canonical-ubuntu-qa team mailing list archive

Thread
Date
[Bug 2125202] [NEW] seccomp testsuite fails to build on kernels older than version 5.0

To: canonical-ubuntu-qa@xxxxxxxxxxxxxxxxxxx
From: Manuel Diewald <2125202@xxxxxxxxxxxxxxxxxx>
Date: Fri, 19 Sep 2025 13:35:38 -0000
Reply-to: Bug 2125202 <2125202@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Public bug reported:

Latest version of libseccomp that is used since security cycle
s2025.08.11 fails to build on trusty/xenial/bionic (anything older than
kernel version 5.0):

  Making all in .
    CC       libseccomp_la-api.lo
    CC       libseccomp_la-system.lo
  Makefile:686: recipe for target 'libseccomp_la-system.lo' failed
  Makefile:887: recipe for target 'all-recursive' failed
  Makefile:521: recipe for target 'all-recursive' failed
  Makefile:430: recipe for target 'all' failed
  stderr:
  In file included from system.c:29:0:
  system.h:201:15: warning: ‘struct seccomp_notif_resp’ declared inside parameter list will not be visible outside of this definition or declaration
          struct seccomp_notif_resp **resp);
                 ^~~~~~~~~~~~~~~~~~
  system.h:200:29: warning: ‘struct seccomp_notif’ declared inside parameter list will not be visible outside of this definition or declaration
   int sys_notify_alloc(struct seccomp_notif **req,
                               ^~~~~~~~~~~~~
  system.h:202:39: warning: ‘struct seccomp_notif’ declared inside parameter list will not be visible outside of this definition or declaration
   int sys_notify_receive(int fd, struct seccomp_notif *req);
                                         ^~~~~~~~~~~~~
  system.h:203:39: warning: ‘struct seccomp_notif_resp’ declared inside parameter list will not be visible outside of this definition or declaration
   int sys_notify_respond(int fd, struct seccomp_notif_resp *resp);
                                         ^~~~~~~~~~~~~~~~~~
  system.c:472:5: error: conflicting types for ‘sys_notify_alloc’
   int sys_notify_alloc(struct seccomp_notif **req,
       ^~~~~~~~~~~~~~~~
  In file included from system.c:29:0:
  system.h:200:5: note: previous declaration of ‘sys_notify_alloc’ was here
   int sys_notify_alloc(struct seccomp_notif **req,
       ^~~~~~~~~~~~~~~~
  system.c:517:5: error: conflicting types for ‘sys_notify_receive’
   int sys_notify_receive(int fd, struct seccomp_notif *req)
       ^~~~~~~~~~~~~~~~~~
  In file included from system.c:29:0:
  system.h:202:5: note: previous declaration of ‘sys_notify_receive’ was here
   int sys_notify_receive(int fd, struct seccomp_notif *req);
       ^~~~~~~~~~~~~~~~~~
  system.c:538:5: error: conflicting types for ‘sys_notify_respond’
   int sys_notify_respond(int fd, struct seccomp_notif_resp *resp)
       ^~~~~~~~~~~~~~~~~~
  In file included from system.c:29:0:
  system.h:203:5: note: previous declaration of ‘sys_notify_respond’ was here
   int sys_notify_respond(int fd, struct seccomp_notif_resp *resp);
       ^~~~~~~~~~~~~~~~~~
  make[3]: *** [libseccomp_la-system.lo] Error 1
  make[2]: *** [all-recursive] Error 1
  make[1]: *** [all-recursive] Error 1
  make: *** [all] Error 2

This is due to new commit dee17d0 ("system: use notification structs
from include/seccomp.h") which removes definitions of some structs and
makes use of the definitions in include/seccomp.h instead. However,
these structs have only been added with kernel commit 6a21cc50f0c7
("seccomp: add a return code to trap to userspace") that was included in
v5.0, so anything older than focal does not have them. The configure
script checks whether the seccomp.h header is present but does not check
whether it actually includes the necessary struct definitions.

