Summary: | sys-apps/file-5.39-r4: stabilisation (was: sys-apps/file-5.39-r3: Invalid system call error (futex) with USE="seccomp -lzma") | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Linux | Reporter: | Ivo Šmerek <ivo97> | ||||||
Component: | Stabilization | Assignee: | Gentoo's Team for Core System packages <base-system> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | normal | CC: | axiator, daks18, sam | ||||||
Priority: | Normal | Keywords: | CC-ARCHES | ||||||
Version: | unspecified | Flags: | nattka:
sanity-check+
|
||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | https://bugs.astron.com/view.php?id=241 | ||||||||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=776988 | ||||||||
Whiteboard: | |||||||||
Package list: |
sys-apps/file-5.39-r4
|
Runtime testing required: | --- | ||||||
Attachments: |
|
Description
Ivo Šmerek
2021-02-17 14:30:52 UTC
Created attachment 687285 [details]
emerge --info output
Created attachment 687288 [details]
strace output
Note that upstream allow futex() [0] when XZLIBSUPPORT is defined (i.e. lzma support): >#ifdef XZLIBSUPPORT > ALLOW_RULE(futex); >#endif We probably need upstream to tell us whether futex is expected in general use, but it's not exactly a controversial syscall. It's easy for us to add it to the general whitelist for now. [0] https://github.com/file/file/blob/ec05878d72180287d84397819c5e3e127551ce46/src/seccomp.c#L179 Here the command with the -z parameter fails (also as root) with the seccomp use flag: "file -L -z ebook.epub" ebook.epub: Bad system call Seems to work otherwise. sys-apps/file-5.39-r3 (bzip2 seccomp zlib -lzma -python -static-libs ABI_MIPS="-n32 -n64 -o32" ABI_S390="-32 -64" ABI_X86="32 64 -x32" PYTHON_TARGETS="python3_8 -python3_7 -python3_9") Building with USE="-seccomp" fixes the issue with -z parameter. The -z is used by default by app-misc/mc. (In reply to Jaakko Perttilä from comment #4) > Here the command with the -z parameter fails (also as root) with the seccomp > use flag: "file -L -z ebook.epub" > ebook.epub: Bad system call > > Seems to work otherwise. > > sys-apps/file-5.39-r3 (bzip2 seccomp zlib -lzma -python -static-libs > ABI_MIPS="-n32 -n64 -o32" ABI_S390="-32 -64" ABI_X86="32 64 -x32" > PYTHON_TARGETS="python3_8 -python3_7 -python3_9") > > Building with USE="-seccomp" fixes the issue with -z parameter. The -z is > used by default by app-misc/mc. We'll need strace from you too on that command: strace file -L -z ebook.epub. It is possible we will need a separat Reported upstream. Will apply workaround in Gentoo soon. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b30e5f884f0602a68780d2c4d9c3ebe9e418a5c commit 5b30e5f884f0602a68780d2c4d9c3ebe9e418a5c Author: Sam James <sam@gentoo.org> AuthorDate: 2021-03-11 16:45:05 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-03-11 16:46:41 +0000 sys-apps/file: allow futex() syscall unconditionally In some cases, the futex() syscall is emitted even if lzma support is not compiled in. Allow it unconditionally for now. Bug: https://bugs.gentoo.org/771096 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/file/file-5.39-r4.ebuild | 147 +++++++++++++++++++++ .../file/files/file-5.39-allow-futex-seccomp.patch | 18 +++ 2 files changed, 165 insertions(+) r4 seems to work without a problem for me. x86 done amd64 done sparc done ppc64 done ppc done hppa stable arm64 done s390 stable arm done all arches done *** Bug 779940 has been marked as a duplicate of this bug. *** |