From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS17314 8.43.84.0/22 X-Spam-Status: No, score=-4.2 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, MSGID_FROM_MTA_HEADER,RCVD_IN_DNSWL_HI,SPF_HELO_PASS,SPF_PASS, UNPARSEABLE_RELAY shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 34C2B1F8C6 for ; Tue, 27 Jul 2021 10:49:20 +0000 (UTC) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 1F5BF398200D for ; Tue, 27 Jul 2021 10:49:19 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1F5BF398200D DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1627382959; bh=QBeDx+T42mpQ40cpiN9Q1zG+KjnsyOH3WAwQwl4uHZQ=; h=Date:To:Subject:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=hyvbsKMJnFhOUv2mzfvTf4g10z0MxeQ8fhUGxdfe87OrOc+nLWJmg11cdeR5EQ2iN qZ1NFFoloQCm5/URWRZtx5zyu/paETNJNvsgLoZ0GdPlYDaJoElpclAqkG7dPN0ZiO 4iVtIfEtbdlWMc0iQBRZcnJ/MHSw08e1cVyuUxpA= Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-ve1eur02on0615.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe06::615]) by sourceware.org (Postfix) with ESMTPS id 1B9A23982013 for ; Tue, 27 Jul 2021 10:48:41 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 1B9A23982013 Received: from AS8PR05CA0011.eurprd05.prod.outlook.com (2603:10a6:20b:311::16) by AM6PR08MB3366.eurprd08.prod.outlook.com (2603:10a6:20b:47::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.25; Tue, 27 Jul 2021 10:48:38 +0000 Received: from AM5EUR03FT005.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:311:cafe::50) by AS8PR05CA0011.outlook.office365.com (2603:10a6:20b:311::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.26 via Frontend Transport; Tue, 27 Jul 2021 10:48:38 +0000 X-MS-Exchange-Authentication-Results: spf=temperror (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; sourceware.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;sourceware.org; dmarc=temperror action=none header.from=arm.com; Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout) Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT005.mail.protection.outlook.com (10.152.16.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.24 via Frontend Transport; Tue, 27 Jul 2021 10:48:36 +0000 Received: ("Tessian outbound 31e6e3649d31:v100"); Tue, 27 Jul 2021 10:48:36 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: d9238b6ea43bf166 X-CR-MTA-TID: 64aa7808 Received: from 90450eeb1e6f.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id B61129A5-712F-42A4-B3DC-E21C536B6990.1; Tue, 27 Jul 2021 10:48:20 +0000 Received: from EUR03-AM5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 90450eeb1e6f.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 27 Jul 2021 10:48:20 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BrDOcyXNKVvp9DNJygQCBSxxRv72gWM+is8QIsKnd8lw7cGw+tZwlGSKebPg08GmtVI/WAtMhnWqi0w4y+yU2g5Ng5bjbRyCy4Bm7CQHjYfpWtRgLOQRKoWckRHkgVsqqKtK5jOxMEZadCSUPfDYYf4Pb/vRYf5X+/jQ3KXJpNnaCK0SAwFFjeK3l55R59V+vVCJO7EQ7NAaIxFAkvUAmW1/UXX9vsGWl5xoQc4duiQZLQrpprC74Tpgh3wag9MaGMCq/wuSqYfX0NYFVXI73PCgO9CjnnHztmgicFC57gNew1gDxi3nEakpG4r41ryh4swLeQbdryg/ASRp5TID6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QBeDx+T42mpQ40cpiN9Q1zG+KjnsyOH3WAwQwl4uHZQ=; b=NT9eG07YRM58dEnJ48Kw5QIvS+7EZDfF7hVFe9JEjtoOm0FrqCqv5BwlncE3IINn9TO37ME/zP04YFuiDQ/F1YkB4eU433JxOQ9H37ynsLgH0dr6VqvDkTTwcWShbw/+OfNMH1aN9+ddEomHaqL8Ch5NBuLM3Px/3GlHb30FLVpx52TaiQJe2RyCnsAECIJXDY60nCLUMwrdomnpphg1PDuK53B0syEROdhqZU1oc0VqJKwrspkG1GA6Hhfz2uJ5ZWAy8pLZEE7aOJ9KMzXqWhpQeYeyxAFMJ+OIBzLI/QonyDNCXnkZMa3eUsazDlvyz4+mAKLJwE5FZUguoHGw2Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none Authentication-Results-Original: cyphar.com; dkim=none (message not signed) header.d=none;cyphar.com; dmarc=none action=none header.from=arm.com; Received: from PA4PR08MB6320.eurprd08.prod.outlook.com (2603:10a6:102:e5::9) by PA4PR08MB6109.eurprd08.prod.outlook.com (2603:10a6:102:e2::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.25; Tue, 27 Jul 2021 10:48:19 +0000 Received: from PA4PR08MB6320.eurprd08.prod.outlook.com ([fe80::ac83:9f8b:1a5:2c33]) by PA4PR08MB6320.eurprd08.prod.outlook.com ([fe80::ac83:9f8b:1a5:2c33%6]) with mapi id 15.20.4352.031; Tue, 27 Jul 2021 10:48:19 +0000 Date: Tue, 27 Jul 2021 11:48:16 +0100 To: Aleksa Sarai Subject: Re: RFC: Disable clone3 for glibc 2.34 Message-ID: <20210727104816.GC14854@arm.com> References: <87eebkf8ph.fsf@oldenburg.str.redhat.com> <87y29sdsui.fsf@oldenburg.str.redhat.com> <20210727092416.layfgqi6auudbpgc@wittgenstein> <20210727094117.jid7shl7futsciih@wittgenstein> <20210727102222.r2hys526mfkpt4xo@senku> Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20210727102222.r2hys526mfkpt4xo@senku> User-Agent: Mutt/1.9.4 (2018-02-28) X-ClientProxiedBy: LO2P265CA0469.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a2::25) To PA4PR08MB6320.eurprd08.prod.outlook.com (2603:10a6:102:e5::9) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from arm.com (217.140.106.55) by LO2P265CA0469.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a2::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.17 via Frontend Transport; Tue, 27 Jul 2021 10:48:18 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: fdc13df1-69f4-4a81-e611-08d950ec1670 X-MS-TrafficTypeDiagnostic: PA4PR08MB6109:|AM6PR08MB3366: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:8882;OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: DAWLs2ckWHMub8zN5U6hCDqCOX0icC8blvFVOpNzULJKuA3i7Kap8Y1FjDmJVHdAgV+tOO+kz4T04ctwOmdiiD1VowVNRw9PlOz34Q4YPU/3LJmQLhwpzkx5LM/lyaTdZY3/5n+xuJrwn7cgfm7DnuHuwBofpJAwLZSq4o3hHCAwW0DEJ9PG5fxNDvoQ2xV1BsL5++g5sgt59GXS3q2ubtDsRyg+kW1fepUxZjS7VfdKRdzFL0UtEeaeX3O1F96b2ZjUmpKEbjQ+9jyonhL8lj8eBWxU5ScBh0yXGAKAb0djwQuuEe/zjhx8xcpjCr4Sp9fbmbMUVud5A7oLZZscc1ViROw8dPvLG5eqJjUwD66M/PwEYt75BHmvbJ8lxj+N6cKeg6t/njfEii3YZ8rexUtYoXBFvQzK7ryKNSHYBajV3SWux/7Hs5H3z0BRvyco13VvJ0klz3qo6++RED89PenBSuRo3FKXfZysuPPhEvrj2+qLgLSaGvyOfEDOm7f9VfWAKk6Mijlz6oODooqIVFdl2Cycj6P1c03aPfXzOlzWdGBdwqNdLHwR9R0GrI+dp0XjbtAOaoTALUYbxDTV39fXk8icCUk27z0JBqDCVjAcFBrt5YcoF8/wl7nyOP4FA8gIEe+9t/ajE1DCa3FUUK0VYR90VjXAXtH0Hkar1H9wlyuA82IiduP1MUM2yki0fBT/AvzqCW5yCUGVB7hK3Q== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PA4PR08MB6320.