Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#4194 - procd fails to compile with SECCOMP on arm #9174

openwrt-bot opened this issue Dec 19, 2021 · 1 comment

FS#4194 - procd fails to compile with SECCOMP on arm #9174

openwrt-bot opened this issue Dec 19, 2021 · 1 comment


Copy link

@openwrt-bot openwrt-bot commented Dec 19, 2021


Compiling master with GLIBC on arm fails in procd trying to compile the list of syscall names (see below) when SECCOMP is enabled. The list of syscall names is generated in procd by the script using the following sed expression:

sed -r -n -e 's/^#define[ \t]+NR([a-z0-9]+)[ \t]+([ ()+0-9a-zNR_Linux]+)(.*)/ [\2] = "\1",/p'

However, the list of syscalls generated in the arm kernel takes the following form:

user_headers/include/asm/unistd-common.h:#define __NR_exit (__NR_SYSCALL_BASE + 1)

which does not match the sed expression, as it does not accept all capital letters. The resulting lines become:

[(_NR] = "waitid",

I am not very familiar with the context, but SECCOMP is a new option which is enabled by default, as per;a=commit;h=b118efa0d25f5b60226a9d316eb838dd6be22f78. Previously, in my builds at least, procd was not compiled with seccomp and no syscall list was generated. I could not find any suspicious recent changes and can't see a way how the sed script could work, unless I'm missing something obvious. I am also not sure what "NR_Linux" is supposed to do in the sed pattern.

Please note that this is a glibc build.

My configuration is almost the default one, with the following added:


The compilation errors look like this:

/home/openwrt/staging_dir/toolchain-arm_cortex-a7+neon-vfpv4_gcc-8.4.0_glibc_eabi/bin/arm-openwrt-linux-gnueabi-gcc -DEARLY_PATH="/usr/sbin:/usr/bin:/sbin:/bin" -DSECCOMP_SUPPORT -Dpreload_seccomp_EXPORTS -Os -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=hard -fmacro-prefix-map=/home/openwrt/build_dir/target-arm_cortex-a7+neon-vfpv4_glibc_eabi/procd-default/procd-2021-11-23-01ac2c45=procd-2021-11-23-01ac2c45 -Wformat -Werror=format-security -DPIC -fpic -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -flto -DNDEBUG -fPIC -Os -ggdb -Wall -Werror --std=gnu99 -Wmissing-declarations -MD -MT CMakeFiles/preload-seccomp.dir/jail/seccomp-oci.c.o -MF CMakeFiles/preload-seccomp.dir/jail/seccomp-oci.c.o.d -o CMakeFiles/preload-seccomp.dir/jail/seccomp-oci.c.o -c /home/openwrt/build_dir/target-arm_cortex-a7+neon-vfpv4_glibc_eabi/procd-default/procd-2021-11-23-01ac2c45/jail/seccomp-oci.c
In file included from /home/openwrt/build_dir/target-arm_cortex-a7+neon-vfpv4_glibc_eabi/procd-default/procd-2021-11-23-01ac2c45/jail/seccomp-oci.c:36:
/home/openwrt/build_dir/target-arm_cortex-a7+neon-vfpv4_glibc_eabi/procd-default/procd-2021-11-23-01ac2c45/jail/../syscall-names.h:3:4: error: '_NR' undeclared here (not in a function)
[(_NR] = "waitid",
/m/vm/a-dev/openwrt/build_dir/target-arm_cortex-a7+neon-vfpv4_glibc_eabi/procd-default/procd-2021-11-23-01ac2c45/jail/../syscall-names.h:3:9: error: expected ')' before ']' token
[(_NR] = "waitid",
~ ^

Copy link

@ynezz ynezz commented Mar 7, 2022

Should be fixed in 5d110c0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet

No branches or pull requests

2 participants