.20.05.37.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 20 Aug 2022 05:37:18 -0700 (PDT) In-Reply-To: <2094647B-7360-41F4-8AB0-ADFC835288E8@gmail.com> (Philipp Stephani's message of "Sat, 16 Jul 2022 12:50:01 +0200") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:240240 Archived-At: --=-=-= Content-Type: text/plain Philipp Stephani [2022-07-16 12:50 +0200] wrote: >> Am 16.07.2022 um 01:35 schrieb Glenn Morris : >> >> Philipp Stephani wrote: >> >>> Does the attached patch fix the issue? >> >> Not entirely. I have to also allow "clone3", then it passes. Just adding that I get the same on Debian: --=-=-= Content-Type: text/plain Content-Disposition: attachment; filename=test-out.log $ make test/emacs-tests make -C test emacs-tests make[1]: Entering directory '/home/blc/.local/src/emacs/test' make[2]: Entering directory '/home/blc/.local/src/emacs/test' GEN src/emacs-tests.log Running 7 tests (2022-08-20 13:47:47+0300, selector `(not (or (tag :unstable) (tag :nativecomp)))') Test emacs-tests/bwrap/allows-stdout backtrace: signal(ert-test-failed (((should (eql status 0)) :form (eql 159 0) : ert-fail(((should (eql status 0)) :form (eql 159 0) :value nil)) (if (unwind-protect (setq value-166 (apply fn-164 args-165)) (setq f (let (form-description-168) (if (unwind-protect (setq value-166 (app (let ((value-166 'ert-form-evaluation-aborted-167)) (let (form-descr (let* ((fn-164 #'eql) (args-165 (condition-case err (let ((signal-ho (let ((ert--infos (cons (cons "Info: " (emacs-tests--seccomp-debug s (let* ((command (concat (mapconcat #'shell-quote-argument (list (fil (progn (let* ((command (concat (mapconcat #'shell-quote-argument (li (unwind-protect (progn (let* ((command (concat (mapconcat #'shell-qu (save-current-buffer (set-buffer temp-buffer) (unwind-protect (progn (let ((temp-buffer (generate-new-buffer " *temp*" t))) (save-current (let ((bash (executable-find "bash")) (bwrap (executable-find "bwrap (closure (t) nil (let ((bash (executable-find "bash")) (bwrap (execu ert--run-test-internal(#s(ert--test-execution-info :test #s(ert-test ert-run-test(#s(ert-test :name emacs-tests/bwrap/allows-stdout :docu ert-run-or-rerun-test(#s(ert--stats :selector ... :tests ... :test-m ert-run-tests((not (or (tag :unstable) (tag :nativecomp))) #f(compil ert-run-tests-batch((not (or (tag :unstable) (tag :nativecomp)))) ert-run-tests-batch-and-exit((not (or (tag :unstable) (tag :nativeco eval((ert-run-tests-batch-and-exit '(not (or (tag :unstable) (tag :n command-line-1(("-L" ":." "-l" "ert" "-l" "src/emacs-tests.el" "--ev command-line() normal-top-level() Test emacs-tests/bwrap/allows-stdout condition: Info: Process output: Potentially relevant Seccomp audit events: ---- type=SECCOMP msg=audit(08/20/22 13:47:48.032:737) : auid=blc uid=root gid=root ses=4 subj==unconfined pid=45735 comm=emacs exe=/home/blc/.local/src/emacs/src/emacs sig=SIGSYS arch=x86_64 syscall=clone3 compat=0 ip=0x7f1a7810a779 code=kill Potentially useful coredump information: PID: 45735 (emacs) UID: 0 (root) GID: 0 (root) Signal: 31 (SYS) Timestamp: Sat 2022-08-20 13:47:48 EEST (496ms ago) Command Line: /home/blc/.local/src/emacs/src/emacs --quick --batch $'--eval=(message "Hi")' Executable: /home/blc/.local/src/emacs/src/emacs Control Group: /user.slice/user-1000.slice/user@1000.service/app.slice/app-org.gnome.Terminal.slice/vte-spawn-f315a4b7-eae9-425e-940f-6c05c5d86ded.scope Unit: user@1000.service User Unit: vte-spawn-f315a4b7-eae9-425e-940f-6c05c5d86ded.scope Slice: user-1000.slice Owner UID: 1000 (blc) Boot ID: 4d8867e0dc1e443589a72674d09ab454 Machine ID: 1eaf00d04e87431584dd7dfc9cf6503c Hostname: tia Storage: /var/lib/systemd/coredump/core.emacs.0.4d8867e0dc1e443589a72674d09ab454.45735.1660992468000000.zst (present) Disk Size: 4.3M Package: systemd/251.3-1 build-id: b2a6a65bc14c6d8bf2cda8b111ef76d28f5fc236 Message: Process 45735 (emacs) of user 0 dumped core. Module /home/blc/.local/src/emacs/src/emacs with build-id b2a6a65bc14c6d8bf2cda8b111ef76d28f5fc236 Metadata for module /home/blc/.local/src/emacs/src/emacs owned by FDO found: { "type" : "deb", "os" : "debian", "name" : "systemd", "architecture" : "amd64", "version" : "251.3-1", "debugInfoUrl" : "https://debuginfod.debian.net" } Module linux-vdso.so.1 with build-id c9e3a861ce407cfd2ce8f09d76cd130128ae1352 Module libgpg-error.so.0 with build-id 7fdce7d73bd3fde9dc772242e2a0d32fee06ffba Module libdatrie.so.1 with build-id bdb764243ae69f6faa37d6b969fbbe46cd5476f1 Module libbrotlicommon.so.1 with build-id 3c671f721b58fd96b70ba426a215b3c43847bbf5 Module libicudata.so.71 with build-id c2e714254cd127c573a0f401b369b36455875e5e Module libblkid.so.1 with build-id d3e947026c74ed40701063d17ae59a2f6e51abcb Module libfribidi.so.0 with build-id df6a1c7bc544c74c18a8635e3e65965a1fb529c3 Module libpangoft2-1.0.so.0 with build-id 5d1e6389f71ca2629a3347df42eace0bd905e2d7 Module libXdmcp.so.6 with build-id 1d12a8566670c95b1b02e341400060d2d825aade Module libXau.so.6 with build-id 84ffa90fee1b716cdc7d8349be47ed6ca4761b75 Module libmd.so.0 with build-id bfcdab3e6fabdc0d6f3e3e7d562330e80601a5af Module libstdc++.so.6 with build-id 7dfada477db09980819a1c06025334829974291d Module liblz4.so.1 with build-id 964039e18af4b59e5a11f4ad26e9aa5e6a2d5db7 Module libgcrypt.so.20 with build-id d8679f5ba3b9d55740e274eaaf8bea33fa76eaa9 Module libcap.so.2 with build-id a6034f7fc277ee9d9714c2b288b419498225156f Module librt.so.1 with build-id 7f22e4e1c065a4d32e660f2a4726dacd8514d83e Module libhogweed.so.6 with build-id bc104618645979735399d88df5bb3b1a81753238 Module libnettle.so.8 with build-id a0fd01631c795d4955e5f6bef9f7e0367b20d13b Module libtasn1.so.6 with build-id b4bb5ce72e9b65bdfa6d6e38b20bae371d4de7f8 Module libunistring.so.2 with build-id 7d2c9a24ad8e7cb72befdc06cd45cbddd5ee7f48 Module libidn2.so.0 with build-id 631817435528cdf153efd277e62494c990124f26 Module libp11-kit.so.0 with build-id 97832cbdb52c48f1422b9e70802112b0cc6587f3 Module libthai.so.0 with build-id 11b774e6b958fa6734f1a721527e1596e34ecd00 Module libgraphite2.so.3 with build-id 5b00ca1eda239ea043d7eae3b0fd4481560a907e Module libexpat.so.1 with build-id c0868cbd80e057d01466ce46394075aeb27876d4 Module libbrotlidec.so.1 with build-id 1160b28572b6a6fc5674f5db1333716d4ba9e55f Module libpcre2-8.so.0 with build-id 5aa43e3778622f4b95261331e97a45be5b87481d Module libicuuc.so.71 with build-id 0c1744749cfb2e6d9d20139dcf60227b47867b45 Module libxcb-render.so.0 with build-id ca78dfc48f5a2593d9dc3b1d439740c6abad3f1c Module libxcb-shm.so.0 with build-id 77958cefc38a0b1edb4d0f4b76817b05ac6ec605 Module libpixman-1.so.0 with build-id 2ba0d88f718a0fef93d759cfc90bc650cdee38ba Module libpcre.so.3 with build-id 612734ba9e42eb4a87f15e845b24a57c99dd9541 Module libffi.so.8 with build-id bb0fa5371874ba431e7cd9dc2df93922de436fa9 Module libmount.so.1 with build-id e29bc51dddfc4e370eb7eac9ff29df81efdbf22c Module libgmodule-2.0.so.0 with build-id 32f561832b31d1f5aec7f34c0594cc9130a75bc4 Module libgcc_s.so.1 with build-id 6fefc430ca3d24c6cc97810fa2583d4ca0e3794c Module libpango-1.0.so.0 with build-id 37b2c5dcedb960c3d34f2b46e994fc303830851d Module libpangocairo-1.0.so.0 with build-id 4851be47f9e74b03ac5907d23fb8bdfdb2c5a444 Module libcairo-gobject.so.2 with build-id 05d67ae9df9913cfc114e0edbeb8bec4a2adc2fb Module ld-linux-x86-64.so.2 with build-id abf69c277ea8e886c0c83c285d5fe8f81ada6441 Module libdl.so.2 with build-id dd2096999912694a3d4c29ebd26a2e6904ceb1b1 Module libxcb.so.1 with build-id 81156ba79b0ca3ca8d015453e333d16c3fcdc277 Module libbsd.so.0 with build-id 974e49045a7855a26d47583928fa20dbbfd4f530 Module libuuid.so.1 with build-id 6b0f1c26b65771068f1daa425dae3f769ce41a6c Module libpthread.so.0 with build-id 2d29a9369ab905675e4f1a580aa84728b137aeee Module libdeflate.so.0 with build-id 5f5cfff374c1e8ce7a3638de94c67be4b869689c Module libjbig.so.0 with build-id 22813d3e92e574d81165b92701d721fbe4c1861e Module libLerc.so.4 with build-id 026b7d95da31ef6e69c69dce122973e0cf41e498 Module liblzma.so.5 with build-id 2be514bf14fac8ce94c74072cd951ac7672bc96e Module libzstd.so.1 with build-id c483624c22368ac21336433d92ac9ce13e6bb2cc Module libc.so.6 with build-id cd45acadac8913aca3366a212146d20c13e5150b Module libXcomposite.so.1 with build-id 0586ef2cab90572a843bb13ef98243e960b12689 Module libsqlite3.so.0 with build-id f9195d0176af0e9f0fa37f73b8ec4687840296c0 Module libXi.so.6 with build-id 2c6fa06f89fc78b5ff61504d8f9994ec8ba546d4 Module libgmp.so.10 with build-id 25c73b398493c695a013a6d9d493a8316aac0fa0 Module libjansson.so.4 with build-id aee56a434cb99db267c03a66f3a4ed597cc53f0a Module libsystemd.so.0 with build-id 784b632d453559127aeb35c4ec82d234f8bb5092 Metadata for module libsystemd.so.0 owned by FDO found: { "type" : "deb", "os" : "debian", "name" : "systemd", "architecture" : "amd64", "version" : "251.3-1", "debugInfoUrl" : "https://debuginfod.debian.net" } Module liblcms2.so.2 with build-id ae1a8f204a11235928b730f01834bab7cca52f33 Module libgnutls.so.30 with build-id 333e23f509b65dbbd4c3f4c2dbbd1fe1296d358a Module libm17n-flt.so.0 with build-id 80254d7011bb83a362cbf250a21aed6440a4ddce Module libm17n-core.so.0 with build-id 5ceb915e87d90e49bc37353aed2939fd0d025e46 Module libotf.so.1 with build-id 01f83610c060379c362910a50e23ef9b12c8f3a6 Module libharfbuzz.so.0 with build-id d4a75db68352b8ea150e830e6720dc7f241b6c6c Module libfontconfig.so.1 with build-id 8c5b644189c8ac1878881b552bb60d3059daffe9 Module libfreetype.so.6 with build-id 5d03f612aa76f7a175f1f23e5275809b0db692a4 Module libselinux.so.1 with build-id 8fee861439dcf268ebe3b4434d0151120e330a7e Module libtinfo.so.6 with build-id 40d011d30ae4d642136c7d8163ad5a3a1e510820 Module libgpm.so.2 with build-id 07aa4da11c1a00d0765db824bd11b9791bf22942 Module libxml2.so.2 with build-id 3b02baa8c3e85d3601b434a4fdfafd383d29d783 Module libXfixes.so.3 with build-id ce96de14725f38faf01784a9c6a492c1f07c45b9 Module libXinerama.so.1 with build-id 5a76407b56b10810711c5345defbdf4e2dad3897 Module libXrandr.so.2 with build-id 0372dfb32a5c0d113819e1167f75c81c751373a8 Module libdbus-1.so.3 with build-id 35b9afe5fb0bb1d0f4d8154c39015cefc16faff6 Module libacl.so.1 with build-id 10f984c014a2f7b28613cd44a98cf1d2e4a5eb24 Module libcairo.so.2 with build-id 48feebcd296c6d353cf5f6e385180362219f166a Module libglib-2.0.so.0 with build-id 1697a734f1bc7448cd8772689a1c439343f062f7 Module libgobject-2.0.so.0 with build-id d3bbf3140fc6e369396fdae318b5475f3edc9108 Module libgdk_pixbuf-2.0.so.0 with build-id ac93f985fdfa301d08c69d86e9d1d02fa1475426 Module libgio-2.0.so.0 with build-id ebfbf354e8797e0776196fc1eb1facafb2565fd7 Module libm.so.6 with build-id 5a8b027da6e79fa7d9638f9b1beef0c789e7ce92 