Summary: | sys-apps/file-5.44: Fails to build with USE=seccomp due to a faccessat2 syscall with sys-apps/sandbox-2.30 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Li Chang Yi <a0939712328> |
Component: | Current packages | Assignee: | Gentoo's Team for Core System packages <base-system> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | a0939712328, sam, sandbox, toralf |
Priority: | Normal | Keywords: | PATCH |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=888980 https://bugs.gentoo.org/show_bug.cgi?id=915890 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | A patch that adds faccessat2 to the list of allowed syscalls in src/seccomp.c |
Description
Li Chang Yi
2022-12-31 07:59:47 UTC
Created attachment 845988 [details, diff]
A patch that adds faccessat2 to the list of allowed syscalls in src/seccomp.c
*** Bug 889076 has been marked as a duplicate of this bug. *** *** Bug 889180 has been marked as a duplicate of this bug. *** Thanks for the analysis. It's exposed by sandbox-2.30. The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a43a1114f05d985cef96402cab1451580a6339b commit 0a43a1114f05d985cef96402cab1451580a6339b Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-31 12:51:36 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-31 12:52:10 +0000 sys-apps/file: allow faccessat2 syscall in seccomp for sandbox-2.30 Closes: https://bugs.gentoo.org/889046 Signed-off-by: Sam James <sam@gentoo.org> .../{file-5.43-r1.ebuild => file-5.43-r2.ebuild} | 4 ++-- .../file/{file-5.44.ebuild => file-5.44-r1.ebuild} | 5 ++-- sys-apps/file/file-9999.ebuild | 6 ++--- .../file/files/file-5.43-portage-sandbox.patch | 28 ++++++++++++++++++++++ .../files/file-5.43-seccomp-fstatat64-musl.patch | 22 +++++++++++++++++ sys-apps/file/files/file-5.44-seccomp-utimes.patch | 18 ++++++++++++++ 6 files changed, 76 insertions(+), 7 deletions(-) Additionally, it has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a07366122f0949b3264f1d4037345e7a95a079f commit 3a07366122f0949b3264f1d4037345e7a95a079f Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-31 12:57:48 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-31 12:57:48 +0000 sys-apps/portage: depend on fixed file for sandbox-2.30 Bug: https://bugs.gentoo.org/889046 Signed-off-by: Sam James <sam@gentoo.org> ....0.38.1-r5.ebuild => portage-3.0.38.1-r6.ebuild} | 18 +++++++++++++----- ...ge-3.0.41-r1.ebuild => portage-3.0.41-r2.ebuild} | 21 +++++++++++++++------ ...rtage-3.0.42.ebuild => portage-3.0.42-r1.ebuild} | 21 +++++++++++++++------ sys-apps/portage/portage-9999.ebuild | 15 +++++++++++---- 4 files changed, 54 insertions(+), 21 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dfb9674fe7d1123bf213c8ea9bdb28e96d5ee5f3 commit dfb9674fe7d1123bf213c8ea9bdb28e96d5ee5f3 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-31 13:25:54 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-31 13:27:10 +0000 sys-apps/sandbox: add blocker on older versions of sys-apps/file to 2.30-r1 My distaste for blockers-as-a-dependency limit are well known, but this is still useful for a specific case where someone is partially upgrading and therefore doesn't get the Portage upgrade which has a proper >= dep. It serves as a notice that they need to upgrade file, which is good enough. It's worth doing this because of how severe file not working can be. Bug: https://bugs.gentoo.org/889046 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/sandbox/{sandbox-2.30.ebuild => sandbox-2.30-r1.ebuild} | 3 +++ 1 file changed, 3 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=0f4f85ee3c19ff3acbcf724bf49a52db0766c7a5 commit 0f4f85ee3c19ff3acbcf724bf49a52db0766c7a5 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-31 14:40:47 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-31 14:45:35 +0000 bin: pass -S to file to disable seccomp Files being installed by Portage are generally trusted but also the syscalls allowed by file are quite broad anyway. Things can go catastrophically wrong if file misses valid input, as we may have invalid VDB metadata. Bug: https://bugs.gentoo.org/811462 Bug: https://bugs.gentoo.org/815877 Bug: https://bugs.gentoo.org/889046 Signed-off-by: Sam James <sam@gentoo.org> NEWS | 16 +++++++++++++--- bin/estrip | 2 +- bin/install-qa-check.d/10ignored-flags | 2 +- bin/misc-functions.sh | 2 +- 4 files changed, 16 insertions(+), 6 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c5d40af3c56436cdbf774707cb36a8cdc832b3dd commit c5d40af3c56436cdbf774707cb36a8cdc832b3dd Author: Sam James <sam@gentoo.org> AuthorDate: 2023-01-03 04:02:24 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-01-05 00:33:06 +0000 unpacker.eclass: pass -S to file to disable seccomp Files being installed by Portage are generally trusted but also the syscalls allowed by file are quite broad anyway. With e.g. new libc or sandbox version (or any number of things...), the syscalls used by file can change which leads to its seccomp filter killing the process. This is an acceptable tradeoff when users are calling file(1), but it makes less sense with trusted input within Portage, especially where it may lead to confusing errors (swallowed within pipes, subshells, etc). Indeed, it might even be the case that file(1) is broken, but the user needs to complete a world upgrade to get a newer file/portage/???, but can't because of various ebuilds (like ones using this eclass) failing. Disable seccomp for these calls to keep working. Bug: https://bugs.gentoo.org/811462 Bug: https://bugs.gentoo.org/815877 Bug: https://bugs.gentoo.org/889046 Signed-off-by: Sam James <sam@gentoo.org> eclass/unpacker.eclass | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=592c4558b9be2f82969ceec835240ebec23ac932 commit 592c4558b9be2f82969ceec835240ebec23ac932 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-01-03 04:02:04 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-01-05 00:33:06 +0000 mono.eclass: pass -S to file to disable seccomp Files being installed by Portage are generally trusted but also the syscalls allowed by file are quite broad anyway. With e.g. new libc or sandbox version (or any number of things...), the syscalls used by file can change which leads to its seccomp filter killing the process. This is an acceptable tradeoff when users are calling file(1), but it makes less sense with trusted input within Portage, especially where it may lead to confusing errors (swallowed within pipes, subshells, etc). Indeed, it might even be the case that file(1) is broken, but the user needs to complete a world upgrade to get a newer file/portage/???, but can't because of various ebuilds (like ones using this eclass) failing. Disable seccomp for these calls to keep working. Bug: https://bugs.gentoo.org/811462 Bug: https://bugs.gentoo.org/815877 Bug: https://bugs.gentoo.org/889046 Signed-off-by: Sam James <sam@gentoo.org> eclass/mono.eclass | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a52eaeab3ca96b55c45d774dac60d004db8bb39 commit 4a52eaeab3ca96b55c45d774dac60d004db8bb39 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-01-03 03:59:53 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-01-05 00:33:06 +0000 dotnet.eclass: pass -S to file to disable seccomp Files being installed by Portage are generally trusted but also the syscalls allowed by file are quite broad anyway. With e.g. new libc or sandbox version (or any number of things...), the syscalls used by file can change which leads to its seccomp filter killing the process. This is an acceptable tradeoff when users are calling file(1), but it makes less sense with trusted input within Portage, especially where it may lead to confusing errors (swallowed within pipes, subshells, etc). Indeed, it might even be the case that file(1) is broken, but the user needs to complete a world upgrade to get a newer file/portage/???, but can't because of various ebuilds (like ones using this eclass) failing. Disable seccomp for these calls to keep working. Bug: https://bugs.gentoo.org/811462 Bug: https://bugs.gentoo.org/815877 Bug: https://bugs.gentoo.org/889046 Signed-off-by: Sam James <sam@gentoo.org> eclass/dotnet.eclass | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91bff8e1a6489728a3951a052ff7bd3daa1903b3 commit 91bff8e1a6489728a3951a052ff7bd3daa1903b3 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-01-13 03:46:34 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-01-13 03:46:34 +0000 sys-apps/file: depend on newer libseccomp for faccessat2() This ensures correct upgrade ordering and also mitigates issues w/ partial upgrades - newer libseccomp is needed for faccessat2 to be defined properly. Bug: https://bugs.gentoo.org/889046 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/file/{file-5.43-r2.ebuild => file-5.43-r3.ebuild} | 14 +++++++++----- sys-apps/file/{file-5.44-r2.ebuild => file-5.44-r3.ebuild} | 10 +++++++--- sys-apps/file/file-9999.ebuild | 12 ++++++++---- 3 files changed, 24 insertions(+), 12 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dbbbf5f526aff28f9c8ba79c7a277bc3aa09398b commit dbbbf5f526aff28f9c8ba79c7a277bc3aa09398b Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2023-10-19 18:06:37 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2023-10-19 18:08:42 +0000 sys-apps/file: add another seccomp fix for sandbox Bug: https://bugs.gentoo.org/728978 Bug: https://bugs.gentoo.org/889046 Bug: https://bugs.gentoo.org/915890 Signed-off-by: Mike Gilbert <floppym@gentoo.org> .../{file-5.45-r1.ebuild => file-5.45-r2.ebuild} | 2 +- .../file/files/file-5.45-seccomp-sandbox.patch | 48 ++++++++++++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) |