Comment 1 for bug 1653487
Revision history for this message
| Jamie Strandboge (jdstrand) wrote Re: seccomp argument filtering not working on trusty(?) | #1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
I'm not done looking at this, but I have confirmed this is a bug in libseccomp so retargeting there. What is happening is that snap-confine is getting a denial on geteuid (syscall 107) even though this syscall is included in the filter. This indicates a problem in the filter setup in libseccomp and not snap-confine itself and this patch appears to fix the issue:
eece06525d58d08
However, that patch needs the following to be applied:
9ca83f455562fe8
206da04b8b2366d
61fee77783fd458
While with the above 4 patches applied the snap-confine testsuite passes, the libseccomp internal testsuite has many failures. I'm now investigating if it is better to continue cherrypicking patches or to pull back 2.2.3 from xenial.