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(39860400002)(396003)(346002)(376002)(366004)(1076003)(55016002)(8936002)(52116002)(186003)(7696005)(8886007)(26005)(478600001)(2906002)(316002)(66946007)(8676002)(44832011)(86362001)(6916009)(54906003)(5660300002)(4326008)(38100700002)(36756003)(956004)(38350700002)(66556008)(33656002)(66476007)(2616005); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?RFp3N0h2UFpVYWgzUUZYaHZHTEtSK2IrYUYvamVMK280UUp2YXRzWnh2K29u?= =?utf-8?B?aityNS9veFpORlJHOVRneHNnczQyVzluSHorY1VtcEVvTERBbi9KY2JwZTQy?= =?utf-8?B?QTE1R0kzRWhna0RIVVNmUUZZNWJ6Rk9EdDNJbFc1TEozM2tqOTA5ZWlZblBS?= =?utf-8?B?ZWJKWTgyL3RXajFJN3JjUWQxN1NIaFpCcndwZFdlcTJ4dTRobnA2MjVieWlL?= =?utf-8?B?KzBKTmEvcitrbVFNUUxZRjFyQ01GaWxFYkd1NzJOVE15MFJkakUxdUhIT3ZD?= =?utf-8?B?TVcxUmZuS3VHb1pXRk5QU2w2V3VJTVdEZTIvWTFKM05VaTY1ZUFXY1AvMnp0?= =?utf-8?B?WURpL1hML3QrNnVvVEVOb2FtbktmMm5ya1k2bnNwb2djOHIwRU0wcnJEVzVC?= =?utf-8?B?bXRCMUxHS1loMlBOL0VkTXVYVXZ4ZUdyY09IMU93NFNHaEtDRm12VXpwVzNu?= =?utf-8?B?cGJCTWxQRjJxZ1R0aWt1MU45WDlReDlTaU56dFBzYTZJT3dvTEFmN2V4SUNJ?= =?utf-8?B?NnkvZFVhUFYvOVF2dElPRUlzY285RjVYY0xVUWZ3RytocHRoU3pKalhWMzFi?= =?utf-8?B?b2p1dmxmWUhFYUI3clhWcGx3Z0EyT3E5YWFtUHFObHRHTVZiV0FhUHRmN21n?= =?utf-8?B?bFJ1OWErNEdRZmRETy9mU2hDMStZM2dtUjh2VFFmcklMWjBmOURJcml0dW1T?= =?utf-8?B?SDBFU245czhYLzhVRFVBeFRpWXNza3NIM1d1RXArR05YS1ZwdUdteVhOWW1X?= =?utf-8?B?Qmd4S0ZQQ2tablBjUGdGaENLd0JWdkkzWmVDcTB1dHRmcjZ4NjdpS2srcFFi?= =?utf-8?B?bTFoSG15M2V4Z3dCeENRYmhTY0g3cDRiS2kxNVBkcE1QOEN1WnVPTlJwYldI?= =?utf-8?B?ZWJrWFZjZDNsQnRPcTdUSEQzUUFnWUZ2UXpLdjR0cFQ2M2NzbVk3bk91L1g5?= =?utf-8?B?NHFYa0Rod3NOZStjakZrMk5VNlJ3RHVOUE81L0pkVXdrMDc1SXY0c21iblNk?= =?utf-8?B?YnVpbmxzUjNuMzNIZ3ZMZkQzaGhCaCtlZXFScG9JUEZhQ1grMWJUdTlHeUxa?= =?utf-8?B?TWdOaVI2ckxtZDdtSGpyWVFsZ0puQzJCUEFVbFMxRjk0YXUyMTh0Q0JhZ1pE?= =?utf-8?B?Q1BzTjZiL0lSQUprTVVoOW00cThZbll0clZUelpheno0Z2h3UjhYUjFCOVBW?= =?utf-8?B?aHMwMjRqcFlTaTlYT2FoRnNJbmtYWVB6MzBJa1pOK0JxWis4ZlNIdmVVV0ty?= =?utf-8?B?OWtZZVFEZVp6di9BTEJoUi9vazF1WGVOUzV1Ynl4dE45aFhaaW8yWktCdnEz?= =?utf-8?B?NUo3L29TUUdISzNkZ1RpYk5PbmFrY3BWeHNsaXZXTDZMZWxNYUdWQnoxUmcy?= =?utf-8?B?RzM4ZWxDeTZhU3Jsd1ZrN3pPcHVLR0JWeklUMlhJNWVWYjVkSWVzT3RpWXpU?= =?utf-8?B?Nk4wUzBxZGdFOVZ0TXJMU2IybUUvWjJSeHFJQ2VZMXRLSXVBNlJXZkdJYXhL?= =?utf-8?B?Z1IvREw3ZnZncktYVnRSbElPS2hoK0Z5YzRXL2lwYWx6a3lRK3FtcWIvaWxR?= =?utf-8?B?N25rM29XT1dmRVp1QTFtcXh0Uzg2a2hQM1Zzb1BmWEJhMTR5SkRyakVmdFVF?= =?utf-8?B?Z3podjJFZkdGK2dTQTVlMU1xRHRlZjVPK0FGVzdQQWNHNjUvcTNDL2piNkMr?= =?utf-8?B?NkR5dGxldGdUSC9FMUV6MkVrMWdwS09VMnRVNlhDTnBEclNuMVEvQkV1d09T?= =?utf-8?Q?FDccz+3FL5wzd5RIXKoouEYjGulPI5hCr73iKPG?= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR08MB6109 Original-Authentication-Results: cyphar.com; dkim=none (message not signed) header.d=none;cyphar.com; dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT005.