Summary: | >=net-ftp/vsftpd-3.0.0: 500 OOPS: priv_sock_get_cmd with seccomp_sandbox=YES (default) | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | cyberbat <cyberbat83> |
Component: | Current packages | Assignee: | No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alexander, bertrand, bugs, cyberbat83, floppym, jarry, josef.cejka, mr.jarry, net-ftp, nikita.kipriyanov, sam, wired |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 713688 |
Description
cyberbat
2012-11-19 07:47:23 UTC
IIRC this will be fixed in the next upstream version I'm not sure if this is the same problem, but I get this message in ftp-client (500 OOPS: priv_sock_get_cmd) when I include "syslog_enable=YES" in vsftpd.conf. If I remove that option from vsftpd.conf, all works as expected... And one more thing: I noticed there is no message recorded to any log-file when I restart vsftpd (/etc/init.d/vsftpd restart). vsftpd is restarted and messages are printed on the console-screen, but not recorded to /var/log/messages or anywhere else... *** Bug 486092 has been marked as a duplicate of this bug. *** (In reply to Jarry from comment #2) > I'm not sure if this is the same problem, but I get this message in > ftp-client (500 OOPS: priv_sock_get_cmd) when I include "syslog_enable=YES" > in vsftpd.conf. If I remove that option from vsftpd.conf, all works as > expected... > > And one more thing: I noticed there is no message recorded to any log-file > when I restart vsftpd (/etc/init.d/vsftpd restart). vsftpd is restarted and > messages are printed on the console-screen, but not recorded to > /var/log/messages or anywhere else... Thank you! I confirm this. Insted of turning sandbox off we can just make it log to its own file not to syslog while waiting for fixed version. To next/fast readers: seccomp_sandbox=NO in vsftpd resolves the problem. I found it here first: https://bugzilla.redhat.com/show_bug.cgi?id=845980 and think setting seccomp_sandbox=NO should be default (added to example config by emerge) until this bug will be fixed (it rather won't be), because it took me about an hour to find "what I'm doing wrong with vsftpd configuration?" before I started to search a bug. *** Bug 644916 has been marked as a duplicate of this bug. *** I have had the *exact* same problem as cyberbat. The UNDOCUMENTED feature of seccomp_sandbox=NO has fixed the problem, after hours of hacking away at this problem. Happily, the server now behaves just as I want it to for internet facing connections. The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08b7452ea7abf8bfc814520d9b93b39e3b8cdc39 commit 08b7452ea7abf8bfc814520d9b93b39e3b8cdc39 Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2020-02-07 17:59:06 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2020-02-07 17:59:06 +0000 net-ftp/vsftpd: disable seccomp_sandbox by default Closes: https://bugs.gentoo.org/443898 Package-Manager: Portage-2.3.86_p1, Repoman-2.3.20_p43 Signed-off-by: Mike Gilbert <floppym@gentoo.org> .../files/vsftpd-disable-seccomp-sandbox.patch | 15 ++++++++ ...ftpd-3.0.3-r2.ebuild => vsftpd-3.0.3-r3.ebuild} | 45 ++++++++++++---------- 2 files changed, 40 insertions(+), 20 deletions(-) I'm keeping this bug open because the seccomp code in vsftpd is still broken. Disabling seccomp is a workaround that should be removed if the upstream developer ever fixes it. (In reply to Mike Gilbert from comment #9) > I'm keeping this bug open because the seccomp code in vsftpd is still > broken. Disabling seccomp is a workaround that should be removed if the > upstream developer ever fixes it. Thanks. Possible patch: https://github.com/opencomputeproject/Rack-Manager/blob/master/Contrib-Inspur/openbmc/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-syscalls-in-the-seccomp-sandbox.patch When I get a chance, I'll strace this and dig into it properly. The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd084561a392cdbfe60d4240abf7069b9c8d78bd commit fd084561a392cdbfe60d4240abf7069b9c8d78bd Author: Sam James <sam@gentoo.org> AuthorDate: 2021-06-08 09:15:09 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-06-08 09:15:46 +0000 net-ftp/vsftpd: add 3.0.4 Restores seccomp filtering as changes were made upstream. Closes: https://bugs.gentoo.org/443898 Signed-off-by: Sam James <sam@gentoo.org> net-ftp/vsftpd/Manifest | 1 + net-ftp/vsftpd/vsftpd-3.0.4.ebuild | 147 +++++++++++++++++++++++++++++++++++++ 2 files changed, 148 insertions(+) |