0000194: Missing seccomp whitelist entries for musl libc

ID	Project	Category	View Status	Date Submitted	Last Update

0000194	file	General	public	2020-08-31 10:10	2020-09-05 17:20

Reporter	puchuu	Assigned To	christos
Priority	normal	Severity	minor	Reproducibility	always
Status	resolved	Resolution	fixed
Platform	*-linux-musl
Product Version	5.39
Fixed in Version	5.40

Summary	0000194: Missing seccomp whitelist entries for musl libc
Description	Musl libc uses system calls different from whitelisted in seccomp.c. Please test file on musl system too.
Steps To Reproduce	Compile file and try to launch it.
Additional Information	Please visit https://bugs.gentoo.org/730540
Tags	No tags attached.

puchuu 2020-08-31 10:10 reporter	seccomp.patch (750 bytes) # sys-apps/file: bad system call, need ALLOW_RULE entries for 'writev' and 'statx' on musl libc. # https://bugs.gentoo.org/730540 diff -Naurp file-5.39.orig/src/seccomp.c file-5.39/src/seccomp.c --- file-5.39.orig/src/seccomp.c 2020-07-19 20:23:05.467391000 +0000 +++ file-5.39/src/seccomp.c 2020-07-19 20:25:52.505308000 +0000 @@ -220,12 +220,14 @@ enable_sandbox_full(void) ALLOW_RULE(rt_sigreturn); ALLOW_RULE(select); ALLOW_RULE(stat); + ALLOW_RULE(statx); ALLOW_RULE(stat64); ALLOW_RULE(sysinfo); ALLOW_RULE(umask); // Used in file_pipe2file() ALLOW_RULE(getpid); // Used by glibc in file_pipe2file() ALLOW_RULE(unlink); ALLOW_RULE(write); + ALLOW_RULE(writev); // needed by Gentoo's portage sandbox ALLOW_RULE(getcwd); seccomp.patch (750 bytes)

christos 2020-09-05 17:20 manager ~0003478	Fixed, thanks!

Date Modified	Username	Field	Change
2020-08-31 10:10	puchuu	New Issue
2020-08-31 10:10	puchuu	File Added: seccomp.patch
2020-09-05 17:20	christos	Assigned To	=> christos
2020-09-05 17:20	christos	Status	new => assigned
2020-09-05 17:20	christos	Status	assigned => resolved
2020-09-05 17:20	christos	Resolution	open => fixed
2020-09-05 17:20	christos	Fixed in Version	=> 5.40
2020-09-05 17:20	christos	Note Added: 0003478