Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1663862pxu; Tue, 24 Nov 2020 06:10:28 -0800 (PST) X-Google-Smtp-Source: ABdhPJxT4YnV3zFIxoIbgEFSE6DKCU59+PwXavN5rEXU+zqAXEWLt8NJoj3hFHPS7lJ+DkLYqJSi X-Received: by 2002:a50:9f2b:: with SMTP id b40mr4142306edf.20.1606227027855; Tue, 24 Nov 2020 06:10:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606227027; cv=none; d=google.com; s=arc-20160816; b=tPXYWLjwwTjT+nAbLiLpTW3YJiPhEH2SAF1oFzwhdzcSnNGl1hCGfL8a0ff1XmY8Au rGUeZvJfd+VUVpU0acsbRxQ/5VqTs4f+At1YJf2iR0+1yZ0Oq+w340TdBr7P5pk1S+FS f4/C5y5NnQ2EAjDkro1N8tzoPgaWLzazh/1xe6IUBD6QL07cQmDJdxj6UgAGrzTWxbSh 7o8gmchlvoliGSG8KyrZDhZf8f3xKsS6w2TH2nPn2bADQWv2XtD814YabYvODkSQ3gPT OvOhS+KZI5OTlav1aGzEAr7q2MiAy0xWUgM0QSauxtBmsUseAtc6NOTw8QrY61mI7tC6 metg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :references:in-reply-to:date:cc:to:from:subject:message-id; bh=rjpjWdBnb8M/t4YAvwrS6ImzCluqtp/5VB1c1gQ8Hmk=; b=vOiCtR43h4Da57xkKkwY2k3rkI7MJ58dBNgmc2Tlc2O++gOg+Im9m3+7+S9qM1T+F0 XrE6ATI9kG174t+WguA3d4SaLvzrBUqxzW0u7OEDtfWnHjss5zf2mq/Ev23g+dt58I+d N/1AAlG1+h91IYQ2KCWJGjL6uLObqjNkTT/AJu/HQFTwnSsZtBE50Gs6MFwSTLH5pa3a ZBKXnVjt7h2ba99cGOnhkvGApNI+ZT3L+99lG8oRidViOuQEKmd5FFdkUiB8Wj+tQ4/K wddeVwhSp6fCGlX6PqYDp0EOiH7HvLtmpARIxgZd8awqYc8stWvmWbaHxtmu4TtDQsry 0DtA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f24si8582804edw.120.2020.11.24.06.10.02; Tue, 24 Nov 2020 06:10:27 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728399AbgKXOII convert rfc822-to-8bit (ORCPT + 99 others); Tue, 24 Nov 2020 09:08:08 -0500 Received: from wildebeest.demon.nl ([212.238.236.112]:37572 "EHLO gnu.wildebeest.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727123AbgKXOIH (ORCPT ); Tue, 24 Nov 2020 09:08:07 -0500 Received: from tarox.wildebeest.org (tarox.wildebeest.org [172.31.17.39]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id 6205C301B4A6; Tue, 24 Nov 2020 15:08:05 +0100 (CET) Received: by tarox.wildebeest.org (Postfix, from userid 1000) id 17CBC413CE8D; Tue, 24 Nov 2020 15:08:05 +0100 (CET) Message-ID: Subject: Re: [PATCH] syscalls: Document OCI seccomp filter interactions & workaround From: Mark Wielaard To: Florian Weimer , Christian Brauner Cc: linux-api@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, dev@opencontainers.org, corbet@lwn.net, Carlos O'Donell Date: Tue, 24 Nov 2020 15:08:05 +0100 In-Reply-To: <878saq3ofx.fsf@oldenburg2.str.redhat.com> References: <87lfer2c0b.fsf@oldenburg2.str.redhat.com> <20201124122639.x4zqtxwlpnvw7ycx@wittgenstein> <878saq3ofx.fsf@oldenburg2.str.redhat.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8BIT X-Mailer: Evolution 3.28.5 (3.28.5-10.el7) Mime-Version: 1.0 X-Spam-Flag: NO X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on gnu.wildebeest.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, Just a reply to note that this isn't just an issue for glibc, but for any program that might use linux syscalls directly (with fallbacks). On Tue, 2020-11-24 at 13:54 +0100, Florian Weimer wrote: > > I agree that the standard should mandate ENOSYS, and I've just proposed > a specification change here: > > > > However, such a change may take some time to implement. Thanks, that is really appreciated. We face the same issue in valgrind. > Meanwhile, we have the problem today with glibc that it wants to use the > faccessat2 system call but it can't. I've been told that it would make > glibc incompatible with the public cloud and Docker. The best solution > I could come up with it is this awkward probing sequence. (Just > checking for the zero flags argument is not sufficient because systemd > calls fchmodat with AT_SYMLINK_NOFOLLOW.) > > I do not wish to put the probing sequence into glibc (upstream or > downstream) unless it is blessed to some degree by kernel developers. I > consider it quite ugly and would prefer if more of us share the blame. > > We will face the same issue again with fchmodat2 (or fchmodat4 if that's > what it's name is going to be). For valgrind the issue is statx which we try to use before falling back to stat64, fstatat or stat (depending on architecture, not all define all of these). The problem with these fallbacks is that under some containers (libseccomp versions) they might return EPERM instead of ENOSYS. This causes really obscure errors that are really hard to diagnose. Don't you have the same issue with glibc for those architectures that don't have fstatat or 32bit arches that need 64-bit time_t? And if so, how are you working around containers possibly returning EPERM instead of ENOSYS? Thanks, Mark