Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
seccomp: allow sync_file_range2 on supported architectures.
On a ppc64le host, running postgres (tried with 9.4 to 9.6) gives the following
warning when trying to flush data to disks (which happens very frequently):

     WARNING: could not flush dirty data: Operation not permitted.

A quick dig in postgres source code indicate it uses sync_file_range(2) to
flush data; which on ppe64le and arm64 is translated to sync_file_range2(2)
for alignements reasons.

The profile did not allow sync_file_range2(2), making postgres sad because
it can not flush its buffers. arm_sync_file_range(2) is an ancient alias to
sync_file_range2(2), the syscall was renamed in Linux 2.6.22 when the same
syscall was added for PowerPC.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5862285)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
  • Loading branch information
thaJeztah committed Sep 14, 2020
1 parent 4748bb7 commit 61f1b4e
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions contrib/seccomp/seccomp_default.go
Expand Up @@ -454,11 +454,20 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {

// include by arch
switch runtime.GOARCH {
case "ppc64le":
s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
Names: []string{
"sync_file_range2",
},
Action: specs.ActAllow,
Args: []specs.LinuxSeccompArg{},
})
case "arm", "arm64":
s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
Names: []string{
"arm_fadvise64_64",
"arm_sync_file_range",
"sync_file_range2",
"breakpoint",
"cacheflush",
"set_tls",
Expand Down

0 comments on commit 61f1b4e

Please sign in to comment.