-
-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nspawn: add "swapcontext()" to seccomp whitelist for user contexts on ppc32 #9485
Comments
hmm, I'd probably add it to |
There are some modern programming languages use userspace context switches to implement coroutine features. PowerPC (32-bit) needs syscall "swapcontext" to get contexts or switch between contexts, which is special. Adding this rule should fix systemd#9485.
Sure, and it works fine here now. |
There are some modern programming languages use userspace context switches to implement coroutine features. PowerPC (32-bit) needs syscall "swapcontext" to get contexts or switch between contexts, which is special. Adding this rule should fix #9485.
There are some modern programming languages use userspace context switches to implement coroutine features. PowerPC (32-bit) needs syscall "swapcontext" to get contexts or switch between contexts, which is special. Adding this rule should fix systemd#9485. (cherry picked from commit a9518dc)
There are some modern programming languages use userspace context switches to implement coroutine features. PowerPC (32-bit) needs syscall "swapcontext" to get contexts or switch between contexts, which is special. Adding this rule should fix systemd#9485. (cherry picked from commit a9518dc)
This system call is only available on the 32- and 64-bit PowerPC, it is used by modern programming language implementations (such as gcc-go) to implement coroutine features through userspace context switches. Other container environment, such as Systemd nspawn already whitelist this system call in their seccomp profile [1] [2]. As such, it would be nice to also whitelist it in moby. This issue was encountered on Alpine Linux GitLab CI system, which uses moby, when attempting to execute gcc-go compiled software on ppc64le. [1]: systemd/systemd#9487 [2]: systemd/systemd#9485 Signed-off-by: Sören Tempel <soeren+git@soeren-tempel.net>
This system call is only available on the 32- and 64-bit PowerPC, it is used by modern programming language implementations (such as gcc-go) to implement coroutine features through userspace context switches. Other container environment, such as Systemd nspawn already whitelist this system call in their seccomp profile [1] [2]. As such, it would be nice to also whitelist it in moby. This issue was encountered on Alpine Linux GitLab CI system, which uses moby, when attempting to execute gcc-go compiled software on ppc64le. [1]: systemd/systemd#9487 [2]: systemd/systemd#9485 Signed-off-by: Sören Tempel <soeren+git@soeren-tempel.net> (cherry picked from commit 85eaf23) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
systemd version the issue has been seen with
From 96bedbe nspawn: replace syscall blacklist with a whitelist
... v239 v238 v237 v236 v235.
Unexpected behaviour you saw
Function
swapcontext
is out of system call filter whitelist of nspawn. Anyone of{get,set,make,swap}context
is not available on PowerPC 32-bit (i.e. PPC32) container by default.Use case: Fibers of Ruby is not available in PPC32 container.
https://bugs.ruby-lang.org/issues/14883
Steps to reproduce the problem
Part. 1
nspawn a PPC32 container, run Ruby code:
It should print "FOO", but it segmentation fault.
Part. 2
It should return 0, but it returned 1 (EPERM).
Notes
A fiber uses
getcontext()
function to get the current context, to construct a new context, and usesmakecontext()
to switch context, so we have a nice lightweight userspace "thread" (or coroutine, fiber etc.).The underlying call of
getcontext()
depends on architectures.I checked source code from glibc (
/sysdeps/unix/sysv/linux
):We already have
{,rt_}sigprocmask
in whitelist now (@signal
), but there is noswapcontext
.systemd/src/shared/seccomp-util.c
Lines 723 to 740 in 2479c4f
The syscall
swapcontext()
is a kind of mixture of{get,set,make,swap}context
. Semantically it may be not suitable for@signal
, we can put it in here:systemd/src/nspawn/nspawn-seccomp.c
Lines 57 to 60 in 2479c4f
The text was updated successfully, but these errors were encountered: