Control: fixed -1 libseccomp/2.5.5-1 Hi,
On 25.05.24 08:48, Tianon Gravi wrote:
Source: libseccomp Version: 2.5.4-1 Severity: normal X-Debbugs-Cc: tia...@debian.org Hi! When using Docker in bookworm (current stable) and trying to run containers based on newer distributions (like the recently released Alpine 3.20), they will sometimes attempt to invoke newer syscalls like fchmodat2. Due to the way syscalls that libseccomp does not know about interact with Docker's seccomp profiles, these sometimes get EPERM instead of ENOSYS like they should, which breaks their fallback. Is there any chance of getting these newer syscalls into some version in bookworm? (backports is very acceptable, but it *seems* like this might be appropriate for a stable update too? I very much defer to your wisdom/experience! <3)
I think this is suitable for a stable update. At least I've pushed the same kind of change to bullseye. I've opened #1071920 for the release team.
I think you're probably already way more aware than I am, but from my own look at the changes in the 2.5.5 upstream release, they're pretty minimal (a few typo fixes and the desired syscall table updates [1]), so perhaps 2.5.5 would be appropriate/sufficient and it's not necessary to backport the patch by itself
While the source changes of 2.5.5 look reasonably small, it looks different when you diff the tarballs with pre-generated C and autotools files. That's why I prefer to cherry-pick the commit. Cheers, Felix
