Bug#1091351: seccomp doesn't work with https transport

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1091351: seccomp doesn't work with https transport
From: Antonio Russo <aerusso@aerusso.net>
Date: Tue, 24 Dec 2024 05:54:50 -0700
Message-id: <[🔎] 0207107a-822d-4148-998e-b411d6b41027@aerusso.net>
Reply-to: Antonio Russo <aerusso@aerusso.net>, 1091351@bugs.debian.org

Package: apt
Version: 2.9.19
Severity: normal
X-Debbugs-Cc: aerusso@aerusso.net


Dear Maintainer,

I'm not sure which (recent) version of apt caused this (though reading the changelog
makes me suspicious of 2.9.19), but as of this version, I cannot use the seccomp
sandbox with any https transport repositories: I get error:

**** Seccomp prevented execution of syscall 0000000217 on architecture amd64 ****

which is (expectedly) resolved by allowing getdents64 in the seccomp filter:

APT::Sandbox::Seccomp::allow { "getdents64" };

Presumably this is some OpenSSL/GnuTLS difference?

I can reproduce this easily by just changing the deb.debian.org URL to https and
turning on the seccomp filter.  I can poke harder at making a reproducer if the
above doesn't reproduce for you.

Best,
Antonio

Attachment: OpenPGP_0x72DB026E04C1C768.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Reply to:

Prev by Date: Bug#1091344: Description still says it contains apt-extracttemplates
Next by Date: libept is marked for autoremoval from testing
Previous by thread: Bug#1091344: Description still says it contains apt-extracttemplates
Next by thread: Bug#1091442: dpkg-preconfigure calling apt-extracttemplates breaks DPKG_ROOT support
Index(es):
- Date
- Thread