From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Philipp Stephani Newsgroups: gmane.emacs.bugs Subject: bug#47708: 28.0.50; SIGSYS test failure with seccomp-filter.bpf Date: Sun, 11 Apr 2021 19:52:42 +0200 Message-ID: References: <87r1jharjy.fsf@tcd.ie> <87h7kcpww3.fsf@tcd.ie> <875z0spwm6.fsf@tcd.ie> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="11860"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 47708@debbugs.gnu.org To: "Basil L. Contovounesios" Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sun Apr 11 19:53:10 2021 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lVeGk-0002yi-77 for geb-bug-gnu-emacs@m.gmane-mx.org; Sun, 11 Apr 2021 19:53:10 +0200 Original-Received: from localhost ([::1]:45966 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lVeGj-0007AB-8O for geb-bug-gnu-emacs@m.gmane-mx.org; Sun, 11 Apr 2021 13:53:09 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:44594) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lVeGc-0007A4-R4 for bug-gnu-emacs@gnu.org; Sun, 11 Apr 2021 13:53:02 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:44286) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lVeGc-0000yL-IM for bug-gnu-emacs@gnu.org; Sun, 11 Apr 2021 13:53:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lVeGc-0002jw-GM for bug-gnu-emacs@gnu.org; Sun, 11 Apr 2021 13:53:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Philipp Stephani Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 11 Apr 2021 17:53:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 47708 X-GNU-PR-Package: emacs Original-Received: via spool by 47708-submit@debbugs.gnu.org id=B47708.161816358110525 (code B ref 47708); Sun, 11 Apr 2021 17:53:02 +0000 Original-Received: (at 47708) by debbugs.gnu.org; 11 Apr 2021 17:53:01 +0000 Original-Received: from localhost ([127.0.0.1]:55832 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lVeGb-0002jh-8I for submit@debbugs.gnu.org; Sun, 11 Apr 2021 13:53:01 -0400 Original-Received: from mail-ot1-f49.google.com ([209.85.210.49]:47062) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lVeGZ-0002jT-4j for 47708@debbugs.gnu.org; Sun, 11 Apr 2021 13:52:59 -0400 Original-Received: by mail-ot1-f49.google.com with SMTP id d3-20020a9d29030000b029027e8019067fso8747091otb.13 for <47708@debbugs.gnu.org>; Sun, 11 Apr 2021 10:52:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=UR4YnEswZdYFqKanyQAdeaf6TAP+1RV55pNQG5xxaLo=; b=Jf+3DqbNlmT7MTA7aVOSrzcpRtXq34xHPna8uUKA1gFdA7Af+dXNPlfcgcNeg/zunB 7TYYyMmOiSi0teSx8gqIIcOK9H8EROLcIlo+yJfrC6+VA6l9J1MFkAqqugVKhil5Aa11 O1N0fAEHF3GbvE6tD2aIdqRAkFIQ7kWjXCMfdTtAKfbTmDu1uK/cWW4O6uxhHOGxygbG GV3TUMe8a8/RVWHJ6bPKnr5Szuq/zkiJcRJMrQRFscoi/llUhNoDuSgf++ncJRdm4Qzn NXXWam/X3A6MEPR9FDc1KhT0WN0lxIUeGfSs32veylCMD5ijm7GdzV5m21iNCrtroPuU 2S0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=UR4YnEswZdYFqKanyQAdeaf6TAP+1RV55pNQG5xxaLo=; b=L90GpEBe2SANn03vhQqLyTWg8KIwioDJpvHKJ//OPduVsosGk9aC/Y/+RvI9Uu4kaa YcWwWFpojZJ26nJCLRRn9eRmG0GCITY/4VPEuNqhtkFPAqP3Qd9D3vDI0wC9uhX95ptp KIwspoVOMA+zH29EHGHHn/phGBgZHpA3PkQ97pUPWU5J5x3u9edFgCizj1JcLaAW6F0I ZGYZF1ovrRDwxk7fXk8R2S0k8r87rUPfrKGr62MUBB+nxH9P7Z91SpFhm7q2B/gB8M15 1NiTZhKbVzthiCc+Gieky7lk7IClcHJCl1p7lOBTdfbnK9KfjJCiedErGorSrsclwap6 w9/Q== X-Gm-Message-State: AOAM532f4ahaTMvdC68cLaQxS7G2VXmJAKopR43JowSse+mHkYjIHEqp 0uAJF/ZOpT5ZUPxKfMRKW7b8/x5hPnSYYXaMnOM= X-Google-Smtp-Source: ABdhPJw68xY/QAvhpTpRQwBojlZouqJUJFV2VyWVnBJLAyAnXajQgLkNtOdCQ6y84nrnwVrwhauuSL0RIGp8t82ZAEo= X-Received: by 2002:a05:6830:4121:: with SMTP id w33mr20401668ott.153.1618163573453; Sun, 11 Apr 2021 10:52:53 -0700 (PDT) In-Reply-To: <875z0spwm6.fsf@tcd.ie> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:203854 Archived-At: Am So., 11. Apr. 2021 um 19:19 Uhr schrieb Basil L. Contovounesios : > > "Basil L. Contovounesios" writes: > > > Philipp Stephani writes: > > > >> Could you check which syscall exactly is failing, e.g. using > >> journalctl -g SECCOMP -t audisp-syslog > >> (assuming that system uses systemd and seccomp audit logging is enable= d). > > > > After running: > > > > ./src/emacs -Q -batch -seccomp test/src/emacs-resources/seccomp-filte= r.bpf > > > > the last audit in 'sudo journalctl -g SECCOMP' is: > > > > Apr 11 18:08:56 tia audit[25251]: SECCOMP auid=3D1000 uid=3D1000 gid= =3D1000 > > ses=3D3 subj=3D=3Dunconfined pid=3D25251 comm=3D"emacs" > > exe=3D"/home/blc/.local/src/emacs/src/emacs" sig=3D31 arch=3Dc000003e > > syscall=3D228 compat=3D0 ip=3D0x7fff7f1f7a7d code=3D0x80000000 > > > > Looking up syscall 228 online points to clock_gettime, just like in the > > GDB log I attached in my previous message. > > I don't know whether this is relevant, but 'man 2 seccomp' has the > following to say about clock_gettime: > > Caveats > There are various subtleties to consider when applying seccomp fil= ters > to a program, including the following: > > * Some traditional system calls have user-space implementations in= the > vdso(7) on many architectures. Notable examples include clock_= get=E2=80=90 > time(2), gettimeofday(2), and time(2). On such architectures, = sec=E2=80=90 > comp filtering for these system calls will have no effect. (= How=E2=80=90 > ever, there are cases where the vdso(7) implementations may = fall > back to invoking the true system call, in which case seccomp fil= ters > would see the system call.) > Nice catch. I think it should be fine to allow the clock system calls. I've now done that with commit ea5ea09244b762008bba509d8c58bad5835fb949.