group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #39311
[Bug 1891810] Re: Backport 2.5.1 to fix missing openat2 syscall, causing problems for fuse-overlayfs in nspawn containers
This bug was fixed in the package libseccomp - 2.5.1-1ubuntu1~16.04.1
---------------
libseccomp (2.5.1-1ubuntu1~16.04.1) xenial; urgency=medium
* Updated to new upstream 2.5.1 version for updated syscalls support
(LP: #1891810)
- Removed the following patches that are now included in the new version:
+ d/p/fix-aarch64-syscalls.patch
+ d/p/db-consolidate-some-of-the-code-which-adds-rules.patch
+ d/p/db-add-shadow-transactions.patch
- Deleted the patch to add a local copy of architecture specific header
files from linux-libc-dev/focal as this is not needed anymore
+ d/p/add-5.4-local-syscall-headers.patch
- debian/control: Added gperf to Build-Depends as this is now required
by upstream
- debian/libseccomp2.symbols: Added new symbols
* Add system call headers for powerpc required for backport to xenial
- d/p/add-5.8-powerpc-syscall-headers.patch
-- Alex Murray <alex.murray@xxxxxxxxxxxxx> Mon, 01 Mar 2021 13:50:00
+1030
** Changed in: libseccomp (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1891810
Title:
Backport 2.5.1 to fix missing openat2 syscall, causing problems for
fuse-overlayfs in nspawn containers
Status in libseccomp package in Ubuntu:
Fix Released
Status in systemd package in Ubuntu:
Fix Released
Status in libseccomp source package in Xenial:
Fix Released
Status in systemd source package in Xenial:
Invalid
Status in libseccomp source package in Bionic:
Fix Released
Status in systemd source package in Bionic:
Fix Committed
Status in libseccomp source package in Focal:
Fix Released
Status in systemd source package in Focal:
Fix Released
Status in libseccomp source package in Groovy:
Fix Released
Status in systemd source package in Groovy:
Fix Released
Status in libseccomp source package in Hirsute:
Fix Released
Status in systemd source package in Hirsute:
Fix Released
Bug description:
[Impact]
The version of libseccomp2 in X/B/F/G does not know about the openat2
syscall. As such applications that use libseccomp cannot specify a
system-call filter against this system-call and so it cannot be
mediated.
[Test Plan]
This can be tested by simply running scmp_sys_resolver from the
seccomp binary package and specifying this system-call:
Existing behaviour:
$ scmp_sys_resolver openat2
-1
Expected behaviour:
$ scmp_sys_resolver openat2
437
(Note this value will be different on other architectures)
[Where problems could occur]
In version 2.5.1 of libseccomp which adds this new system-call,
changes were also made in the way the socket system-call is handled by
libseccomp on PPC platforms - this resulted in a change in the
expected behaviour and so this has already been noticed and a fix is
required for the systemd unit tests as a result
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1918696
There was also a similar change for s390x but so far no regressions
have been observed as a result as systemd already expected that
behaviour from libseccomp, it was only PPC that was missing.
In the event that a regression is observed however, we can easily
either patch the affected package to cope with the new behaviour of
this updated libseccomp since in each case the change in behaviour
only affects a few system calls on particular architectures, or we can
revert this update.
[Other Info]
* As usual thorough testing of this update has been performed both
manually via the QA Regression Testing scripts, and via the
autopkgtest infrastructure against packages in the Ubuntu Security
Proposed PPA https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/ with results seen
https://people.canonical.com/~platform/security-britney/current/
I have attached debdiffs of the prepared updates which are also
sitting in the Ubuntu Security Proposed PPA.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1891810/+subscriptions