On 9/9/20 10:35 PM, Jeff Layton wrote:
On Tue, 2020-09-08 at 10:56 +0300, Ville Heikkinen wrote:Does this actually work around the seccomp bugs? What we found here was that once you tried to use statx with the broken seccomp code all syscalls issued by the task would get back -ENOSYS afterward. See: https://bugzilla.redhat.com/show_bug.cgi?id=1762578 Is there a different bug you're trying to fix?
The outcome of this bug report https://bugzilla.redhat.com/show_bug.cgi?id=1760300 led to a situation where in Fedora 32, the use of statx is disabled when building coreutils. After this change, the "Birth Date" in not available in stat output as it was before. I tested this in podman with creating seccomp filter profile without having statx in the list - but I see now that this was perhaps not the right way to test this, if the original problem really breaks all the future syscalls. BR, Ville
