Public bug reported:
Whenever I start chromium's snap, I get the following messages:
Aug 6 10:50:08 simon-lemur kernel: [10608.138795] audit: type=1326
audit(1596725407.998:159): auid=1000 uid=1000 gid=1000 ses=2 pid=32290
comm="chrome" exe="/snap/chromium/1244/usr/lib/chromium-browser/chrome" sig=0
arch=c000003e syscall=203 compat=0 ip=0x7f8f31df4b9f code=0x50000
...{repeats 3 times}...
Aug 6 10:50:08 simon-lemur org.gnome.Shell.desktop[3092]: WARNING: Kernel has
no file descriptor comparison support: Operation not permitted
Aug 6 10:50:08 simon-lemur kernel: [10608.433753] audit: type=1326
audit(1596725408.290:163): auid=1000 uid=1000 gid=1000 ses=2 pid=32290
comm="ThreadPoolForeg"
exe="/snap/chromium/1244/usr/lib/chromium-browser/chrome" sig=0 arch=c000003e
syscall=312 compat=0 ip=0x7f8f2b614959 code=0x50000
...{repeats 4 times}...
According to
https://github.com/torvalds/linux/blob/master/arch/x86/entry/syscalls/syscall_64.tbl,
it seems that syscall 203 is sys_sched_setaffinity and 312 is sys_kcmp.
The blocking of sys_kcmp could probably explain the "WARNING: Kernel has
no file descriptor comparison support: Operation not permitted" message
from org.gnome.Shell.desktop.
Additional information
$ uname -a
Linux simon-lemur 5.4.0-42-generic #46~18.04.1-Ubuntu SMP Fri Jul 10 07:21:24
UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ lsb_release -rd
Description: Ubuntu 18.04.4 LTS
Release: 18.04
$ apt-cache policy snapd
snapd:
Installed: 2.45.1+18.04.2
Candidate: 2.45.1+18.04.2
Version table:
*** 2.45.1+18.04.2 500
500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu bionic-security/main amd64
Packages
100 /var/lib/dpkg/status
2.32.5+18.04 500
500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages
$ snap info chromium
name: chromium
summary: Chromium web browser, open-source version of Chrome
publisher: Canonical✓
store-url: https://snapcraft.io/chromium
contact:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bugs?field.tag=snap
license: unset
description: |
An open-source browser project that aims to build a safer, faster, and more
stable way for all
Internet users to experience the web.
commands:
- chromium.chromedriver
- chromium
snap-id: XKEcBqPM06H1Z7zGOdG5fbICuf8NWK5R
tracking: latest/stable
refresh-date: 7 days ago, at 11:45 EDT
channels:
latest/stable: 84.0.4147.105 2020-07-30 (1244) 166MB -
latest/candidate: 84.0.4147.105 2020-07-30 (1244) 166MB -
latest/beta: 85.0.4183.49 2020-07-31 (1248) 167MB -
latest/edge: 86.0.4221.3 2020-08-05 (1257) 167MB -
installed: 84.0.4147.105 (1244) 166MB -
** Affects: chromium-browser (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1890625
Title:
chromium: missing syscalls whitelist from seccomp
Status in chromium-browser package in Ubuntu:
New
Bug description:
Whenever I start chromium's snap, I get the following messages:
Aug 6 10:50:08 simon-lemur kernel: [10608.138795] audit: type=1326
audit(1596725407.998:159): auid=1000 uid=1000 gid=1000 ses=2 pid=32290
comm="chrome" exe="/snap/chromium/1244/usr/lib/chromium-browser/chrome" sig=0
arch=c000003e syscall=203 compat=0 ip=0x7f8f31df4b9f code=0x50000
...{repeats 3 times}...
Aug 6 10:50:08 simon-lemur org.gnome.Shell.desktop[3092]: WARNING: Kernel
has no file descriptor comparison support: Operation not permitted
Aug 6 10:50:08 simon-lemur kernel: [10608.433753] audit: type=1326
audit(1596725408.290:163): auid=1000 uid=1000 gid=1000 ses=2 pid=32290
comm="ThreadPoolForeg"
exe="/snap/chromium/1244/usr/lib/chromium-browser/chrome" sig=0 arch=c000003e
syscall=312 compat=0 ip=0x7f8f2b614959 code=0x50000
...{repeats 4 times}...
According to
https://github.com/torvalds/linux/blob/master/arch/x86/entry/syscalls/syscall_64.tbl,
it seems that syscall 203 is sys_sched_setaffinity and 312 is
sys_kcmp. The blocking of sys_kcmp could probably explain the
"WARNING: Kernel has no file descriptor comparison support: Operation
not permitted" message from org.gnome.Shell.desktop.
Additional information
$ uname -a
Linux simon-lemur 5.4.0-42-generic #46~18.04.1-Ubuntu SMP Fri Jul 10 07:21:24
UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ lsb_release -rd
Description: Ubuntu 18.04.4 LTS
Release: 18.04
$ apt-cache policy snapd
snapd:
Installed: 2.45.1+18.04.2
Candidate: 2.45.1+18.04.2
Version table:
*** 2.45.1+18.04.2 500
500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64
Packages
500 http://security.ubuntu.com/ubuntu bionic-security/main amd64
Packages
100 /var/lib/dpkg/status
2.32.5+18.04 500
500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages
$ snap info chromium
name: chromium
summary: Chromium web browser, open-source version of Chrome
publisher: Canonical✓
store-url: https://snapcraft.io/chromium
contact:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bugs?field.tag=snap
license: unset
description: |
An open-source browser project that aims to build a safer, faster, and more
stable way for all
Internet users to experience the web.
commands:
- chromium.chromedriver
- chromium
snap-id: XKEcBqPM06H1Z7zGOdG5fbICuf8NWK5R
tracking: latest/stable
refresh-date: 7 days ago, at 11:45 EDT
channels:
latest/stable: 84.0.4147.105 2020-07-30 (1244) 166MB -
latest/candidate: 84.0.4147.105 2020-07-30 (1244) 166MB -
latest/beta: 85.0.4183.49 2020-07-31 (1248) 167MB -
latest/edge: 86.0.4221.3 2020-08-05 (1257) 167MB -
installed: 84.0.4147.105 (1244) 166MB -
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1890625/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
