I get this when trying to emerge pax-utils-1.1.4 with USE=seccomp on a hardened-musl system (from desktop-amd64-musl-hardened-20151015 snapshot). My kernel config has CONFIG_SECCOMP=Y and CONFIG_SECCOMP_FILTER=Y This seems related to #558482 (but that one was for glibc not musl) Reproducible: Always
This should really be cc gentoo-musl@lists.gentoo.org as per the https://wiki.gentoo.org/wiki/Project:Hardened_musl/Bluedragon page but Bugzilla won't let me add it
build pax-utils with USE=debug and then post a log of it failing
Created attachment 424992 [details, diff] Patch to add missing writev to security.c The cause of the invalid syscall is because of writev. Explanation: audit shows that this syscall is number 20. audit: type=1326 audit(1454957403.169:8): auid=1000 uid=0 gid=0 ses=1 pid=1637 comm="scanelf" exe="/var/tmp/portage/app-misc/pax-utils-1.1.4/work/pax-utils-1.1.4/scanelf" sig=31 arch=c000003e syscall=20 compat=0 ip=0x7f938cc81e8c code=0x0 According to the syscall table this is writev. By adding writev to pax_seccomp_init in security.c the invalid syscall is gone.
Created attachment 424998 [details, diff] Add missing syscalls according to kernel log. when checking other programs installed by pax-utils, it turns out that scanelf is not the only program suffering invalid syscalls. pspax is also affected. psax apparently needs readv and shmctl as well(according to the logs): audit: type=1326 audit(1454958866.200:12): auid=1000 uid=0 gid=0 ses=1 pid=5433 comm="pspax" exe="/var/tmp/portage/app-misc/pax-utils-1.1.4/work/pax-utils-1.1.4/pspax" sig=31 arch=c000003e syscall=19 compat=0 ip=0x7f428d8badcb code=0x0 audit: type=1326 audit(1454958901.306:13): auid=1000 uid=0 gid=0 ses=1 pid=5549 comm="pspax" exe="/var/tmp/portage/app-misc/pax-utils-1.1.4/work/pax-utils-1.1.4/pspax" sig=31 arch=c000003e syscall=19 compat=0 ip=0x7f36cbc18dcb code=0x0 attached an updated patch including those syscalls as well.
(In reply to Mias van Klei from comment #4) those logs show writev & readv, but not shmctl. where do you see shmctl ? remember that sig=31 is the signal, not the syscall.
Created attachment 425156 [details, diff] Add missing syscalls for musl I looked wrong. So shmctl is not needed. I'll update patch accordingly.
should be fixed by this: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=636c3d42a64a248945ca4c68f5fef605cc55f423 thanks for testing!