[Bug 1732030] Re: 'apt update' dies with seccomp error
I've been hit by this problem as well, but for the pread64 syscall. It's working for me now after playing with my apt conf, getting the bug fix and then reverting my apt conf, but thought it was worth mentioning anyway. I'm on a system with nfs/autofs home directories and nis for logins, which I bet is the contributing factor. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1732030] Re: 'apt update' dies with seccomp error
Tanks On Tue, Apr 17, 2018 at 4:16 PM, Simon Déziel <1732...@bugs.launchpad.net> wrote: > It's already mentioned in the NEWS file but for those who would like to > test the seccomp sanbox, all that's needed is: > > APT::Sandbox::Seccomp "true"; > > Thanks Julian > > -- > You received this bug notification because you are subscribed to a > duplicate bug report (1756652). > https://bugs.launchpad.net/bugs/1732030 > > Title: > 'apt update' dies with seccomp error > > Status in apt package in Ubuntu: > Fix Released > Status in libvirt package in Ubuntu: > Fix Released > > Bug description: > $ apt-get update > 0% [Working] > Seccomp prevented execution of syscall 78 on architecture > amd64 > Reading package lists... Done > E: Method mirror has died unexpectedly! > E: Sub-process mirror returned an error code (31) > > ProblemType: Bug > DistroRelease: Ubuntu 18.04 > Package: apt 1.6~alpha5 > ProcVersionSignature: Ubuntu 4.13.0-16.19-generic 4.13.4 > Uname: Linux 4.13.0-16-generic x86_64 > NonfreeKernelModules: zfs zunicode zavl zcommon znvpair > ApportVersion: 2.20.7-0ubuntu4 > Architecture: amd64 > Date: Mon Nov 13 23:10:57 2017 > ProcEnviron: >LANGUAGE=en_US:en >TERM=xterm >PATH=(custom, no user) >LANG=en_US.UTF-8 >SHELL=/bin/zsh > SourcePackage: apt > UpgradeStatus: Upgraded to bionic on 2017-05-20 (177 days ago) > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
It's already mentioned in the NEWS file but for those who would like to test the seccomp sanbox, all that's needed is: APT::Sandbox::Seccomp "true"; Thanks Julian -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
This bug was fixed in the package apt - 1.6~rc1 --- apt (1.6~rc1) unstable; urgency=medium [ Julian Andres Klode ] * Experimental support for zstd (LP: #1763839) * Fix debian/NEWS entry for 1.6~beta1 * Use https for Ubuntu changelogs * Bump cache major version to allow different 1.5 and 1.6 updates * CI: Switch testing to use ubuntu:bionic for 1.6.y * Turn off seccomp sandboxing by default (LP: #1732030) (Closes: #890489) * Allow restart_syscall() syscall in seccomp sandboxes (Closes: #891644) * Delete /etc/dpkg/dpkg.cfg.d/excludes on Docker CI images * test: export GCOV_ERROR_FILE=/dev/null to make it fail less/no tests * apt-private: Collect not found packages in CacheSetHelperAPTGet * Introduce experimental new hooks for command-line tools (LP: #1763839) [ David Kalnischkies ] * remove duplicate changelog lines from 1.6~beta1 entry * fix communication typo in https manpage * set our two libapt libraries to prio:optional * document Acquire::AllowReleaseInfoChange without extra s [ jean-pierre giraud ] * French man pages translation (Closes: #895117) -- Julian Andres Klode Sun, 15 Apr 2018 21:41:44 +0200 ** Changed in: apt (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
Or generally allow network and the getdents stuff, and just block more esoteric syscalls for now. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
No - it's the "store" method that's failing (e.g. recompressing/decompressing files). I disallowed socket and friends for that, so that's failing. I mean, it's a decompress/compress method, it should not have network access. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
I wonder if we should turn the sandbox off by default for bionic. Not sure. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
Something seems broken on your config, all those basic things should be allowed IMHO (and they are, or I'd hit them as well). You could iterate on this with [1] which for this would let you also add "connect". But I doubt that will eventually resolve your issue. The question is why does it break on you at all while it is working for others in general. If you iterate adding more and more excuses you might come back with the list that you needed. But I'm pretty sure connect and socket would have been allowed already if everything would be right. [1]: https://filippo.io/linux-syscall-table/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
Ok, tried again.. It still not working. Error is 42 though: marcos@marcos:~$ echo 'apt::sandbox::seccomp::allow { "socket" };' | sudo tee /etc/apt/apt.conf.d/99seccomp [sudo] password for marcos: apt::sandbox::seccomp::allow { "socket" }; marcos@marcos:~$ sudo apt update Get:1 http://br.archive.ubuntu.com/ubuntu bionic InRelease [235 kB] Hit:2 http://linux.teamviewer.com/deb stable InRelease Hit:3 http://linux.teamviewer.com/deb preview InRelease Hit:4 http://br.archive.ubuntu.com/ubuntu bionic-updates InRelease Hit:5 http://br.archive.ubuntu.com/ubuntu bionic-backports InRelease Hit:6 http://archive.canonical.com/ubuntu bionic InRelease Hit:7 http://ppa.launchpad.net/ubuntubudgie/backports/ubuntu bionic InRelease Hit:8 http://security.ubuntu.com/ubuntu bionic-security InRelease Get:9 http://br.archive.ubuntu.com/ubuntu bionic/main amd64 Packages [1.018 kB] 0% [9 Packages store 0 B] [4 InRelease gpgv 65,4 kB] [Waiting for headers] Seccomp prevented execution of syscall 42 on architecture amd64 Reading package lists... Done E: Method store has died unexpectedly! E: Sub-process store returned an error code (31) marcos@marcos:~$ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
:-) Oh I see the line break added by LP in my example lead Jimmy the wrong way. Obviously for the config to work it needs to be there :-) @Jimmy - Please retry, and check the file content with e.g. cat after the echo. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
Well, no filename was specified for "tee" -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1732030] Re: 'apt update' dies with seccomp error
On Wed, Apr 4, 2018 at 10:12 AM, Jimmy Olsen wrote: > It`still giving me same error: > > marcos@marcos:~$ echo 'apt::sandbox::seccomp::allow { "socket" };' | sudo > tee > [sudo] password for marcos: > apt::sandbox::seccomp::allow { "socket" }; > marcos@marcos:~$ sudo apt update > [...] > Seccomp prevented execution of syscall 41 on architecture > amd64 > Hmm, maybe my override isn't perfect - yet since I can't reproduce to improve it I have to wait for Julian to take a look at this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
It`still giving me same error: marcos@marcos:~$ echo 'apt::sandbox::seccomp::allow { "socket" };' | sudo tee [sudo] password for marcos: apt::sandbox::seccomp::allow { "socket" }; marcos@marcos:~$ sudo apt update Get:1 http://br.archive.ubuntu.com/ubuntu bionic InRelease [235 kB] Hit:2 http://linux.teamviewer.com/deb stable InRelease Hit:3 http://linux.teamviewer.com/deb preview InRelease Hit:4 http://br.archive.ubuntu.com/ubuntu bionic-updates InRelease Hit:5 http://br.archive.ubuntu.com/ubuntu bionic-backports InRelease Hit:6 http://ppa.launchpad.net/ubuntubudgie/backports/ubuntu bionic InRelease Hit:7 http://security.ubuntu.com/ubuntu bionic-security InRelease Hit:8 http://archive.canonical.com/ubuntu bionic InRelease Get:9 http://br.archive.ubuntu.com/ubuntu bionic/main amd64 Packages [1.016 kB] 0% [9 Packages store 0 B] [5 InRelease gpgv 65,5 kB] [Waiting for headers] Seccomp prevented execution of syscall 41 on architecture amd64 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1732030] Re: 'apt update' dies with seccomp error
On Wed, Apr 4, 2018 at 8:29 AM, Jimmy Olsen wrote: > Hi Christian. I tried to run this command but it didnt work: > > marcos@marcos:~$ echo 'apt::sandbox::seccomp::allow { "socket" };' > > /etc/apt/apt.conf.d/99seccomp > bash: /etc/apt/apt.conf.d/99seccomp: Permission denied > The path this gets placed in is only writable by root. So you either need to "sudo su" before you do the above. Or you can use sudo to write with permissions through tee, like: $ echo 'apt::sandbox::seccomp::allow { "socket" };' | sudo tee /etc/apt/apt.conf.d/99seccomp -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
