On Thu, 2018-03-08 at 13:38 +0000, Colin Watson wrote: > Hmm, this doesn't seem to show a SIGSYS, and man exited 0.
I added some debugging to groff and looked at the code.
It seems that groff passes on a SIGPIPE it receives to its children via
kill(pids[j], SIGPIPE) but man-db does not allow it to do that due to
the seccomp filter. The SIGPIPE seems to be sent to man-db initially.
I managed to workaround the issue with a simple patch to man-db:
--- a/lib/sandbox.c
+++ b/lib/sandbox.c
@@ -257,6 +257,7 @@ scmp_filter_ctx make_seccomp_filter (int
SC_ALLOW ("exit");
SC_ALLOW ("exit_group");
SC_ALLOW ("futex");
+ SC_ALLOW ("kill");
SC_ALLOW ("get_robust_list");
SC_ALLOW ("get_thread_area");
SC_ALLOW ("getegid");
--
bye,
pabs
https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
