libseccomp 2.3.1 uses negative (pseudo) syscall numbers by default
Jamie Strandboge
jamie at canonical.com
Fri Jun 10 18:11:38 UTC 2016
On Fri, 2016-06-10 at 18:32 +0100, Dimitri John Ledkov wrote:
> Hello,
>
> New libseccomp is in yakkety proposed. There is a change, on some
> architecutres, w.r.t. to canonical representation of syscall
> numbers.....
>
> There are normal syscall numbers and multiplexed ones. And some are
> exposed as both - direct numbers and negative pseudo syscall numbers.
> All filtering should remain in place for both direct and pseudo
> numbers.
>
That's interesting.
> But I had to adjust our autopkgtests for this, and I'm wondering if
> there are any other pieces of software to fix as a result of this
> upstream change on some architectures (e.g. lxc, apparmor, click,
> snapd, juju, etc....)
>
AppArmor shouldn't care and click doesn't do anything with seccomp.
snapd does, but we take the syscall and use seccomp_syscall_resolve_name() from
libseccomp to get the syscall number to feed into seccomp_rule_add_* so it
should be fine.
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20160610/0f61cb99/attachment.pgp>
More information about the ubuntu-devel
mailing list