Hi Christian. I tried to run this command but it didnt work: marcos@marcos:~$ echo 'apt::sandbox::seccomp::allow { "socket" };' > /etc/apt/apt.conf.d/99seccomp bash: /etc/apt/apt.conf.d/99seccomp: Permission denied marcos@marcos:~$ sudo marcos@marcos:~$ echo 'apt::sandbox::seccomp::allow { "socket" };' > /etc/apt/apt.conf.d/99seccomp bash: /etc/apt/apt.conf.d/99seccomp: Permission denied marcos@marcos:~$ bash: /etc/apt/apt.c -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
Hmm, 0041 should be sys_socket With the error present (in your case ppa enabled), could you add this and retry: echo 'apt::sandbox::seccomp::allow { "socket" };' > /etc/apt/apt.conf.d/99seccomp If it works with that it really was the socket call, and Julian can consider adding it. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879814#15 has listed 0041 as well, and I thought it is done, but your check will help Julian for sure. ** Bug watch added: Debian Bug tracker #879814 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879814 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
Just tried to add another PPA (from another program), same error going on. and I get it fixed when PPA is removed... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
Hi Chistian. I tried to add the PPA and it shows me that error: marcos@marcos:~$ sudo add-apt-repository ppa:otto-kesselgulasch/gimp -y && sudo apt-get update [sudo] password for marcos: gpg: keybox '/tmp/tmp935_1y_p/pubring.gpg' created gpg: key 3BDAAC08614C4B38: 1 signature not checked due to a missing key gpg: /tmp/tmp935_1y_p/trustdb.gpg: trustdb created gpg: key 3BDAAC08614C4B38: public key "Launchpad otto06217" imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1 OK Hit:1 http://linux.teamviewer.com/deb stable InRelease Hit:2 http://linux.teamviewer.com/deb preview InRelease Hit:3 http://br.archive.ubuntu.com/ubuntu bionic InRelease Hit:4 http://br.archive.ubuntu.com/ubuntu bionic-updates InRelease Hit:5 http://br.archive.ubuntu.com/ubuntu bionic-backports InRelease Hit:6 http://archive.canonical.com/ubuntu bionic InRelease Hit:7 http://security.ubuntu.com/ubuntu bionic-security InRelease Get:8 http://ppa.launchpad.net/otto-kesselgulasch/gimp/ubuntu bionic InRelease [15,4 kB] Hit:9 http://ppa.launchpad.net/ubuntubudgie/backports/ubuntu bionic InRelease Get:10 http://ppa.launchpad.net/otto-kesselgulasch/gimp/ubuntu bionic/main amd64 Packages [3.096 B] 83% [10 Packages store 0 B] [Connecting to ppa.launchpad.net (91.189.95.83)] Seccomp prevented execution of syscall 41 on architecture amd64 Reading package lists... Done E: Method store has died unexpectedly! E: Sub-process store returned an error code (31) marcos@marcos:~$ As said before, once PPA is removed,it goes back to normal. Assuming it could be something from my computer settings, I send attached info sys about it. Hope it helps bug be fixed. ** Attachment added: "system info from my computer as from 03th April 2018" https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+attachment/5100499/+files/hardinfo_report.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
The actual seccomp fail is important. Eventually it is a sandbox and we want to add exceptions after we know it has a valid use case. As the above libvirt nss case which we added. Trying the ppa you mentioned I can run just fine - so something is special in your setup. Please the exact details are important to Julian - see comment #17 - if it is the same you could also try the suggested workaround via config in comment #19. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
Idk if I did has something to do with the bug itself. I noticed this bug happened just after when I added PPA as seen from https://www.omgubuntu.co.uk/2018/03/gimp-2-10-release-candidate-released and ran "sudo apt update && sudo apt upgrade" commands. Once it was removed,no error was shown anymore. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
I've just tried it and I does not face the error anymore. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
I've just tried it and I do not face the error anymore. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
This bug was fixed in the package libvirt - 4.0.0-1ubuntu1 --- libvirt (4.0.0-1ubuntu1) bionic; urgency=medium * Merged with Debian unstable (4.0) This closes several bugs: - Error generating apparmor profile when hostname contains spaces (LP: #77) - qemu 2.10 locks files, libvirt shared now sets share-rw=on (LP: #1716028) - libvirt usb passthrough throws apparmor denials related to /run/udev/data/+usb (LP: #1727311) - AppArmor denies access to /sys/block/*/queue/max_segments (LP: #1729626) - iohelper improvements to let bypass-cache work without opening up the apparmor isolation (LP: #1719579) - nodeinfo on s390x to contain more CPU info (LP: #1733688) - Upgrade libvirt >= 4.0 (LP: #1745934) * Remaining changes: - Disable libssh2 support (universe dependency) - Disable firewalld support (universe dependency) - Disable selinux - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Modifications to adapt for our delayed switch away from libvirt-bin (can be dropped >18.04). + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias to old service name so that old references work + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias to old service name so that old references work + d/control: transitional package with the old name and maintainer scripts to handle the transition - Backwards compatible handling of group rename (can be dropped >18.04). - config details and autostart of default bridged network. Creating that is now the default in general, yet our solution provides the following on top as of today: + autostart the default network by default + do not autostart if subnet is already taken (e.g. in guests). - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite long. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm which provided a separate kvm-spice. - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The section that adapts the path of the emulator to the Debian/Ubuntu packaging is kept. - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto set VRAM to minimum requirements - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts - Add libxl log directory - libvirt-uri.sh: Automatically switch default libvirt URI for users on Xen dom0 via user profile (was missing on changelogs before) - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from included_files to avoid build failures due to duplicate definitions. - Update README.Debian with Ubuntu changes - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch. - Enable some additional features on ppc64el and s390x (for arch parity) + systemtap, zfs, numa and numad on s390x. + systemtap on ppc64el. - fix conffile upgrade handling to avoid obsolete files and inactive duplicates (LP 1694159) - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) - d/test/smoke-lxc workaround for debbug 848317/867379 - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317) - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04, no more UCA onto Xenial then which has global dnsmasq by default). - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - conffile handling of files dropped in 3.5 (can be dropped >18.04) + /etc/init.d/virtlockd was sysv init only + /etc/apparmor.d/local/usr.sbin.libvirtd and /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated by dh_apparmor as needed - Reworked apparmor Delta, especially the more complex delta is dropped now, also our former delta is now split into logical pieces, has improved comments and is part of a continuous upstreaming effort. Listing related remaining changes: + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor: Allow pygrub to run on Debian/Ubuntu + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch: apparmor, libvirt-qemu: Allow read access to overcommit_memory + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch: apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch: apparmor, virt-aa-helper: Allo
[Bug 1732030] Re: 'apt update' dies with seccomp error