** Affects: ubuntu-kernel-tests
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Canonical
Platform QA Team, which is subscribed to ubuntu-kernel-tests.
https://bugs.launchpad.net/bugs/2125202

Title:
  seccomp testsuite fails to build on kernels older than version 5.0

Status in ubuntu-kernel-tests:
  New

Bug description:
  Latest version of libseccomp that is used since security cycle
  s2025.08.11 fails to build on trusty/xenial/bionic (anything older
  than kernel version 5.0):

    Making all in .
      CC       libseccomp_la-api.lo
      CC       libseccomp_la-system.lo
    Makefile:686: recipe for target 'libseccomp_la-system.lo' failed
    Makefile:887: recipe for target 'all-recursive' failed
    Makefile:521: recipe for target 'all-recursive' failed
    Makefile:430: recipe for target 'all' failed
    stderr:
    In file included from system.c:29:0:
    system.h:201:15: warning: ‘struct seccomp_notif_resp’ declared inside parameter list will not be visible outside of this definition or declaration
            struct seccomp_notif_resp **resp);
                   ^~~~~~~~~~~~~~~~~~
    system.h:200:29: warning: ‘struct seccomp_notif’ declared inside parameter list will not be visible outside of this definition or declaration
     int sys_notify_alloc(struct seccomp_notif **req,
                                 ^~~~~~~~~~~~~
    system.h:202:39: warning: ‘struct seccomp_notif’ declared inside parameter list will not be visible outside of this definition or declaration
     int sys_notify_receive(int fd, struct seccomp_notif *req);
                                           ^~~~~~~~~~~~~
    system.h:203:39: warning: ‘struct seccomp_notif_resp’ declared inside parameter list will not be visible outside of this definition or declaration
     int sys_notify_respond(int fd, struct seccomp_notif_resp *resp);
                                           ^~~~~~~~~~~~~~~~~~
    system.c:472:5: error: conflicting types for ‘sys_notify_alloc’
     int sys_notify_alloc(struct seccomp_notif **req,
         ^~~~~~~~~~~~~~~~
    In file included from system.c:29:0:
    system.h:200:5: note: previous declaration of ‘sys_notify_alloc’ was here
     int sys_notify_alloc(struct seccomp_notif **req,
         ^~~~~~~~~~~~~~~~
    system.c:517:5: error: conflicting types for ‘sys_notify_receive’
     int sys_notify_receive(int fd, struct seccomp_notif *req)
         ^~~~~~~~~~~~~~~~~~
    In file included from system.c:29:0:
    system.h:202:5: note: previous declaration of ‘sys_notify_receive’ was here
     int sys_notify_receive(int fd, struct seccomp_notif *req);
         ^~~~~~~~~~~~~~~~~~
    system.c:538:5: error: conflicting types for ‘sys_notify_respond’
     int sys_notify_respond(int fd, struct seccomp_notif_resp *resp)
         ^~~~~~~~~~~~~~~~~~
    In file included from system.c:29:0:
    system.h:203:5: note: previous declaration of ‘sys_notify_respond’ was here
     int sys_notify_respond(int fd, struct seccomp_notif_resp *resp);
         ^~~~~~~~~~~~~~~~~~
    make[3]: *** [libseccomp_la-system.lo] Error 1
    make[2]: *** [all-recursive] Error 1
    make[1]: *** [all-recursive] Error 1
    make: *** [all] Error 2

  This is due to new commit dee17d0 ("system: use notification structs
  from include/seccomp.h") which removes definitions of some structs and
  makes use of the definitions in include/seccomp.h instead. However,
  these structs have only been added with kernel commit 6a21cc50f0c7
  ("seccomp: add a return code to trap to userspace") that was included
  in v5.0, so anything older than focal does not have them. The
  configure script checks whether the seccomp.h header is present but
  does not check whether it actually includes the necessary struct
  definitions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/2125202/+subscriptions