This bug was fixed in the package libseccomp - 2.3.1-2.1ubuntu4.1
---
libseccomp (2.3.1-2.1ubuntu4.1) bionic; urgency=medium
* d/p/lp-1755250-add-the-statx-syscall.patch: add statx support (LP: #1755250)
* d/p/lp-1815415-*: Add syscalls up to kernel 4.15 (LP: #1815415)
-- Christ
Hi,
it has been released for Cosmic already.
Some tests were blocking it for Bionic but I resolved those already.
It should be released the next time an SRU member will look at this.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribe
Has this been released ?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1755250
Title:
backport statx syscall whitelist fix
Status in docker.io package in Ubuntu:
In
Tests were just flaky as assumed, retried and good now
** Changed in: libseccomp (Ubuntu Bionic)
Status: Incomplete => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.la
Thank you for testing! I see some lxc ADT regressions reported for this
upload in bionic. Can you take a look and check if it's all unrelated,
just-in-case?
** Changed in: libseccomp (Ubuntu Bionic)
Status: Fix Committed => Incomplete
--
You received this bug notification because you are
Ok for me too, I just installed libseccomp2_2.3.1-2.1ubuntu4.1_amd64.deb
and it works:
Step 16/18 : RUN gcc test-statx.c -o test-statx
---> Running in 501935bb923d
Removing intermediate container 501935bb923d
---> a47f15cd6fc8
Step 17/18 : RUN touch test-file
---> Running in 1038f76ad915
Removi
Testing as-is
(remember to clean old images if you have tested the ppa on the same system
before)
$ docker system prune -a
... Test steps ...
Step 8/8 : RUN ./test-statx test-file
---> Running in 60210feb0c2e
test-file: Operation not permitted
statx(test-file) = -1
The command '/bin/sh -c ./test
Hello xantares, or anyone else affected,
Accepted libseccomp into bionic-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/libseccomp/2.3.1-2.1ubuntu4.1 in a
few hours, and then in the -proposed repository.
Please help us by testing this new package. S
hello,
how long does it take usually for ubuntu to review the changes ?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1755250
Title:
backport statx syscall whitelist
All pre-checks and tests complete, and uploaded to the SRU review queue
** Changed in: libseccomp (Ubuntu Bionic)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
htt
I opened a MP [1] for review by different parties:
- you (@xantares) as the original author if you are fine with my polishing
- security to get their ack on it
- server-team to spot silly errors that I might have missed or done
[1]:
https://code.launchpad.net/~paelzer/ubuntu/+source/libseccomp/+gi
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu/+source/libseccomp/+git/libseccomp/+merge/362906
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/17
Ok, tests worked fine for me - I added all I had as SRU template in the
bug description.
** Description changed:
+ [Impact]
+
+ * Some newer workloads fail due to libseccomp as in Bionic lacking
+ statx support
+
+ * This backports the syscall definitions for statx to Bionic to allow
+ to man
Hi I polished your patch a bit and I'm currently testing it in PPA [1].
If you can give it a try as well.
I have created an SRU Teamplate and more detailed test steps and will
add them once they hopefully succeed on the prepare PPA. Otherwise I'll
ping here for you to revisit the change.
[1]: htt
The attachment "libsecomp231-statx.patch" seems to be a patch. If it
isn't, please remove the "patch" flag from the attachment, remove the
"patch" tag, and if you are a member of the ~ubuntu-reviewers,
unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by
~bri
here is a patch against libseccomp 2.3.1 in bionic (on top of the debian risc
port patch)
I manually applied changes from libseccomp 2.3.3 that reference the
statx syscalls
for the risc part i used the diff from
https://github.com/seccomp/libseccomp/blob/2a70ad4f3e8ab80e88f0662a760f4ef1d9219205/
I can confirm that this bug is solved in Ubuntu Cosmic (18.10) with
Docker 18.06.1 and libseccomp 2.3.3.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1755250
Title:
b
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: docker.io (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launch
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: libseccomp (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launc
This is indeed pretty important for some use-cases so we should try to
come up with a reasonable solution.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1755250
Title:
Tianon is right, runc silently discards syscalls it doesn't know about:
https://github.com/opencontainers/runc/blob/ecd55a4135e0a26de884ce436442914f945b1e76/libcontainer/seccomp/seccomp_linux.go#L168-L173
This affects other syscalls, like preadv2:
https://github.com/opencontainers/runtime-spec/iss
** Also affects: libseccomp (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1755250
Title:
backport statx syscall wh
22 matches
Mail list logo
