Limited use for sys_kcmp (aka the kcmp() system call) was added to the base template in https://github.com/snapcore/snapd/pull/12673 - this should be available in snapd >= 2.60 if you want to try testing that snapd version with chromium
The sched_setattr() is a known limitation of the current snapd seccomp sandbox where a snap can set the scheduling policy for a given thread *by that same thread* only - so if some coordinator thread wants to set the policy for a child thread that will be denied unfortunately. But this is usually just noise and does not impact the application in general. Currently no snapd interface nor the base template itself provides access to the pkey system calls so this is a missing feature of snapd. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1969141 Title: [snap] seccomp denials for syscall=312,314,330 on amd64 Status in chromium-browser package in Ubuntu: Confirmed Status in snapd package in Ubuntu: New Bug description: # Steps to reproduce 1) Install Chromium's snap snap install chromium 2) Monitor logs journalctl -o cat -f --grep chromium 3) Start Chromium journalctl will be filled with errors due to some syscalls not permitted by the seccomp policy, like those: Apr 14 11:18:14 sdeziel-lemur audit[1734639]: SECCOMP auid=1000 uid=1000 gid=1000 ses=3 subj=snap.chromium.chromium pid=1734639 comm="chrome" exe="/snap/chromium/1961/usr/lib/chromium-browser/chrome" sig=0 arch=c000003e syscall=314 compat=0 ip=0x77ccfac2276d code=0x50000 Apr 14 11:18:14 sdeziel-lemur audit[1734751]: SECCOMP auid=1000 uid=1000 gid=1000 ses=3 subj=snap.chromium.chromium pid=1734751 comm="chrome" exe="/snap/chromium/1961/usr/lib/chromium-browser/chrome" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7a9d5be7f76d code=0x50000 Apr 14 11:18:14 sdeziel-lemur audit[1734790]: SECCOMP auid=1000 uid=1000 gid=1000 ses=3 subj=snap.chromium.chromium pid=1734790 comm="chrome" exe="/snap/chromium/1961/usr/lib/chromium-browser/chrome" sig=0 arch=c000003e syscall=330 compat=0 ip=0x735f8ecd303b code=0x50000 # Additional information $ uname -a Linux sdeziel-lemur 5.13.0-39-generic #44~20.04.1-Ubuntu SMP Thu Mar 24 16:43:35 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux $ lsb_release -rd Description: Ubuntu 20.04.4 LTS Release: 20.04 $ snap list chromium Name Version Rev Tracking Publisher Notes chromium 100.0.4896.88 1961 latest/stable canonical✓ - $ snap connections chromium Interface Plug Slot Notes audio-playback chromium:audio-playback :audio-playback - audio-record chromium:audio-record :audio-record - bluez chromium:bluez :bluez - browser-support chromium:browser-sandbox :browser-support - camera chromium:camera :camera manual content[gnome-3-38-2004] chromium:gnome-3-38-2004 gnome-3-38-2004:gnome-3-38-2004 - content[gtk-3-themes] chromium:gtk-3-themes gtk-common-themes:gtk-3-themes - content[icon-themes] chromium:icon-themes gtk-common-themes:icon-themes - content[sound-themes] chromium:sound-themes gtk-common-themes:sound-themes - cups-control chromium:cups-control :cups-control - desktop chromium:desktop :desktop - desktop-legacy chromium:desktop-legacy :desktop-legacy - gsettings chromium:gsettings :gsettings - home chromium:home :home - joystick chromium:joystick :joystick - mount-observe chromium:mount-observe - - mpris - chromium:mpris - network chromium:network :network - network-bind chromium:network-bind :network-bind - network-manager chromium:network-manager - - opengl chromium:opengl :opengl - password-manager-service chromium:password-manager-service - - personal-files chromium:chromium-config :personal-files - pulseaudio chromium:pulseaudio - - raw-usb chromium:raw-usb - - removable-media chromium:removable-media :removable-media - screen-inhibit-control chromium:screen-inhibit-control :screen-inhibit-control - system-files chromium:etc-chromium-browser-policies :system-files - system-packages-doc chromium:system-packages-doc :system-packages-doc - u2f-devices chromium:u2f-devices :u2f-devices - unity7 chromium:unity7 :unity7 - upower-observe chromium:upower-observe :upower-observe - wayland chromium:wayland :wayland - x11 chromium:x11 :x11 - To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1969141/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
