tasks killed for nop (-1)
Bug #1695808 reported by
Serge Hallyn
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| libseccomp (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
As the seccomp manpage points out, after seeing a SECCOMP_RET_TRACE, a tracer can set nr to -1 to skip the syscall. Similarly, one task could be debugging another seccomp'd task, simply doing PTRACE_SYSCALL without using SECCOMP_PTRACE, and want to make the tracee skip a syscall by setting nr to -1.
However, the way libseccomp checks for X86_SYSCALL_BIT wrongly catches nr == -1. This kills any application using -1 to skip a syscall. This means that any such application running under lxd, which uses libseccomp to set its seccomp policies, fails.
libseccomp upstream has been fixed, see https:/
| Changed in libseccomp (Ubuntu): | |
| status: | New → Confirmed |
Revision history for this message
| Serge Hallyn (serge-hallyn) wrote Re: [Bug 1695808] Re: tasks killed for nop (-1) | #1 |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #2 |
| Changed in libseccomp (Ubuntu): | |
| status: | Confirmed → Fix Released |
To post a comment you must log in.
Note, I'm happy to update a fix for this for a (and a -proposed one
for xenial).