Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

f35: addconn needs more seccomp system calls #567

Closed
cagney opened this issue Dec 1, 2021 · 2 comments
Closed

f35: addconn needs more seccomp system calls #567

cagney opened this issue Dec 1, 2021 · 2 comments
Labels
regression Functionality that was tested and working. test framework problems with the test framework (KVM, NS, WWW, ...)

Comments

@cagney
Copy link
Collaborator

cagney commented Dec 1, 2021 

+type=SECCOMP msg=audit(XXX): auid=AUID uid=0 gid=0 ses=SES subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=PID comm="addconn" exe="PATH/libexec/ipsec/addconn" sig=31 arch=c000003e syscall=262 compat=0 ip=XXX
+type=SECCOMP msg=audit(XXX): auid=AUID uid=0 gid=0 ses=SES subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=PID comm="addconn" exe="PATH/libexec/ipsec/addconn" sig=31 arch=c000003e syscall=262 compat=0 ip=XXX

+#0 __GI___fstatat64 (fd=7, file=0x7f18d8b5fff5 "", buf=0x7ffc76ee2110, flag=4096) at ../sysdeps/unix/sysv/linux/fstatat64.c:162
+#1 0x00007f18d8a1cb43 in __GI__IO_file_doallocate (fp=0x7f18d7d66e20) at PATH/src/debug/glibc-2.34-8.fc35.x86_64/libio/libioP.h:947
+#2 0x00007f18d8a2a890 in __GI__IO_doallocbuf (fp=0x7f18d7d66e20) at PATH/src/debug/glibc-2.34-8.fc35.x86_64/libio/libioP.h:947
+#3 __GI__IO_doallocbuf (fp=fp@entry=0x7f18d7d66e20) at genops.c:342
+#4 0x00007f18d8a299bc in _IO_new_file_underflow (fp=0x7f18d7d66e20) at fileops.c:486
+#5 0x00007f18d8a2a946 in __GI__IO_default_uflow (fp=0x7f18d7d66e20) at PATH/src/debug/glibc-2.34-8.fc35.x86_64/libio/libioP.h:947
+#6 0x00007f18d8a1e27c in __GI__IO_getline_info (fp=fp@entry=0x7f18d7d66e20, buf=buf@entry=0x7ffc76ee2310 "\317\036", n=n@entry=1023, delim=delim@entry=10, extract_delim=extract_delim@entry=1, eof=eof@entry=0x0) at iogetline.c:60
+#7 0x00007f18d8a1e37c in __GI__IO_getline (fp=fp@entry=0x7f18d7d66e20, buf=buf@entry=0x7ffc76ee2310 "\317\036", n=n@entry=1023, delim=delim@entry=10, extract_delim=extract_delim@entry=1) at iogetline.c:34
+#8 0x00007f18d8a1d360 in _IO_fgets (buf=buf@entry=0x7ffc76ee2310 "\317\036", n=n@entry=1024, fp=fp@entry=0x7f18d7d66e20) at iofgets.c:53
+#9 0x00007f18d8c5fb73 in fgets (__stream=0x7f18d7d66e20, __n=1024, __s=0x7ffc76ee2310 "\317\036") at PATH/include/bits/stdio2.h:272
+#10 ub_ctx_hosts (ctx=0x7f18d8066e70, fname=fname@entry=0x55ebeee4fbbe "/etc/hosts") at libunbound/libunbound.c:1215
+#11 0x000055ebeee3e02a in unbound_ctx_config (do_dnssec=<optimized out>, rootfile=0x7f18d8058fe0 "/var/lib/unbound/root.key", trusted=0x0, logger=logger@entry=0x55ebeee64520 <progname_logger>) at /source/lib/libswan/unbound.c:63
+#12 0x000055ebeee3e6bb in unbound_sync_init (do_dnssec=<optimized out>, rootfile=<optimized out>, trusted=<optimized out>, logger=logger@entry=0x55ebeee64520 <progname_logger>) at /source/lib/libswan/unbound.c:226
+#13 0x000055ebeee21b27 in main (argc=2, argv=0x7ffc76ee3258) at /source/programs/addconn/addconn.c:416
@cagney cagney added regression Functionality that was tested and working. test framework problems with the test framework (KVM, NS, WWW, ...) labels Dec 1, 2021
@cagney cagney changed the title f32: addconn needs more seccomp system calls f35: addconn needs more seccomp system calls Dec 1, 2021
@paulwouters
Copy link
Member

~/> scmp_sys_resolver 262
newfstatat

@cagney
Copy link
Collaborator Author

cagney commented Dec 5, 2021

more are needed :-(

lsw-vault pushed a commit that referenced this issue Dec 5, 2021
@cagney
seccomp: add clone3 faccessat2 pselect6
cd8d5ae 
playing whack-a-mole; maybe fix #567
lsw-vault pushed a commit that referenced this issue Dec 7, 2021
@cagney
building: play wack-a-seccomp
68b51a3 
Wrap faccessat2 in #if SCMP_SYS(faccessat2)

more #567
lsw-vault pushed a commit that referenced this issue Dec 7, 2021
@bleve
building: more seccomp changes
d9eba7b 
Wrap clone3 in #if SCMP_SYS(clone3)

more #567
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
regression Functionality that was tested and working. test framework problems with the test framework (KVM, NS, WWW, ...)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cagney @paulwouters