tasks killed for nop (-1)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libseccomp (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
As the seccomp manpage points out, after seeing a SECCOMP_RET_TRACE, a tracer can set nr to -1 to skip the syscall. Similarly, one task could be debugging another seccomp'd task, simply doing PTRACE_SYSCALL without using SECCOMP_PTRACE, and want to make the tracee skip a syscall by setting nr to -1.
However, the way libseccomp checks for X86_SYSCALL_BIT wrongly catches nr == -1. This kills any application using -1 to skip a syscall. This means that any such application running under lxd, which uses libseccomp to set its seccomp policies, fails.
libseccomp upstream has been fixed, see https:/
Changed in libseccomp (Ubuntu): | |
status: | New → Confirmed |
Note, I'm happy to update a fix for this for a (and a -proposed one
for xenial).