git.eshelyaron.com Git - emacs.git/commit

author	Paul Eggert <eggert@cs.ucla.edu>
	Mon, 10 Oct 2022 19:35:56 +0000 (12:35 -0700)
committer	Paul Eggert <eggert@cs.ucla.edu>
	Mon, 10 Oct 2022 19:36:38 +0000 (12:36 -0700)
commit	345de32a5db8ef165feeda77c99ce56e4d6e911c
tree	6ad41cbca2e50dfaaa7fdc20609e46440795b557	tree \| snapshot
parent	8851a75ca7642ce071a23c24a81e22e443be0b05	commit \| diff

Port bwrap/allows-stdout test to Ubuntu 22.04.1

Without this patch, Ubuntu 22.04.1 x86-64 "make check" reports a
failure in test/src/emacs-tests.el’s
emacs-tests/bwrap/allows-stdout.  One can reproduce the bug
without using the Emacs executable, by running this script:

  #!/bin/bash
  export LC_ALL=C
  exec strace -f -o /tmp/tr bwrap --ro-bind / / --seccomp 20 -- \
    cat /dev/null 20< lib-src/seccomp-filter-exec.bpf

This script exits with status 159, because "cat" didn’t get
started (it got a SIGSYS signal early on).

The command "journalctl -g SECCOMP" indicated that rseq (syscall
334) was the problem.  This syscall is issued by
/lib64/ld-linux-x86-64.so.2 before ‘main’ is called.

There’s another problem with the clone3 syscall, which is used by
pthread_create starting in glibc 2.34.  pthread_create is called
by g_child_watch_source_new, which is called by
init_process_emacs.

* lib-src/seccomp-filter.c (main): Allow rseq, clone3.  This
causes the test to pass.  Perhaps a fancier, more accurate patch
could be written by someone who has the time.