seccomp from glibc is breaking virtiofsd from qemu. Only way to get this to work is to disable seccom in virtiofs 3724 3725 /* 3726 * Lock down this process to prevent access to other processes or files outside 3727 * source directory. This reduces the impact of arbitrary code execution bugs. 3728 */ 3729 static void setup_sandbox(struct lo_data *lo, struct fuse_session *se, 3730 bool enable_syslog) 3731 { 3732 if (lo->sandbox == SANDBOX_NAMESPACE) { 3733 setup_namespaces(lo, se); 3734 setup_mounts(lo->source); 3735 } else { 3736 setup_chroot(lo); 3737 } 3738 3739 // setup_seccomp(enable_syslog); 3740 // setup_capabilities(g_strdup(lo->modcaps)); Reproducible: Always
Please try https://gitlab.com/qemu/qemu/-/commit/7b223e38603de3a75602e14914d26f9d4baf52eb.patch.
(In reply to Sam James from comment #1) > Please try > https://gitlab.com/qemu/qemu/-/commit/ > 7b223e38603de3a75602e14914d26f9d4baf52eb.patch. I was also having the same problem and this patch fixed the issue for me.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7e9e099c436cc0934ca4e092856e5b08909622d6 commit 7e9e099c436cc0934ca4e092856e5b08909622d6 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-03-29 05:37:56 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-03-29 05:37:56 +0000 app-emulation/qemu: add glibc-2.35 patch Closes: https://bugs.gentoo.org/836300 Signed-off-by: Sam James <sam@gentoo.org> ...u-6.2.0-glibc-2.35-rseq-seccomp-virtiofsd.patch | 61 ++ app-emulation/qemu/qemu-6.2.0-r4.ebuild | 925 +++++++++++++++++++++ 2 files changed, 986 insertions(+)
