Ok, tests worked fine for me - I added all I had as SRU template in the bug description.
** Description changed: + [Impact] + + * Some newer workloads fail due to libseccomp as in Bionic lacking + statx support + + * This backports the syscall definitions for statx to Bionic to allow + to manage those + + [Test Case] + + # Note: I took a KVM image of Bionic to not spoil my system with Docker config for this test too much + $ sudo apt install docker.io + $ sudo usermod -a -G docker ubuntu + $ cat > test-statx/Dockerfile << EOF + FROM ubuntu:18.04 + RUN apt-get update && apt-get install -y wget gcc + WORKDIR /tmp + RUN wget -q https://raw.githubusercontent.com/torvalds/linux/master/samples/statx/test-statx.c + RUN gcc test-statx.c -o test-statx + RUN touch test-file + RUN chmod +x ./test-statx + RUN ./test-statx test-file + EOF + $ docker build test-statx + + With the bug and current docker 18.06.1-0ubuntu1~18.04.1 in Bionic that + yields + + [...] + Step 8/8 : RUN ./test-statx test-file + ---> Running in 6e60a82409e6 + test-file: Operation not permitted + statx(test-file) = -1 + The command '/bin/sh -c ./test-statx test-file' returned a non-zero code: 1 + + With the fix applied it would work and look like: + Step 8/8 : RUN ./test-statx test-file + ---> Running in a83bc043e7bd + statx(test-file) = 0 + results=fff + Size: 0 Blocks: 0 IO Block: 4096 regular file + Device: 00:32 Inode: 261994 Links: 1 + Access: (0644/-rw-r--r--) Uid: 0 Gid: 0 + Access: 2019-02-08 07:57:42.000000000+0000 + Modify: 2019-02-08 07:57:42.000000000+0000 + Change: 2019-02-08 07:57:43.076507007+0000 + Birth: 2019-02-08 07:57:43.076507007+0000 + Attributes: 0000000000000000 (........ ........ ........ ........ ........ ........ ....-... .---.-..) + Removing intermediate container a83bc043e7bd + ---> d428d14cbc57 + Successfully built d428d14cbc57 + + + [Regression Potential] + + * This "only" defines a new syscall number for all the architectures. + It does not make any other changes, thereby it should be rather safe. If + anything software could now manage statx through libseccomp and behavior + that was formerly failing (like the reported docker case) would not + succeed and due to that be a change in behavior - but I think it is a + wanted change. + + [Other Info] + + * n/a + + --- + + Hello maintainer, The docker version 17.03 (bionic) in ubuntu doesn't allow the statx syscall which is needed to build qt >=5.10 applications: https://github.com/docker/for-linux/issues/208#issuecomment-372400859 Could this fix be backported in the ubuntu package ? https://github.com/moby/moby/pull/36417 regards, xan. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1755250 Title: backport statx syscall whitelist fix To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1755250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
