** Description changed: Qemu fails silently with exit code 1 when using daemonize and the sandbox option elevateprivileges=deny. This behavior got introduced by 0546c0609cb5a8d90c1cbac8e0d64b5a048bbb19 where the sandbox options gets parsed and enforced *before* daemonizing. Since the os_daemonize libc- call uses the syscall setsid, qemu gets killed by the signal 13 (SIGSYS). + + The documentation + (https://qemu.readthedocs.io/en/latest/system/security.html#isolation- + mechanisms) states that sanboxing "[...] disables system calls that are + not needed by QEMU[...]", but setsid obviously is needed. What I expected: - a hint in the documentation of the flags that elevateprivileges AND daemonize contradict -or- - working combination Reproducer: $ qemu-system-x86_64 -sandbox on,elevateprivileges=deny -daemonize Package: 1:6.2+dfsg-2ubuntu5 Ubuntu Version: 22.04 (Jammy Jellyfish) dmesg: [ 181.064898] audit: type=1326 audit(1646924855.830:13): auid=0 uid=0 gid=0 ses=1 subj=? pid=3622 comm="qemu-system-x86" exe="/usr/bin/qemu-system-x86_64" sig=31 arch=c000003e syscall=112 compat=0 ip=0x7f725964f40b code=0x80000000 Coredump: PID: 4402 (qemu-system-x86) UID: 0 (root) GID: 0 (root) Signal: 31 (SYS) Timestamp: Thu 2022-03-10 15:10:37 UTC (37s ago) Command Line: qemu-system-x86_64 -sandbox on,elevateprivileges=deny -daemonize Executable: /usr/bin/qemu-system-x86_64 Control Group: /user.slice/user-0.slice/session-1.scope Unit: session-1.scope Slice: user-0.slice Session: 1 Owner UID: 0 (root) Boot ID: 3cdf72ff261640e3a3f9e887d159bb2a Machine ID: 72874f2d047d4c87887abbc727924413 Hostname: raphael-20220310-145731 Storage: /var/lib/systemd/coredump/core.qemu-system-x86.0.3cdf72ff261640e3a3f9e887d159bb2a.4402.1646925037000000.zst (present) Disk Size: 405.6K Message: Process 4402 (qemu-system-x86) of user 0 dumped core. Found module linux-vdso.so.1 with build-id: aea445f382fbc134b3bc979d61dd291e78bea882 Found module libcrypto.so.3 with build-id: 16bbb788a98f53a5cd5ce19936946a279603f77a Found module liblzma.so.5 with build-id: 3eeacec54c1e109d7486961e9b56c01023dd492e Found module libpcre2-8.so.0 with build-id: 730c613f1746c1ddfca8a4420385ac363e86e2a2 Found module libblkid.so.1 with build-id: cdf95a964e3302bb356fefc4b801fae8c4340b31 Found module libkmod.so.2 with build-id: c8ac4bc8d0fe03ceb8cad8d24484c5cbad9daf5a Found module libuuid.so.1 with build-id: 64c0d0cb22fa2bdeca075a0c0418ba5ff314b220 Found module libnl-route-3.so.200 with build-id: 0d1ec15c789fe7cc860df8d8d2004a6c7b03c2a3 Found module libnl-3.so.200 with build-id: 63256316bd1135d4745d740781b42ca55f77a24f Found module libpcre.so.3 with build-id: 56ddb828685e501f1498130d1cc7f51c242554c1 Found module libffi.so.8 with build-id: 59c2a6b204f74f358ca7711d2dfd349d88711f6a Found module libselinux.so.1 with build-id: 2195967b677f320e35e0cdafe08a4713bc2a95e8 Found module libmount.so.1 with build-id: eeb33f2b4b9c3eb0a29575eb9932ef08663bd836 Found module libdaxctl.so.1 with build-id: f7dfbca3d72bc7ba36d6b60a28119269f2504db2 Found module libndctl.so.6 with build-id: 22fb97cc03c9bc2e81c12c5e1f82973cfea86338 Found module libgmp.so.10 with build-id: f110719303ddbea25a5e89ff730fec520eed67b0 Found module libhogweed.so.6 with build-id: 01a0b20878b525a7a33197fc23b738654682f3c4 Found module libtasn1.so.6 with build-id: efacd0b1b8ccb481fcb501cf76cf07cb2c444d45 Found module libunistring.so.2 with build-id: ca5149da8d5a298b8f286ffca3d6e2402ec0fe01 Found module libidn2.so.0 with build-id: f477d28cad4d54daee0070cd4949f0487ac93afc Found module libp11-kit.so.0 with build-id: 6e579cbca24932056e99bb54557cd5a1234811ea Found module ld-linux-x86-64.so.2 with build-id: c83a452679d23179c2ddd07c5c25d182e54908df Found module libc.so.6 with build-id: 094a2d85f72e893d0c15a66812d51d5493e30860 Found module libgcc_s.so.1 with build-id: 443a1e5dd16a55fd142e5e5fcdc544ba2052dda0 Found module libm.so.6 with build-id: a9832e9d3a777fc99a89d92e359eec6395deca29 Found module libaio.so.1 with build-id: a21eb19f17dd68947804f035aa6c27cd73a70439 Found module libfuse3.so.3 with build-id: d45830188e873e270f28ab91f11e6fc7d7b2159c Found module libnettle.so.8 with build-id: 89ee6d2af3edfaf90640d96b94afcef1e43d74a2 Found module libgmodule-2.0.so.0 with build-id: d64002b7a12e58f579eecf952daeb61435f8f343 Found module liburing.so.2 with build-id: 976771a582fd2e5c62faff76c026b09eaf3335a0 Found module libudev.so.1 with build-id: ffd1278cf71c4c9c09bac7cdefac3d58b9e1d1f8 Found module libslirp.so.0 with build-id: ccb8518051352845e15c5702d534bfb703b683d3 Found module libzstd.so.1 with build-id: b5600f7bc62e7915ed7199c8c486e3ff3af0ce16 Found module libibverbs.so.1 with build-id: b562c2bac28667351afdd7bd49ac534d118c4f6e Found module librdmacm.so.1 with build-id: 72f988fe1f74a0241f65f4cd16ed26df6279920c Found module libglib-2.0.so.0 with build-id: fb79c175ac99bf40796a1e2c66c4e2bd24aaeeaa Found module libgobject-2.0.so.0 with build-id: bb28703f64aac29648fdf9ee790291dc2e8f309d Found module libgio-2.0.so.0 with build-id: 8061f2c2287fdb8e35f0dcd0d8cd37f1628478f8 Found module libnuma.so.1 with build-id: 0bc332b68b3900db9579c7e29fd534de7250b43e Found module libfdt.so.1 with build-id: 6f636bd87d7fabc7e33e0bb5f813e9c457f65095 Found module libseccomp.so.2 with build-id: 50e714eb138a4a1a38f41f084aefb51d6a9ebf1c Found module libpmem.so.1 with build-id: dee04fd8f01a6c80d81a2e9eec986a30c459ab32 Found module libsasl2.so.2 with build-id: 562c038e4a5a2196c9c085cd1f9276e3641399a6 Found module libgnutls.so.30 with build-id: 843b60988232157225bc1f0a293321992abd107b Found module libjpeg.so.8 with build-id: c54abff9294357e28532a76a049a4cb2542fc15b Found module libpng16.so.16 with build-id: 44f16132c2457c1289f64093e541ed4036be19ec Found module libz.so.1 with build-id: ef650611451904165e9caf6080ecbaad50b84d3f Found module libpixman-1.so.0 with build-id: da7de7a61faeedaec7d25546ac1b0a9d4f141651 Found module qemu-system-x86_64 with build-id: 5cb2521c24e8f3bd7d22a87f13fafc0ba539a8b4 Stack trace of thread 4402: #0 0x00007faf4337d40b setsid (libc.so.6 + 0xf040b) #1 0x000055afe3467128 os_daemonize (qemu-system-x86_64 + 0x848128) #2 0x000055afe3314fe3 qemu_init (qemu-system-x86_64 + 0x6f5fe3) #3 0x000055afe3008fdd main (qemu-system-x86_64 + 0x3e9fdd) #4 0x00007faf432bad90 n/a (libc.so.6 + 0x2dd90) #5 0x00007faf432bae40 __libc_start_main (libc.so.6 + 0x2de40) #6 0x000055afe300b955 _start (qemu-system-x86_64 + 0x3ec955) Stack trace of thread 4403: #0 0x00007faf433b7b6d n/a (libc.so.6 + 0x12ab6d)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964488 Title: Qemu fails with daemonize and enabled elevateprivileges To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1964488/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
