This bug was fixed in the package libseccomp - 2.2.3-2ubuntu3
---------------
libseccomp (2.2.3-2ubuntu3) xenial; urgency=low
* debian/patches/add-x86-32bit-socket-calls.patch: add the newly
connected direct socket calls. (LP: #1526358)
-- Andy Whitcroft <a...@ubuntu.com> Wed, 16 Dec 2015 14:30:17 +0000
** Changed in: libseccomp (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1526358
Title:
adding seccomp rule for socket() fails on i386 since kernel 4.3
Status in libseccomp package in Ubuntu:
Fix Released
Status in linux package in Ubuntu:
Invalid
Status in systemd package in Ubuntu:
Invalid
Bug description:
Four days ago, on Dec 10,
http://autopkgtest.ubuntu.com/packages/s/systemd/xenial/i386/ started
failing:
======================================================================
FAIL: test_boot (__main__.NspawnTest)
----------------------------------------------------------------------
Traceback (most recent call last):
File
"/tmp/adt-run.IG1dKn/build.Yzd/systemd-228/debian/tests/boot-and-services",
line 204, in test_boot
self.assertIn(b'fake container started', out)
AssertionError: b'fake container started' not found in b'Spawning container
c1 on /tmp/tmpl04y_tf8/c1.\nPress ^] three times within 1s to kill
container.\nFailed to create directory /tmp/tmpl04y_tf8/c1/sys/fs/selinux:
Read-only file system\nFailed to create directory
/tmp/tmpl04y_tf8/c1/sys/fs/selinux: Read-only file system\nFailed to add audit
seccomp rule: Bad address\n'
This is reproducible in xenial-release, i. e. it already slipped
through -proposed.
This can be reproduced easily on a xenial i386 VM:
sudo apt-get install busybox-static
mkdir -p /tmp/c/sbin /tmp/c/etc /tmp/c/bin/
cp /bin/busybox /tmp/c/bin/
ln -s ../bin/busybox /tmp/c/sbin/init
ln -s busybox /tmp/c/bin/sh
cp /etc/os-release /tmp/c/etc
sudo systemd-nspawn -b -D /tmp/c
This should normally boot a busybox container; you'll get a few error
messages as there's no SysV init stuff there, but it should start and
pressing enter should get you into a shell. But on i386 it fails with
$ sudo systemd-nspawn -b -D /tmp/c
Spawning container c on /tmp/c.
Press ^] three times within 1s to kill container.
Failed to create directory /tmp/c/sys/fs/selinux: Read-only file system
Failed to create directory /tmp/c/sys/fs/selinux: Read-only file system
Failed to add audit seccomp rule: Bad address
which is what the test case fails on too.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1526358/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
