I believe the patch you're mentioning is worth backporting to Bionic and
Eoan is this:
$ git log -1 -p be65b26b67099be2b2b4890d736dbd1ad15adf36 | diffstat
include/seccomp-syscalls.h | 208 +++++++++++++++++++++++++++++++++++++++++-
src/arch-aarch64-syscalls.c | 35 ++++++-
src/arch-arm-syscalls.c | 35 ++++++-
src/arch-mips-syscalls.c | 51 ++++++++--
src/arch-mips64-syscalls.c | 31 ++++++
src/arch-mips64n32-syscalls.c | 31 ++++++
src/arch-parisc-syscalls.c | 33 ++++++
src/arch-ppc-syscalls.c | 51 ++++++++--
src/arch-ppc64-syscalls.c | 53 ++++++++--
src/arch-s390-syscalls.c | 57 ++++++++---
src/arch-s390.c | 160 ++++++++++++++++++++++++++++----
src/arch-s390x-syscalls.c | 59 ++++++++---
src/arch-s390x.c | 160 ++++++++++++++++++++++++++++----
src/arch-x32-syscalls.c | 31 ++++++
src/arch-x86-syscalls.c | 105 ++++++++++++++++++---
src/arch-x86.c | 161 ++++++++++++++++++++++++++++----
src/arch-x86_64-syscalls.c | 31 ++++++
17 files changed, 1150 insertions(+), 142 deletions(-)
and to be honest that seems appropriate as it only updates the tables
and allows supporting newer system calls for all arches.
** Changed in: libseccomp (Ubuntu)
Status: New => Triaged
** Also affects: libseccomp (Ubuntu Focal)
Importance: Undecided
Status: Triaged
** Also affects: libseccomp (Ubuntu Eoan)
Importance: Undecided
Status: New
** Also affects: libseccomp (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: libseccomp (Ubuntu Disco)
Importance: Undecided
Status: New
** Changed in: libseccomp (Ubuntu Focal)
Status: Triaged => Fix Released
** Changed in: libseccomp (Ubuntu Eoan)
Status: New => Confirmed
** Changed in: libseccomp (Ubuntu Disco)
Status: New => Won't Fix
** Changed in: libseccomp (Ubuntu Bionic)
Status: New => Confirmed
** Tags added: server-next
** Changed in: libseccomp (Ubuntu Bionic)
Status: Confirmed => Triaged
** Changed in: libseccomp (Ubuntu Eoan)
Status: Confirmed => Triaged
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1868720
Title:
backport time64 syscalls whitelist
Status in libseccomp package in Ubuntu:
Fix Released
Status in libseccomp source package in Bionic:
Triaged
Status in libseccomp source package in Disco:
Won't Fix
Status in libseccomp source package in Eoan:
Triaged
Status in libseccomp source package in Focal:
Fix Released
Bug description:
A number of new *time64 syscalls are introduced in newer kernel series
(>=5.1.x):
403: clock_gettime64
404: clock_settime64
405: clock_adjtime64
406: clock_getres_time64
407: clock_nanosleep_time64
408: timer_gettime64
409: timer_settime64
410: timerfd_gettime64
411: timerfd_settime64
412: utimensat_time64
413: pselect6_time64
414: ppoll_time64
In particular utimensat_time64 is now used inside glibc>=2.31
In turn ubuntu with has trouble running docker images of newer distros.
This problem affects libseccomp<2.4.2, ie bionic (lts), and eoan, but not
focal.
See a similar report at Fedora:
https://bugzilla.redhat.com/show_bug.cgi?id=1770154
A solution could be to backport the related changes from 2.4.2
similarly to what happened for the statx whitelisting
(https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1755250).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1868720/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