Wow, store method opens a socket. I wonder what for. This is frustrating. Workaround for that would probably be apt::sandbox::seccomp::allow { "socket" }; + some more socket operations. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
Sorry I don't have the old log. But it's also happening now: turip@turip-xps-ws:~$ sudo -i root@turip-xps-ws:~# apt-get update Hit:1 http://security.ubuntu.com/ubuntu bionic-security InRelease Ign:2 http://dl.google.com/linux/chrome/deb stable InRelease Get:3 http://hu.archive.ubuntu.com/ubuntu bionic InRelease [235 kB] Ign:4 http://hu.archive.canonical.com/ubuntu bionic InRelease Get:5 http://hu.archive.ubuntu.com/ubuntu bionic-updates InRelease [65.4 kB] Err:6 http://hu.archive.canonical.com/ubuntu bionic Release 404 Not Found Get:7 http://hu.archive.ubuntu.com/ubuntu bionic-backports InRelease [65.5 kB] Hit:8 http://dl.google.com/linux/chrome/deb stable Release Hit:9 https://packages.microsoft.com/repos/vscode stable InRelease Get:10 http://hu.archive.ubuntu.com/ubuntu bionic/main Sources [833 kB] 0% [10 Sources store 0 B] [5 InRelease gpgv 65.4 kB] [Waiting for headers] [Con Seccomp prevented execution of syscall 41 on architecture amd64 Reading package lists... Done E: The repository 'http://hu.archive.canonical.com/ubuntu bionic Release' does not have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. W: Skipping acquire of configured file 'non-free/binary-amd64/Packages' as repository 'http://security.ubuntu.com/ubuntu bionic-security InRelease' doesn't have the component 'non-free' (component misspelt in sources.list?) W: Skipping acquire of configured file 'non-free/binary-i386/Packages' as repository 'http://security.ubuntu.com/ubuntu bionic-security InRelease' doesn't have the component 'non-free' (component misspelt in sources.list?) W: Skipping acquire of configured file 'non-free/i18n/Translation-en' as repository 'http://security.ubuntu.com/ubuntu bionic-security InRelease' doesn't have the component 'non-free' (component misspelt in sources.list?) W: Skipping acquire of configured file 'non-free/i18n/Translation-en_US' as repository 'http://security.ubuntu.com/ubuntu bionic-security InRelease' doesn't have the component 'non-free' (component misspelt in sources.list?) W: Skipping acquire of configured file 'non-free/dep11/Components-amd64.yml' as repository 'http://security.ubuntu.com/ubuntu bionic-security InRelease' doesn't have the component 'non-free' (component misspelt in sources.list?) W: Skipping acquire of configured file 'non-free/dep11/icons-64x64.tar' as repository 'http://security.ubuntu.com/ubuntu bionic-security InRelease' doesn't have the component 'non-free' (component misspelt in sources.list?) W: Skipping acquire of configured file 'non-free/Contents-amd64' as repository 'http://security.ubuntu.com/ubuntu bionic-security InRelease' doesn't have the component 'non-free' (component misspelt in sources.list?) W: Skipping acquire of configured file 'non-free/Contents-i386' as repository 'http://security.ubuntu.com/ubuntu bionic-security InRelease' doesn't have the component 'non-free' (component misspelt in sources.list?) W: Skipping acquire of configured file 'non-free/binary-amd64/Packages' as repository 'http://hu.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'non-free' (component misspelt in sources.list?) W: Skipping acquire of configured file 'non-free/binary-i386/Packages' as repository 'http://hu.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'non-free' (component misspelt in sources.list?) W: Skipping acquire of configured file 'non-free/i18n/Translation-en' as repository 'http://hu.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'non-free' (component misspelt in sources.list?) W: Skipping acquire of configured file 'non-free/i18n/Translation-en_US' as repository 'http://hu.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'non-free' (component misspelt in sources.list?) W: Skipping acquire of configured file 'non-free/dep11/Components-amd64.yml' as repository 'http://hu.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'non-free' (component misspelt in sources.list?) W: Skipping acquire of configured file 'non-free/dep11/icons-64x64.tar' as repository 'http://hu.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'non-free' (component misspelt in sources.list?) W: Skipping acquire of configured file 'non-free/Contents-amd64' as repository 'http://hu.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'non-free' (component misspelt in sources.list?) W: Skipping acquire of configured file 'non-free/Contents-i386' as repository 'http://hu.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'non-free' (compon
[Bug 1732030] Re: 'apt update' dies with seccomp error
@Turi with the same number 78? That's important :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
I ran into the same problem when updating from a fully patched artfull to bioninc using the following apt sources: deb http://archive.ubuntu.com/ubuntu/ bionic main restricted deb-src http://archive.ubuntu.com/ubuntu/ bionic universe main restricted multiverse deb http://archive.ubuntu.com/ubuntu/ bionic-updates main restricted deb-src http://archive.ubuntu.com/ubuntu/ bionic-updates universe main restricted multiverse deb http://archive.ubuntu.com/ubuntu/ bionic universe deb http://archive.ubuntu.com/ubuntu/ bionic-updates universe deb http://archive.ubuntu.com/ubuntu/ bionic multiverse deb http://archive.ubuntu.com/ubuntu/ bionic-updates multiverse deb http://archive.ubuntu.com/ubuntu/ bionic non-free deb http://archive.ubuntu.com/ubuntu/ bionic-updates non-free deb http://archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse deb-src http://archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse deb http://archive.canonical.com/ubuntu bionic partner deb-src http://archive.canonical.com/ubuntu bionic partner deb http://security.ubuntu.com/ubuntu bionic-security main restricted non-free deb-src http://security.ubuntu.com/ubuntu bionic-security universe main restricted multiverse deb http://security.ubuntu.com/ubuntu bionic-security universe deb http://security.ubuntu.com/ubuntu bionic-security multiverse (Originally it was same with artful). I have a lot of other ppa sources lists, but the strange thing is that after dist-upgrade, the issue persists however after reboot the system works as usual when removing the seccomp fix proposed in #2. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
OK, so I think we let this sit for a few more weeks and see what else we get. So far we have 4 people affected by this. Does not happen for me, BTW, and yes, I use the mirror method (from -proposed, the old one does not work and the new one is much better :D). Now, as to documentation: There is not really supposed to be any. There's a NEWS entry for it telling you how to enable more syscalls for debugging, and it's listed in configure-index. But it's not something people should really configure in normal use. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
Note: my source.lust had no trailing / so for me it was $ sed -i 's/http:\/\/archive.ubuntu.com\/ubuntu/mirror:\/\/mirrors.ubuntu.com\/mirrors.txt/g' /etc/apt/sources.list to trigger the issue Note (2): Also this feature is still undocumented since all the time :-/. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
Interesting, thanks Mathias for the update. @Julian - I think this means you have to tackle that from apt itself then? (or at least find out via which path it triggers the issue now). How far are you in regard to comment #9 number 3 atm - can you take it into apt itself already? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
Had the same issue, but wihtout libnss-libvirt installed. Switching to the mirror method also triggers the error. # sed -i 's/http:\/\/archive.ubuntu.com\/ubuntu\//mirror:\/\/mirrors.ubuntu.com\/mirrors.txt/g' /etc/apt/sources.list # apt update 0% [Working] Seccomp prevented execution of syscall 78 on architecture amd64 Reading package lists... Done E: Method mirror has died unexpectedly! E: Sub-process mirror returned an error code (31) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
** Tags added: libvirt-18.04 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
@Tamas - your stack trace might help to identify another source of such issues, let us know. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
Ok, so I will add this on the next libvirt merge to be safe on bionic. ** Changed in: libvirt (Ubuntu) Status: Confirmed => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
1. This is appending. You could also write it apt::sandbox::seccomp::allow:: "getdents" but the list notation is documented. 2. Right. Others might have other issues, mostly depending on their NSS modules. I don't think we'll fix all of them. But I don't think there are many users with non-standard NSS modules, so this maybe affects what, 1 to 5% of the users? 3. Exactly We can eventually also enable getdents in apt itself, once the methods do not need write access to partial/ anymore (because the main process then opens the file and sends it via a socket). I only disabled it for now so one method cannot find files used by other methods (except for guessing). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
Hi Julian, I have broken down the testcase into reproducible steps: Testcase - TL;DR get running guest with IP and enable libvirt nss: $ apt install libnss-libvirt libvirt-dameon-system $ apt update $ uvt-simplestreams-libvirt sync --source http://cloud-images.ubuntu.com/daily arch=amd64 label=daily release=artful $ uvt-kvm create --password=ubuntu testguest release=artful arch=amd64 label=daily $ vim /etc/nsswitch.conf # add libvirt to the hosts line $ apt download hello So would the following be good then? $ cat /etc/apt/apt.conf.d/90libnss-libvirt apt::sandbox::seccomp::allow { "getdents" }; I wonder about a few things: 1. is there a format that does not "set" but append this to ensure if one placed other seccomp allows that they do not interfere? 2. I'm not sure everybody is hitting that through libnss-libvirt so I might only fix one of many incarnations of this. 3. this is only for newer apt needs this right - so only >=bionic ok? ** Changed in: libvirt (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
It would be nice if libvirt-nss could ship an /etc/apt/apt.conf.d /libvirt-nss.conf, or a numbered file like the others, that allows getdents. I don't think I want to turn it on in general because not being able to list a directory is kind of useful. ** Also affects: libvirt (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
I hit this today in a Bionic container trying to use "apt-get download". Found this bug and based on this trying to provide the debug data that was requested back then. So I gathered the crash file with JulianK's hint and then used Tamas workaround to get all apport tools as needed. # apport-retrace --rebuild-package-info --stdout /var/crash/_usr_lib_apt_methods_http.0.crash dpkg-source: info: extracting apt in apt-1.6~alpha5 dpkg-source: info: unpacking apt_1.6~alpha5.tar.xz W: Download is performed unsandboxed as root as file 'apt_1.6~alpha5.dsc' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied) --- stack trace --- #0 0x7faff80f04eb in __getdents (fd=3, buf=0x561fff2a96d0 "\035g\233", , nbytes=32768) at ../sysdeps/unix/sysv/linux/getdents.c:96 resultvar = 78 retval = #1 0x7faff80f00b5 in __readdir (dirp=0x561fff2a96a0) at ../sysdeps/posix/readdir.c:65 maxread = bytes = reclen = dp = saved_errno = 0 #2 0x7faff55e826e in ?? () from /lib/x86_64-linux-gnu/libnss_libvirt.so.2 No symbol table info available. #3 0x7faff55cebdf in ?? () from /lib/x86_64-linux-gnu/libnss_libvirt.so.2 No symbol table info available. #4 0x7faff55cf657 in _nss_libvirt_gethostbyname4_r () from /lib/x86_64-linux-gnu/libnss_libvirt.so.2 No symbol table info available. #5 0x7faff81155df in gaih_inet (name=name@entry=0x561fff26cba0 "archive.ubuntu.com", service=, req=req@entry=0x7fffa2434860, pai=pai@entry=0x7fffa2434328, naddrs=naddrs@entry=0x7fffa2434324, tmpbuf=tmpbuf@entry=0x7fffa2434390) at ../sysdeps/posix/getaddrinfo.c:790 fct4 = 0x7faff55cf5f0 <_nss_libvirt_gethostbyname4_r> pat = 0x7fffa2434118 no_inet6_data = nip = 0x561fff2a93d0 status = no_more = 0 no_data = 0 inet6_status = NSS_STATUS_UNAVAIL res_ctx = 0x561fff295a00 res_enable_inet6 = false tp = st = 0x7fffa2434040 at = 0x7fffa2434000 got_ipv6 = false canon = 0x0 orig_name = 0x561fff26cba0 "archive.ubuntu.com" alloca_used = port = malloc_name = false addrmem = 0x0 canonbuf = 0x0 result = 0 #6 0x7faff81175c7 in __GI_getaddrinfo (name=, service=, hints=0x7fffa2434860, pai=0x561ffdb8b370) at ../sysdeps/posix/getaddrinfo.c:2304 tmpbuf = {data = 0x7fffa24343a0, length = 1024, __space = "\377\002", '\000' , "\003\240CC\242\377\177\000\000\000\000\000\000\000\000\000\000ff02::3\000ip6-allhosts", '\000' , "able hosts\n\000\257\177\000\000\030\000\000\000\000\000\000\000\000<\360\251\300\071s\362\230|?\370\257\177\000\000\000\000\000\000\000\000\000\000\260\346(\377\037V\000\000\000\350(\377\037V\000\000\220m)\377\037V\000\000ps)\377\037V\000\000\000\000\000\000\000\000\000\000\376\263\n\370\257\177\000\000\240b+\377\037V\000\000\006\000\000\000\000\000\000\000\272\375\033\370\257\177\000\000"...} i = 0 last_i = 0 nresults = 0 p = 0x0 gaih_service = {name = 0x7fffa2434aa0 "http", num = -1} pservice = local_hints = {ai_flags = 1, ai_family = 0, ai_socktype = 0, ai_protocol = 0, ai_addrlen = 4280870576, ai_addr = 0x561fff28e800, ai_canonname = 0x561fff296d90 "@m)\377\037V", ai_next = 0x561fff297370} in6ai = 0x561fff28e8f8 in6ailen = 6 seen_ipv4 = true seen_ipv6 = true check_pf_called = true end = 0x7fffa2434328 naddrs = 0 __PRETTY_FUNCTION__ = "getaddrinfo" #7 0x561ffd98218e in ?? () No symbol table info available. #8 0x561ffd98359d in ?? () No symbol table info available. #9 0x561ffd974652 in ?? () No symbol table info available. #10 0x561ffd97c0c8 in ?? () No symbol table info available. #11 0x561ffd96b73b in ?? () No symbol table info available. #12 0x7faff803d1c1 in __libc_start_main (main=0x561ffd96b690, argc=1, argv=0x7fffa2435948, init=, fini=, rtld_fini=, stack_end=0x7fffa2435938) at ../csu/libc-start.c:308 result = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -9070595946702466195, 94695398488480, 140735915710784, 0, 0, -3324084521362287763, -3351014314436619411}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7fffa2435958, 0x7faff953f150}, data = {prev = 0x0, cleanup = 0x0, canceltype = -1572644520}}} not_first_call = #13 0x561ffd96b9ca in ?? () No symbol table info available. --- source code stack trace --- #0 0x7faff80f04eb in __getdents (fd=3, buf=0x561fff2a96d0 "\035g\233", , nbytes=32768) at ../sysdeps/unix/sysv/linux/getdents.c:96 [Error: getdents.c was not found in source tree] #1 0x7faff80f00b5 in __readdir (dirp=0x561fff2a96a0) at ../sysdeps/posix/readdir.c:65 [Error: readdir.c was not found in source tree] #2 0x7faff55e826e in ?? () from /lib/x86_64-linux-gnu/libnss_libvirt.so.2 #3 0x7faff55cebdf in ?? () from /lib/x86_64-linu
[Bug 1732030] Re: 'apt update' dies with seccomp error
Note: adding getdents as suggested was enough, there were no further seccomp hits triggered later on. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: apt (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
Hi, thanks for your bug report. It seems that something is trying to read a directory. Could you perhaps run with apt::sandbox::seccomp::print set to false and gather a stack trace and attach that here? (or let apport do its magic and report it separately?). This would help figuring out what needs that. In the meantime, feel free to add apt::sandbox::seccomp::allow { "getdents" }; to your apt.conf and try again (you can use scmp_sys_resolver to resolve any other numbers to names and add them). Compared to just disabling it, that would keep that sandboxing feature active :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1732030] Re: 'apt update' dies with seccomp error
Workaround: echo 'apt::sandbox::seccomp "false";' > /etc/apt/apt.conf.d/999seccomp -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732030 Title: 'apt update' dies with seccomp error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1732030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs