This bug was fixed in the package libseccomp - 2.3.1-2.1ubuntu4.1
---
libseccomp (2.3.1-2.1ubuntu4.1) bionic; urgency=medium
* d/p/lp-1755250-add-the-statx-syscall.patch: add statx support (LP: #1755250)
* d/p/lp-1815415-*: Add syscalls up to kernel 4.15 (LP: #1815415)
-- Christ
Hi,
it has been released for Cosmic already.
Some tests were blocking it for Bionic but I resolved those already.
It should be released the next time an SRU member will look at this.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
http
Has this been released ?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1755250
Title:
backport statx syscall whitelist fix
To manage notifications about this bug go to:
https://bugs.launchpad.net/u
Tests were just flaky as assumed, retried and good now
** Changed in: libseccomp (Ubuntu Bionic)
Status: Incomplete => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1755250
Title
Thank you for testing! I see some lxc ADT regressions reported for this
upload in bionic. Can you take a look and check if it's all unrelated,
just-in-case?
** Changed in: libseccomp (Ubuntu Bionic)
Status: Fix Committed => Incomplete
--
You received this bug notification because you are
Ok for me too, I just installed libseccomp2_2.3.1-2.1ubuntu4.1_amd64.deb
and it works:
Step 16/18 : RUN gcc test-statx.c -o test-statx
---> Running in 501935bb923d
Removing intermediate container 501935bb923d
---> a47f15cd6fc8
Step 17/18 : RUN touch test-file
---> Running in 1038f76ad915
Removi
Testing as-is
(remember to clean old images if you have tested the ppa on the same system
before)
$ docker system prune -a
... Test steps ...
Step 8/8 : RUN ./test-statx test-file
---> Running in 60210feb0c2e
test-file: Operation not permitted
statx(test-file) = -1
The command '/bin/sh -c ./test
Hello xantares, or anyone else affected,
Accepted libseccomp into bionic-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/libseccomp/2.3.1-2.1ubuntu4.1 in a
few hours, and then in the -proposed repository.
Please help us by testing this new package. S
hello,
how long does it take usually for ubuntu to review the changes ?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1755250
Title:
backport statx syscall whitelist fix
To manage notifications ab
All pre-checks and tests complete, and uploaded to the SRU review queue
** Changed in: libseccomp (Ubuntu Bionic)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/17
I opened a MP [1] for review by different parties:
- you (@xantares) as the original author if you are fine with my polishing
- security to get their ack on it
- server-team to spot silly errors that I might have missed or done
[1]:
https://code.launchpad.net/~paelzer/ubuntu/+source/libseccomp/+gi
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu/+source/libseccomp/+git/libseccomp/+merge/362906
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1755250
Title:
backport statx
Ok, tests worked fine for me - I added all I had as SRU template in the
bug description.
** Description changed:
+ [Impact]
+
+ * Some newer workloads fail due to libseccomp as in Bionic lacking
+ statx support
+
+ * This backports the syscall definitions for statx to Bionic to allow
+ to man
Hi I polished your patch a bit and I'm currently testing it in PPA [1].
If you can give it a try as well.
I have created an SRU Teamplate and more detailed test steps and will
add them once they hopefully succeed on the prepare PPA. Otherwise I'll
ping here for you to revisit the change.
[1]: htt
The attachment "libsecomp231-statx.patch" seems to be a patch. If it
isn't, please remove the "patch" flag from the attachment, remove the
"patch" tag, and if you are a member of the ~ubuntu-reviewers,
unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by
~bri
here is a patch against libseccomp 2.3.1 in bionic (on top of the debian risc
port patch)
I manually applied changes from libseccomp 2.3.3 that reference the
statx syscalls
for the risc part i used the diff from
https://github.com/seccomp/libseccomp/blob/2a70ad4f3e8ab80e88f0662a760f4ef1d9219205/
I can confirm that this bug is solved in Ubuntu Cosmic (18.10) with
Docker 18.06.1 and libseccomp 2.3.3.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1755250
Title:
backport statx syscall whitelist
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: docker.io (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1755250
Title:
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: libseccomp (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1755250
Title:
This is indeed pretty important for some use-cases so we should try to
come up with a reasonable solution.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1755250
Title:
backport statx syscall whiteli
Tianon is right, runc silently discards syscalls it doesn't know about:
https://github.com/opencontainers/runc/blob/ecd55a4135e0a26de884ce436442914f945b1e76/libcontainer/seccomp/seccomp_linux.go#L168-L173
This affects other syscalls, like preadv2:
https://github.com/opencontainers/runtime-spec/iss
** Also affects: libseccomp (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1755250
Title:
backport statx syscall whitelist fix
To manage notifica
Looking into this deeper -- applying this patch for bionic will have
net-zero effect, given this comment:
https://github.com/moby/moby/pull/36417#issuecomment-369266565
For this patch to do anything, "libseccomp" needs to be at least version
2.3.3, and bionic is only at 2.3.1 (so the added line wo
This looks like a simple fix, if indeed all it takes is that upstream
couple of one-liners. @mwhydson, do you have any comments?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1755250
Title:
backport
Hi,
Could this fix be backported now that docker 17.12 is in bionic and
(docker is 18.04 out too with the fix).
xan.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1755250
Title:
backport statx sys
Indeed, looks like this fix isn't in a released version at all yet
(likely to be in 18.04).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1755250
Title:
backport statx syscall whitelist fix
To mana
Unfortunately that's not recent enough: the bug has just been fixed a
few days ago and will need some backporting.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1755250
Title:
backport statx syscall
** Bug watch added: github.com/docker/for-linux/issues #208
https://github.com/docker/for-linux/issues/208
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1755250
Title:
backport statx syscall whit
28 matches
Mail list logo