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: e094a4a1-6e93-4e68-4adc-08d950ec0b93 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: sZ+ilDZ/wsD4gKEln5Ye4VdFbnHRuAhcNbdBMtIh/ZzPn8xTgtyvKdZtXI0EgeZ43XsEF6JbCjM90eio/zIIlH3iO5c4q6BMlDRDaEKpj3bpdESSeCDOPj51tFEbaiQIf2h3CReP10lKaHGTE1ZLL6lAka68zmRZIZlDZt4hmzQ2rss/dwkOn+OnVTBXbRMEFUxsCZ3nxSEELlmThdMZxGlvpq+e0Nesnm1OrP6PsjSnG7O6irqjNCocyJV+g2Fi4FDQzdZAPlwwFb9NyQ/DkOHmyoMTcOxSKhN0iuXlaRyVFpCWfsvcQ7qgq76JKtSuXpgpWOXIcofxF9S6Yj9kT9tgWrrLdQmrEsFzUw51ZGRDcN5KxXiMFSV3l18HBS0zhjsEq3BFx68/ZsN2WkxBw9k63IezD/8GcZywv42oeQK1UNhX+XJHFP64oEIzh6/RpXP31rrRbEyIuDZJxvNtYwa3emh6iOWvn2q4u6Dk0dIz19EqqMtMgBSwxiI8T5lGH9kyiS2iTDKf7OgDHJdWrQvQjF9UP9+GUqK/akn0O0GwsMgytiPMek6Ahcl+XshutZWiYeYV+3DmBRdT6wLTACfMQH3n1KXDMqkTFq7PDIO7dZ/4azba9udwd4W3s+IGopxwfPnz8muUIxgd/puZioxyfc6vot9BCO55c3YyQifp4eJeIxx2ngQhek1ETzf6Dy2RbvnZpbGXEkBoxjwHJA== X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(396003)(39860400002)(376002)(346002)(136003)(46966006)(36840700001)(82310400003)(7696005)(33656002)(26005)(336012)(36860700001)(356005)(81166007)(8676002)(316002)(8886007)(956004)(478600001)(5660300002)(36756003)(44832011)(63350400001)(86362001)(63370400001)(2616005)(4326008)(47076005)(6862004)(186003)(2906002)(1076003)(54906003)(55016002)(8936002)(70206006)(70586007)(82740400003); DIR:OUT; SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jul 2021 10:48:36.7937 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fdc13df1-69f4-4a81-e611-08d950ec1670 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT005.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3366 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Szabolcs Nagy via Libc-alpha Reply-To: Szabolcs Nagy Cc: Florian Weimer , Christian Brauner , Florian Weimer via Libc-alpha Errors-To: libc-alpha-bounces+e=80x24.org@sourceware.org Sender: "Libc-alpha" The 07/27/2021 20:22, Aleksa Sarai wrote: > Yes, runc has had the -ENOSYS fallback behaviour for a few releases now. > > The way it works is that any syscall which has a larger syscall number > than any syscall specified in the filter will get -ENOSYS (this works > even if libseccomp is outdated). The only way you could get the -EPERM > behaviour with modern runc is if you write a seccomp profile that had > rules for newer syscalls (openat2 for instance) but not clone3 -- but > Docker doesn't do that. (The reason for this slightly convoluted > behaviour was to make sure that intentional omissions actually give you > -EPERM.) this sounds broken. it really should return ENOSYS unless a user specifically asked for a different errno value for a syscall. EPERM is just wrong. we will see random breakage in the future depending on what unrelated but newer syscalls users added to their whitelist. who thought this was a good idea? i can't believe this is still broken, this seccomp filter bug was reported ages ago.