When I emerge sys-apps/file with USE="seccomp", I always get an invalid system call error when executing `file` command as a regular user.
The only way to avoid this error is to run the command as root or emerge sys-apps/file with USE="seccomp lzma"
strace output: https://pastebin.com/ZWJJbY09
emerge --info: https://pastebin.com/EvTDY5ue
Created attachment 687285 [details]
emerge --info output
Created attachment 687288 [details]
Note that upstream allow futex()  when XZLIBSUPPORT is defined (i.e. lzma support):
We probably need upstream to tell us whether futex is expected in general use, but it's not exactly a controversial syscall. It's easy for us to add it to the general whitelist for now.
Here the command with the -z parameter fails (also as root) with the seccomp use flag: "file -L -z ebook.epub"
ebook.epub: Bad system call
Seems to work otherwise.
sys-apps/file-5.39-r3 (bzip2 seccomp zlib -lzma -python -static-libs ABI_MIPS="-n32 -n64 -o32" ABI_S390="-32 -64" ABI_X86="32 64 -x32" PYTHON_TARGETS="python3_8 -python3_7 -python3_9")
Building with USE="-seccomp" fixes the issue with -z parameter. The -z is used by default by app-misc/mc.
(In reply to Jaakko Perttilä from comment #4)
> Here the command with the -z parameter fails (also as root) with the seccomp
> use flag: "file -L -z ebook.epub"
> ebook.epub: Bad system call
> Seems to work otherwise.
> sys-apps/file-5.39-r3 (bzip2 seccomp zlib -lzma -python -static-libs
> ABI_MIPS="-n32 -n64 -o32" ABI_S390="-32 -64" ABI_X86="32 64 -x32"
> PYTHON_TARGETS="python3_8 -python3_7 -python3_9")
> Building with USE="-seccomp" fixes the issue with -z parameter. The -z is
> used by default by app-misc/mc.
We'll need strace from you too on that command:
strace file -L -z ebook.epub.
It is possible we will need a separat
Reported upstream. Will apply workaround in Gentoo soon.
The bug has been referenced in the following commit(s):
Author: Sam James <email@example.com>
AuthorDate: 2021-03-11 16:45:05 +0000
Commit: Sam James <firstname.lastname@example.org>
CommitDate: 2021-03-11 16:46:41 +0000
sys-apps/file: allow futex() syscall unconditionally
In some cases, the futex() syscall is emitted even
if lzma support is not compiled in. Allow it
unconditionally for now.
Signed-off-by: Sam James <email@example.com>
sys-apps/file/file-5.39-r4.ebuild | 147 +++++++++++++++++++++
.../file/files/file-5.39-allow-futex-seccomp.patch | 18 +++
2 files changed, 165 insertions(+)
r4 seems to work without a problem for me.
all arches done
*** Bug 779940 has been marked as a duplicate of this bug. ***