Bug#951012: buster-kernel 5.5-armhf-seccomp: syscall 403
On Sun, Feb 09, 2020 at 08:28:13PM +0100, Marc Haber wrote:
> Package: apt
> Version: 1.8.2
> Severity: minor
>
> [severity minor because it's a rather exotic case that needs non-default
> configuration, a non-Debian kernel and a non-mainstream arch]
>
> Hi,
>
> I get the following message:
> | [1/4216]mh@entrada:~ $ sudo apt update
> | 0% [Working]
> | **** Seccomp prevented execution of syscall 0000000403 on architecture armhf ****
> | Reading package lists... Done
> | E: Method http has died unexpectedly!
> | E: Sub-process http returned an error code (31)
> | 100 [2/4217]mh@entrada:~ $
>
> if:
>
> - buster is installed
> - the system has arch armhf (here: a Banana Pi)
> - a 5.5 kernel is in use (not yet in Debian sid, so locally compiled)
> - seccomp in apt is enabled
>
> sid seems to work fine in this situation.
I looked into this, this is is new time64 syscall, I'll be going ahead
and whitelist all new time64 syscalls in 1.9.10.
403: clock_gettime64
404: clock_settime64
405: clock_adjtime64
406: clock_getres_time64
407: clock_nanosleep_time64
408: timer_gettime64
409: timer_settime64
410: timerfd_gettime64
411: timerfd_settime64
412: utimensat_time64
413: pselect6_time64
414: ppoll_time64
Of course, feel free to whitelist them in your apt.conf, by setting
APT::Sandbox::Seccomp::Allow { "clock_gettime64"; <other syscalls> }
as I don't think this will get cherry-picked into stable releases.
--
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer i speak de, en
Reply to: