[Touch-packages] [Bug 1867488] Re: APT::Sandbox::Seccomp prevents connect, sendto, socket syscalls on Focal

Tue, 24 Mar 2020 05:56:09 -0700 

I'm happy to report that apt version 2.0.0 fixed this bug, thanks!

$ apt-cache policy apt
apt:
  Installed: 2.0.0
  Candidate: 2.0.0
  Version table:
 *** 2.0.0 500
        500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
        100 /var/lib/dpkg/status

** Changed in: apt (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1867488

Title:
  APT::Sandbox::Seccomp prevents connect,sendto,socket syscalls on Focal

Status in apt package in Ubuntu:
  Fix Released

Bug description:
  # Steps to reproduce:

  $ lxc launch images:ubuntu/focal fa1
  $ lxc shell fa1
  root@fa1:~# echo 'APT::Sandbox::Seccomp "true";' > 
/etc/apt/apt.conf.d/01apt-seccomp
  root@fa1:~# rm /var/lib/apt/lists/*Release   # makes sure we fetch stuff from 
the network
  root@fa1:~# apt-get update
  Hit:1 http://security.ubuntu.com/ubuntu focal-security InRelease
  Get:2 http://archive.ubuntu.com/ubuntu focal InRelease [255 kB]
  Hit:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease
  Get:4 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages [976 kB]
  Get:5 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages [8,623 
kB]
  30% [4 Packages store 0 B] [5 Packages 100 kB/8,623 kB 1%]
   **** Seccomp prevented execution of syscall 0000000041 on architecture amd64 
****
  Reading package lists... Done
  E: Method store has died unexpectedly!
  E: Sub-process store returned an error code (31)

  This was tested in a container as well as inside a VM, same issue.
  This used to work with Bionic.

  # Workaround

  Fortunately, apt supports manual whitelisting of syscalls. A
  workaround is to allow 3 more syscalls.

  root@fa1:~# echo 'APT::Sandbox::Seccomp::Allow
  "connect,sendto,socket";' >> /etc/apt/apt.conf.d/01apt-seccomp

  # Additional information

  root@fa1:~# lsb_release -rd
  Description:  Ubuntu Focal Fossa (development branch)
  Release:      20.04

  root@fa1:~# uname -a
  Linux fa1 5.3.0-40-generic #32~18.04.1-Ubuntu SMP Mon Feb 3 14:05:59 UTC 2020 
x86_64 x86_64 x86_64 GNU/Linux

  root@fa1:~# apt-cache policy apt libc-bin
  apt:
    Installed: 1.9.10
    Candidate: 1.9.10
    Version table:
   *** 1.9.10 500
          500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
          100 /var/lib/dpkg/status
  libc-bin:
    Installed: 2.31-0ubuntu5
    Candidate: 2.31-0ubuntu5
    Version table:
   *** 2.31-0ubuntu5 500
          500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
          100 /var/lib/dpkg/status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1867488/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to