Service running as a snap can't access system's random stream

Seth Arnold seth.arnold at canonical.com
Fri May 8 00:39:50 UTC 2015


On Thu, May 07, 2015 at 08:01:35PM -0400, Artyom Astafurov wrote:
> On May 7, 2015 7:32 PM, "Seth Arnold" <seth.arnold at canonical.com> wrote:
> > On Thu, May 07, 2015 at 06:45:21PM -0400, Artyom Astafurov wrote:
> > > May  7 22:28:28 localhost kernel: [106958.973769] audit: type=1326
> > > audit(1431037708.930:44): auid=4294967295 uid=0 gid=0 ses=4294967295
> > > pid=3263 comm="random-test"
> > > exe="/apps/random-test.sideload/1.0.0/bin/armhf/random-test" sig=31
> > > arch=40000028 syscall=384 compat=0 ip=0x9a434 code=0x0
> >
> > type=1326 indicates that this operationg was blocked by seccomp:
> > #define AUDIT_SECCOMP           1326    /* Secure Computing event */
> > This is from the kernel source file include/uapi/linux/audit.h
> >
> > What architecture are you on? Syscall numbers are unique per-architecture.

> It's raspi2, armhf, armv7

Syscall 384 is getrandom(2) on arm:
#define __NR_getrandom                  (__NR_SYSCALL_BASE+384)
arch/arm/include/uapi/asm/unistd.h

This should be fixed when this package upload is accepted and new images
are rebuilt:
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1450642

Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20150507/0867bbac/attachment-0001.pgp>


More information about the snappy-devel mailing list