many seccomp denials for set_robust_list in xenial
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chromium-browser (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
I have 517 messages and counting like this:
kernel: [ 2899.006553] audit: type=1326 audit(146058418
$ scmp_sys_resolver 273
set_robust_list
It seems that chromium's seccomp sandbox needs to enable this call or chromium adjusted to not use it.
$ cat /proc/version_
Ubuntu 4.4.0-18.34-generic 4.4.6
$ apt-cache policy chromium-browser
$ apt-cache policy chromium-browser
chromium-browser:
Installed: 49.0.2623.
Candidate: 49.0.2623.
Version table:
*** 49.0.2623.
500 http://
100 /var/lib/
Changed in chromium-browser (Ubuntu): | |
assignee: | nobody → Chad Miller (cmiller) |
status: | New → Confirmed |
Changed in chromium-browser (Ubuntu): | |
assignee: | Chad Miller (cmiller) → nobody |
status: | In Progress → Confirmed |
Oh hello, libc.
Catchpoint 1 (call to syscall set_robust_list), __pthread_ initialize_ minimal_ internal () at nptl-init.c:384 initialize_ minimal_ internal () at nptl-init.c:384 x86_64/ crti.S: 72
(gdb) bt
#0 __pthread_
#1 0x00007f2b878845d1 in _init () at ../sysdeps/
int res = INTERNAL_SYSCALL (set_robust_list, err, 2, &pd->robust_head,
sizeof (struct robust_list_head));