Module librsvg-2.so.2 with build-id b07fc77a1604a7e4083885c5cfc33e00e8b9b3ec Module libasound.so.2 with build-id 9499f0332b625cafb50e5d0fac4b9b70c7bcd0dc Module libXrender.so.1 with build-id 23dd581f5d93297dc5c508f03e224f9860af8217 Module libX11.so.6 with build-id 692ceb08bd361ef2ea7caaa0926de19466d6f3ad Module libXext.so.6 with build-id 94abf5af6ebe825ecf64f717b6a62d07727af979 Module libICE.so.6 with build-id 6a0429d9840edac7a76507600758dfad21dbae99 Module libSM.so.6 with build-id 934950c93be01703ce94d26738d1f9aa1f7a9096 Module libXt.so.6 with build-id 932a859be84231f3dd466bc0ab6ab50b73924122 Module libXmu.so.6 with build-id 3528615d26bf0f9135a891572710d3dcff99bcd7 Module libXaw3d.so.6 with build-id 6fda728c42c55e0191091b66601f081967e55aa4 Module libwebpdemux.so.2 with build-id b9f941bbea322013385dd6716dbd2289a16f617d Module libwebp.so.7 with build-id 23fa061dd0c70d882df0f19ca3535ee1c5b142d7 Module libXpm.so.4 with build-id 1f2dd817d18808f7122857a252faa77d6ed56109 Module libgif.so.7 with build-id f9a731f11245de181862edf5563cca8ea9cbc4a3 Module libz.so.1 with build-id e83434bccbc337eb727378b60d562a0a2a1aa297 Module libpng16.so.16 with build-id 033ac7a182a6d139090fbf96d981be8ef242f847 Module libjpeg.so.62 with build-id 368d652b25bccafcf6ab3c9c6381d07fb8393803 Module libtiff.so.5 with build-id 14e6f44bec2833d451aec36cc714e1ecf3827c38 Stack trace of thread 45735: #0 0x00007f1a7810a779 __clone3 (libc.so.6 + 0x10a779) ELF object binary architecture: AMD x86-64 (ert-test-failed ((should (eql status 0)) :form (eql 159 0) :value nil)) FAILED 1/7 emacs-tests/bwrap/allows-stdout (0.512569 sec) at src/emacs-tests.el:175 passed 2/7 emacs-tests/seccomp/absent-file (0.020746 sec) Test emacs-tests/seccomp/allows-stdout backtrace: signal(ert-test-failed (((should (eql status 0)) :form (eql "Bad sys ert-fail(((should (eql status 0)) :form (eql "Bad system call" 0) :v (if (unwind-protect (setq value-102 (apply fn-100 args-101)) (setq f (let (form-description-104) (if (unwind-protect (setq value-102 (app (let ((value-102 'ert-form-evaluation-aborted-103)) (let (form-descr (let* ((fn-100 #'eql) (args-101 (condition-case err (let ((signal-ho (let ((ert--infos (cons (cons "Info: " (emacs-tests--seccomp-debug s (let ((start-time (current-time)) (status (call-process emacs nil t (progn (let ((start-time (current-time)) (status (call-process emacs (unwind-protect (progn (let ((start-time (current-time)) (status (ca (save-current-buffer (set-buffer temp-buffer) (unwind-protect (progn (let ((temp-buffer (generate-new-buffer " *temp*" t))) (save-current (let ((emacs (expand-file-name invocation-name invocation-directory) (closure (t) nil (let* ((fn-80 #'string-match-p) (args-81 (condition ert--run-test-internal(#s(ert--test-execution-info :test #s(ert-test ert-run-test(#s(ert-test :name emacs-tests/seccomp/allows-stdout :do ert-run-or-rerun-test(#s(ert--stats :selector ... :tests ... :test-m ert-run-tests((not (or (tag :unstable) (tag :nativecomp))) #f(compil ert-run-tests-batch((not (or (tag :unstable) (tag :nativecomp)))) ert-run-tests-batch-and-exit((not (or (tag :unstable) (tag :nativeco eval((ert-run-tests-batch-and-exit '(not (or (tag :unstable) (tag :n command-line-1(("-L" ":." "-l" "ert" "-l" "src/emacs-tests.el" "--ev command-line() normal-top-level() Test emacs-tests/seccomp/allows-stdout condition: Info: Process output: Potentially relevant Seccomp audit events: ---- type=SECCOMP msg=audit(08/20/22 13:47:48.032:737) : auid=blc uid=root gid=root ses=4 subj==unconfined pid=45735 comm=emacs exe=/home/blc/.local/src/emacs/src/emacs sig=SIGSYS arch=x86_64 syscall=clone3 compat=0 ip=0x7f1a7810a779 code=kill ---- type=SECCOMP msg=audit(08/20/22 13:47:48.760:747) : auid=blc uid=root gid=root ses=4 subj==unconfined pid=45794 comm=emacs exe=/home/blc/.local/src/emacs/src/emacs sig=SIGSYS arch=x86_64 syscall=clone3 compat=0 ip=0x7fe35b30a779 code=kill Potentially useful coredump information: PID: 45794 (emacs) UID: 0 (root) GID: 0 (root) Signal: 31 (SYS) Timestamp: Sat 2022-08-20 13:47:48 EEST (1s ago) Command Line: /home/blc/.local/src/emacs/src/emacs --quick --batch --seccomp=/home/blc/.local/src/emacs/lib-src/seccomp-filter.bpf $'--eval=(message "Hi")' Executable: /home/blc/.local/src/emacs/src/emacs Control Group: /user.slice/user-1000.slice/user@1000.service/app.slice/app-org.gnome.Terminal.slice/vte-spawn-f315a4b7-eae9-425e-940f-6c05c5d86ded.scope Unit: user@1000.service User Unit: vte-spawn-f315a4b7-eae9-425e-940f-6c05c5d86ded.scope Slice: user-1000.slice Owner UID: 1000 (blc) Boot ID: 4d8867e0dc1e443589a72674d09ab454 Machine ID: 1eaf00d04e87431584dd7dfc9cf6503c Hostname: tia Storage: /var/lib/systemd/coredump/core.emacs.0.4d8867e0dc1e443589a72674d09ab454.45794.1660992468000000.zst (present) Disk Size: 4.3M Package: systemd/251.3-1 build-id: b2a6a65bc14c6d8bf2cda8b111ef76d28f5fc236 Message: Process 45794 (emacs) of user 0 dumped core. Module /home/blc/.local/src/emacs/src/emacs with build-id b2a6a65bc14c6d8bf2cda8b111ef76d28f5fc236 Metadata for module /home/blc/.local/src/emacs/src/emacs owned by FDO found: { "type" : "deb", "os" : "debian", "name" : "systemd", "architecture" : "amd64", "version" : "251.3-1", "debugInfoUrl" : "https://debuginfod.debian.net" } Module linux-vdso.so.1 with build-id c9e3a861ce407cfd2ce8f09d76cd130128ae1352 Module libgpg-error.so.0 with build-id 7fdce7d73bd3fde9dc772242e2a0d32fee06ffba Module libdatrie.so.1 with build-id bdb764243ae69f6faa37d6b969fbbe46cd5476f1 Module libbrotlicommon.so.1 with build-id 3c671f721b58fd96b70ba426a215b3c43847bbf5 Module libicudata.so.71 with build-id c2e714254cd127c573a0f401b369b36455875e5e Module libblkid.so.1 with build-id d3e947026c74ed40701063d17ae59a2f6e51abcb Module libfribidi.so.0 with build-id df6a1c7bc544c74c18a8635e3e65965a1fb529c3 Module libpangoft2-1.0.so.0 with build-id 5d1e6389f71ca2629a3347df42eace0bd905e2d7 Module libXdmcp.so.6 with build-id 1d12a8566670c95b1b02e341400060d2d825aade Module libXau.so.6 with build-id 84ffa90fee1b716cdc7d8349be47ed6ca4761b75 Module libmd.so.0 with build-id bfcdab3e6fabdc0d6f3e3e7d562330e80601a5af Module libstdc++.so.6 with build-id 7dfada477db09980819a1c06025334829974291d Module liblz4.so.1 with build-id 964039e18af4b59e5a11f4ad26e9aa5e6a2d5db7 Module libgcrypt.so.20 with build-id d8679f5ba3b9d55740e274eaaf8bea33fa76eaa9 Module libcap.so.2 with build-id a6034f7fc277ee9d9714c2b288b419498225156f Module librt.so.1 with build-id 7f22e4e1c065a4d32e660f2a4726dacd8514d83e Module libhogweed.so.6 with build-id bc104618645979735399d88df5bb3b1a81753238 Module libnettle.so.8 with build-id a0fd01631c795d4955e5f6bef9f7e0367b20d13b Module libtasn1.so.6 with build-id b4bb5ce72e9b65bdfa6d6e38b20bae371d4de7f8 Module libunistring.so.2 with build-id 7d2c9a24ad8e7cb72befdc06cd45cbddd5ee7f48 Module libidn2.so.0 with build-id 631817435528cdf153efd277e62494c990124f26 Module libp11-kit.so.0 with build-id 97832cbdb52c48f1422b9e70802112b0cc6587f3 Module libthai.so.0 with build-id 11b774e6b958fa6734f1a721527e1596e34ecd00 Module libgraphite2.so.3 with build-id 5b00ca1eda239ea043d7eae3b0fd4481560a907e Module libexpat.so.1 with build-id c0868cbd80e057d01466ce46394075aeb27876d4 Module libbrotlidec.so.1 with build-id 1160b28572b6a6fc5674f5db1333716d4ba9e55f Module libpcre2-8.so.0 with build-id 5aa43e3778622f4b95261331e97a45be5b87481d Module libicuuc.so.71 with build-id 0c1744749cfb2e6d9d20139dcf60227b47867b45 Module libxcb-render.so.0 with build-id ca78dfc48f5a2593d9dc3b1d439740c6abad3f1c Module libxcb-shm.so.0 with build-id 77958cefc38a0b1edb4d0f4b76817b05ac6ec605 Module libpixman-1.so.0 with build-id 2ba0d88f718a0fef93d759cfc90bc650cdee38ba Module libpcre.so.3 with build-id 612734ba9e42eb4a87f15e845b24a57c99dd9541 Module libffi.so.8 with build-id bb0fa5371874ba431e7cd9dc2df93922de436fa9 Module libmount.so.1 with build-id e29bc51dddfc4e370eb7eac9ff29df81efdbf22c Module libgmodule-2.0.so.0 with build-id 32f561832b31d1f5aec7f34c0594cc9130a75bc4 Module libgcc_s.so.1 with build-id 6fefc430ca3d24c6cc97810fa2583d4ca0e3794c Module libpango-1.0.so.0 with build-id 37b2c5dcedb960c3d34f2b46e994fc303830851d Module libpangocairo-1.0.so.0 with build-id 4851be47f9e74b03ac5907d23fb8bdfdb2c5a444 Module libcairo-gobject.so.2 with build-id 05d67ae9df9913cfc114e0edbeb8bec4a2adc2fb Module ld-linux-x86-64.so.2 with build-id abf69c277ea8e886c0c83c285d5fe8f81ada6441 Module libdl.so.2 with build-id dd2096999912694a3d4c29ebd26a2e6904ceb1b1 Module libxcb.so.1 with build-id 81156ba79b0ca3ca8d015453e333d16c3fcdc277 Module libbsd.so.0 with build-id 974e49045a7855a26d47583928fa20dbbfd4f530 Module libuuid.so.1 with build-id 6b0f1c26b65771068f1daa425dae3f769ce41a6c Module libpthread.so.0 with build-id 2d29a9369ab905675e4f1a580aa84728b137aeee Module libdeflate.so.0 with build-id 5f5cfff374c1e8ce7a3638de94c67be4b869689c Module libjbig.so.0 with build-id 22813d3e92e574d81165b92701d721fbe4c1861e Module libLerc.so.4 with build-id 026b7d95da31ef6e69c69dce122973e0cf41e498 Module liblzma.so.5 with build-id 2be514bf14fac8ce94c74072cd951ac7672bc96e Module libzstd.so.1 with build-id c483624c22368ac21336433d92ac9ce13e6bb2cc Module libc.so.6 with build-id cd45acadac8913aca3366a212146d20c13e5150b Module libXcomposite.so.1 with build-id 0586ef2cab90572a843bb13ef98243e960b12689 Module libsqlite3.so.0 with build-id f9195d0176af0e9f0fa37f73b8ec4687840296c0 Module libXi.so.6 with build-id 2c6fa06f89fc78b5ff61504d8f9994ec8ba546d4 Module libgmp.so.10 with build-id 25c73b398493c695a013a6d9d493a8316aac0fa0 Module libjansson.so.4 with build-id aee56a434cb99db267c03a66f3a4ed597cc53f0a Module libsystemd.so.0 with build-id 784b632d453559127aeb35c4ec82d234f8bb5092 Metadata for module libsystemd.so.0 owned by FDO found: { "type" : "deb", "os" : "debian", "name" : "systemd", "architecture" : "amd64", "version" : "251.3-1", "debugInfoUrl" : "https://debuginfod.debian.net" } Module liblcms2.so.2 with build-id ae1a8f204a11235928b730f01834bab7cca52f33 Module libgnutls.so.30 with build-id 333e23f509b65dbbd4c3f4c2dbbd1fe1296d358a Module libm17n-flt.so.0 with build-id 80254d7011bb83a362cbf250a21aed6440a4ddce Module libm17n-core.so.0 with build-id 5ceb915e87d90e49bc37353aed2939fd0d025e46 Module libotf.so.1 with build-id 01f83610c060379c362910a50e23ef9b12c8f3a6 Module libharfbuzz.so.0 with build-id d4a75db68352b8ea150e830e6720dc7f241b6c6c Module libfontconfig.so.1 with build-id 8c5b644189c8ac1878881b552bb60d3059daffe9 Module libfreetype.so.6 with build-id 5d03f612aa76f7a175f1f23e5275809b0db692a4 Module libselinux.so.1 with build-id 8fee861439dcf268ebe3b4434d0151120e330a7e Module libtinfo.so.6 with build-id 40d011d30ae4d642136c7d8163ad5a3a1e510820 Module libgpm.so.2 with build-id 07aa4da11c1a00d0765db824bd11b9791bf22942 Module libxml2.so.2 with build-id 3b02baa8c3e85d3601b434a4fdfafd383d29d783 Module libXfixes.so.3 with build-id ce96de14725f38faf01784a9c6a492c1f07c45b9 Module libXinerama.so.1 with build-id 5a76407b56b10810711c5345defbdf4e2dad3897 Module libXrandr.so.2 with build-id 0372dfb32a5c0d113819e1167f75c81c751373a8 Module libdbus-1.so.3 with build-id 35b9afe5fb0bb1d0f4d8154c39015cefc16faff6 Module libacl.so.1 with build-id 10f984c014a2f7b28613cd44a98cf1d2e4a5eb24 Module libcairo.so.2 with build-id 48feebcd296c6d353cf5f6e385180362219f166a Module libglib-2.0.so.0 with build-id 1697a734f1bc7448cd8772689a1c439343f062f7 Module libgobject-2.0.so.0 with build-id d3bbf3140fc6e369396fdae318b5475f3edc9108 Module libgdk_pixbuf-2.0.so.0 with build-id ac93f985fdfa301d08c69d86e9d1d02fa1475426 Module libgio-2.0.so.0 with build-id ebfbf354e8797e0776196fc1eb1facafb2565fd7 Module libm.so.6 with build-id 5a8b027da6e79fa7d9638f9b1beef0c789e7ce92 Module librsvg-2.so.2 with build-id b07fc77a1604a7e4083885c5cfc33e00e8b9b3ec Module libasound.so.2 with build-id 9499f0332b625cafb50e5d0fac4b9b70c7bcd0dc Module libXrender.so.1 with build-id 23dd581f5d93297dc5c508f03e224f9860af8217 Module libX11.so.6 with build-id 692ceb08bd361ef2ea7caaa0926de19466d6f3ad Module libXext.so.6 with build-id 94abf5af6ebe825ecf64f717b6a62d07727af979 Module libICE.so.6 with build-id 6a0429d9840edac7a76507600758dfad21dbae99 Module libSM.so.6 with build-id 934950c93be01703ce94d26738d1f9aa1f7a9096 Module libXt.so.6 with build-id 932a859be84231f3dd466bc0ab6ab50b73924122 Module libXmu.so.6 with build-id 3528615d26bf0f9135a891572710d3dcff99bcd7 Module libXaw3d.so.6 with build-id 6fda728c42c55e0191091b66601f081967e55aa4 Module libwebpdemux.so.2 with build-id b9f941bbea322013385dd6716dbd2289a16f617d Module libwebp.so.7 with build-id 23fa061dd0c70d882df0f19ca3535ee1c5b142d7 Module libXpm.so.4 with build-id 1f2dd817d18808f7122857a252faa77d6ed56109 Module libgif.so.7 with build-id f9a731f11245de181862edf5563cca8ea9cbc4a3 Module libz.so.1 with build-id e83434bccbc337eb727378b60d562a0a2a1aa297 Module libpng16.so.16 with build-id 033ac7a182a6d139090fbf96d981be8ef242f847 Module libjpeg.so.62 with build-id 368d652b25bccafcf6ab3c9c6381d07fb8393803 Module libtiff.so.5 with build-id 14e6f44bec2833d451aec36cc714e1ecf3827c38 Stack trace of thread 45794: #0 0x00007fe35b30a779 __clone3 (libc.so.6 + 0x10a779) ELF object binary architecture: AMD x86-64 (ert-test-failed ((should (eql status 0)) :form (eql "Bad system call" 0) :value nil)) FAILED 3/7 emacs-tests/seccomp/allows-stdout (0.469686 sec) at src/emacs-tests.el:122 passed 4/7 emacs-tests/seccomp/empty-file (0.018709 sec) passed 5/7 emacs-tests/seccomp/file-too-large (0.037040 sec) passed 6/7 emacs-tests/seccomp/forbids-subprocess (0.450736 sec) passed 7/7 emacs-tests/seccomp/invalid-file-size (0.032066 sec) Ran 7 tests, 5 results as expected, 2 unexpected (2022-08-20 13:47:49+0300, 1.870842 sec) 2 unexpected results: FAILED emacs-tests/bwrap/allows-stdout FAILED emacs-tests/seccomp/allows-stdout make[2]: *** [Makefile:174: src/emacs-tests.log] Error 1 make[2]: Leaving directory '/home/blc/.local/src/emacs/test' make[1]: *** [Makefile:240: src/emacs-tests] Error 2 make[1]: Leaving directory '/home/blc/.local/src/emacs/test' make: *** [Makefile:1022: test/emacs-tests] Error 2 --=-=-= Content-Type: text/plain This with: $ /lib/x86_64-linux-gnu/libc.so.6 GNU C Library (Debian GLIBC 2.34-3) stable release version 2.34. Copyright (C) 2021 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled by GNU CC version 11.3.0. libc ABIs: UNIQUE IFUNC ABSOLUTE > Hmm, I'm not sure we should allow clone3 unconditionally since it can do lots of > things, and I'd expect that its capabilities will only grow over time. OTOH, BPF > (or at least the libseccomp library) don't support pointer indirections which > would be needed to inspect the structure fields. See > https://lwn.net/Articles/822256/. > Any opinions? No opinion from me, but FWIW Docker seems to allow clone3 in its default policy: https://github.com/docker/docker-ce/commit/522fcd0056 https://github.com/containerd/containerd/pull/5982 Thanks, -- Basil In GNU Emacs 29.0.50 (build 1, x86_64-pc-linux-gnu, X toolkit, cairo version 1.16.0, Xaw3d scroll bars) of 2022-08-20 built on tia Repository revision: 3312710fd672021b17983ef2287dbd57a9a110a1 Repository branch: master Windowing system distributor 'The X.Org Foundation', version 11.0.12101004 System Description: Debian GNU/Linux bookworm/sid Configured using: 'configure 'CFLAGS=-Og -ggdb3' --config-cache --prefix=/home/blc/.local --enable-checking=structs --with-file-notification=yes --with-x-toolkit=lucid --with-x' Configured features: ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG JSON LCMS2 LIBOTF LIBSELINUX LIBSYSTEMD LIBXML2 M17N_FLT MODULES NOTIFY INOTIFY PDUMPER PNG RSVG SECCOMP SOUND SQLITE3 THREADS TIFF TOOLKIT_SCROLL_BARS WEBP X11 XAW3D XDBE XIM XINPUT2 XPM LUCID ZLIB Important settings: value of $LANG: en_IE.UTF-8 value of $XMODIFIERS: @im=ibus locale-coding-system: utf-8-unix Major mode: Lisp Interaction Minor modes in effect: tooltip-mode: t global-eldoc-mode: t eldoc-mode: t show-paren-mode: t electric-indent-mode: t mouse-wheel-mode: t tool-bar-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t blink-cursor-mode: t line-number-mode: t indent-tabs-mode: t transient-mark-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t Load-path shadows: None found. Features: (shadow sort mail-extr emacsbug message mailcap yank-media puny dired dired-loaddefs rfc822 mml mml-sec password-cache epa derived epg rfc6068 epg-config gnus-util text-property-search time-date subr-x mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader cl-loaddefs cl-lib sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils rmc iso-transl tooltip eldoc paren electric uniquify ediff-hook vc-hooks lisp-float-type elisp-mode mwheel term/x-win x-win term/common-win x-dnd tool-bar dnd fontset image regexp-opt fringe tabulated-list replace newcomment text-mode lisp-mode prog-mode register page tab-bar menu-bar rfn-eshadow isearch easymenu timer select scroll-bar mouse jit-lock font-lock syntax font-core term/tty-colors frame minibuffer nadvice seq simple cl-generic indonesian philippine cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese composite emoji-zwj charscript charprop case-table epa-hook jka-cmpr-hook help abbrev obarray oclosure cl-preloaded button loaddefs faces cus-face macroexp files window text-properties overlay sha1 md5 base64 format env code-pages mule custom widget keymap hashtable-print-readable backquote threads dbusbind inotify lcms2 dynamic-setting system-font-setting font-render-setting cairo x-toolkit xinput2 x multi-tty make-network-process emacs) Memory information: ((conses 16 36336 7449) (symbols 48 5084 0) (strings 32 13829 1888) (string-bytes 1 381827) (vectors 16 9205) (vector-slots 8 145425 12943) (floats 8 23 25) (intervals 56 236 0) (buffers 992 10)) --=-=-=--