Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1846415pxu; Tue, 24 Nov 2020 10:13:47 -0800 (PST) X-Google-Smtp-Source: ABdhPJxzmIS1EjC4xxKJlPkoDtOefDOG75NF36lRpMkRXa12xVs0zX2fIwrK2U/aVD0t/TyJAv/X X-Received: by 2002:a50:ccc8:: with SMTP id b8mr5278184edj.152.1606241627062; Tue, 24 Nov 2020 10:13:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606241627; cv=none; d=google.com; s=arc-20160816; b=N1KPnWrUi/XxCeCj0hhVMc4aWi3LaSITO4vzMWx4/y7OD/sOdzdIDqv+1nW0+zsegK A+nHI4u3viJl3kv30M9UesVmMrjiwPAmMPd4/3KvpS7ZZ1RWoGsGHkfJh3Ke65eQrt17 FMGgL07cojFzDDmZJrQKorenhuPfEO6GiH+89rJhwpu/o/KNAylRCGCo9Za516k+7V3J hlccPjxeBuw3zWvwaDWo8WyHdMl5TDjSVggNLbMovZJ4lTr0tjTlEnnkwgZxxcaUMJgj X2jLNH7YhUvi+K9DmE2cD6QpaF1c4V1pfViYWOPR+T0vNrSjqD4aUnl9mRrAMocGLUhX PMjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent:message-id:in-reply-to :date:references:subject:cc:to:from:dkim-signature; bh=uUA8/aOgpZ26JxcYo0ZLju1cjGrlPjY1iezm4VSo/Pg=; b=ItMqbUaHNilRSoYqSgGAQj1zaFzDwKLV8kdXEKOAaE8uuR2D341XpR/zAYYB8AxsUf 2uYBem9cLQC8YErHeLgxZE9dORcqaghmyJCtIw902g9HD1Rf00IZNXsYi2i4lXr3tZ00 q8vunuoRP3YMXfJa2rsMxZddUv32Nw0xzeDOemhy1MZgiYBTpw0x0bMfpyphJdQPhj+u s/mPdn06E08aX5t7pDOGvZywUT82qBEOaNW6MW4fp3UPL9sTjuIcw/KY4zsMUy/JM9SC kCJ9yZDj3nU171oYHG5Tck6AEXs7ULE0h0JtXZqm0A4px5cVuaQ9H1vDF0suKLwZkVe7 Vb3Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=RU7pV+jH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y3si8688760ejd.505.2020.11.24.10.13.22; Tue, 24 Nov 2020 10:13:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=RU7pV+jH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404312AbgKXSJ6 (ORCPT + 99 others); Tue, 24 Nov 2020 13:09:58 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:47493 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390777AbgKXSJ5 (ORCPT ); Tue, 24 Nov 2020 13:09:57 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1606241396; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=uUA8/aOgpZ26JxcYo0ZLju1cjGrlPjY1iezm4VSo/Pg=; b=RU7pV+jHp+fFR7LQYViviiG6bh1Y1sG+LX6ENuVRnXNBiinL1551U/3ZmOtDtYrB2lBAKa lxCGk+Gp/zbnW3onc88mC5/JEwCMsZqw7hPMRk8O8K5L2mZvDeM8uhQwIsV9shJ8E5MkPi fSso8oeEuHu+crR8/lEBKjn3QfXvtYk= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-460-QEKI0QbqNuOLThpMqBG3UA-1; Tue, 24 Nov 2020 13:09:52 -0500 X-MC-Unique: QEKI0QbqNuOLThpMqBG3UA-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5D3FB809DDF; Tue, 24 Nov 2020 18:09:51 +0000 (UTC) Received: from oldenburg2.str.redhat.com (ovpn-112-141.ams2.redhat.com [10.36.112.141]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7D70F5C1A3; Tue, 24 Nov 2020 18:09:46 +0000 (UTC) From: Florian Weimer To: Mark Wielaard Cc: Christian Brauner , linux-api@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, dev@opencontainers.org, corbet@lwn.net, Carlos O'Donell Subject: Re: [PATCH] syscalls: Document OCI seccomp filter interactions & workaround References: <87lfer2c0b.fsf@oldenburg2.str.redhat.com> <20201124122639.x4zqtxwlpnvw7ycx@wittgenstein> <878saq3ofx.fsf@oldenburg2.str.redhat.com> Date: Tue, 24 Nov 2020 19:09:44 +0100 In-Reply-To: (Mark Wielaard's message of "Tue, 24 Nov 2020 15:08:05 +0100") Message-ID: <87im9uzkwn.fsf@oldenburg2.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * Mark Wielaard: > For valgrind the issue is statx which we try to use before falling back > to stat64, fstatat or stat (depending on architecture, not all define > all of these). The problem with these fallbacks is that under some > containers (libseccomp versions) they might return EPERM instead of > ENOSYS. This causes really obscure errors that are really hard to > diagnose. The probing sequence I proposed should also work for statx. 8-p > Don't you have the same issue with glibc for those architectures that > don't have fstatat or 32bit arches that need 64-bit time_t? And if so, > how are you working around containers possibly returning EPERM instead > of ENOSYS? That's a good point. I don't think many people run 32-bit containers in the cloud. The Y2038 changes in glibc impact 64-bit ports a little, but mostly on the fringes (e.g., clock_nanosleep vs nanosleep). Thanks, Florian -- Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill