[Bug 1526358] Re: adding seccomp rule for socket() fails on i386 since kernel 4.3
Andy Whitcroft
apw at canonical.com
Wed Dec 16 14:29:55 UTC 2015
Running the example above the EFAULT is being generated in userspace.
Looking at libseccomp it seems we have a literal copy of the systemcall
table mapping call strings to local numbers. For 32bit the new system
calls are not filled in so they will fail. Esentially libseccomp and
the kernel headers are out of sync, so systemd thinks it can use real
mitigation on socket() but libseccomp does not think 32bit supports it.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1526358
Title:
adding seccomp rule for socket() fails on i386 since kernel 4.3
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1526358/+subscriptions
More information about the Ubuntu-server-bugs
mailing list