On Mon, Sep 27, Cristian Rodríguez wrote:
Yes, it is easy to understand it backwards.. glibc
only guarantees binary level
compatibility and adherence to the relevant standards , it does not cover which
operating system facilities it uses for implementing things.
Now it implements stuff on top of extremely powerful newish clone3() syscall
and some apps do not like that.
The problem is more: too many people did not take it serious enough that
glibc will use clone3() in the future. Some projects were sitting for
about 6 month on fixes but did not include them or release fixed packages...
The main problem is, that most projects using seccomp for sandboxing don't
really think about the future, but only the past. So they look at what
is currently in use and forbid everything else with "ENOPERM". And are
surprised if suddenly new syscalls are added and their code breaks
It would always be better to block unknown syscalls with "ENOSYS", so
letting the application think the new syscall still does not exist. This
gives the application (or in this case better glibc) the chance to use the
old code as fallback.
As long as the sandbox developers don't make their code future proof, we
will have this problem again and again with every new syscall.
Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
Managing Director: Felix Imendoerffer (HRB 36809, AG Nürnberg)