From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS17314 8.43.84.0/22 X-Spam-Status: No, score=-3.3 required=3.0 tests=AWL,BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,PDS_RDNS_DYNAMIC_FP, RCVD_IN_DNSWL_MED,RDNS_DYNAMIC,SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from sourceware.org (ip-8-43-85-97.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id AE3071F8C6 for ; Fri, 30 Jul 2021 12:17:16 +0000 (UTC) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id C78083945053 for ; Fri, 30 Jul 2021 12:17:15 +0000 (GMT) Received: from mout-p-101.mailbox.org (mout-p-101.mailbox.org [IPv6:2001:67c:2050::465:101]) by sourceware.org (Postfix) with ESMTPS id 7C1193945C0E for ; Fri, 30 Jul 2021 12:16:32 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 7C1193945C0E Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=cyphar.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=cyphar.com Received: from smtp1.mailbox.org (smtp1.mailbox.org [IPv6:2001:67c:2050:105:465:1:1:0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4GbmbM32wszQk3W; Fri, 30 Jul 2021 14:16:31 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp1.mailbox.org ([80.241.60.240]) by spamfilter05.heinlein-hosting.de (spamfilter05.heinlein-hosting.de [80.241.56.123]) (amavisd-new, port 10030) with ESMTP id txK7wq_WGWTS; Fri, 30 Jul 2021 14:16:25 +0200 (CEST) Date: Fri, 30 Jul 2021 22:16:17 +1000 From: Aleksa Sarai To: Florian Weimer Subject: Re: RFC: Disable clone3 for glibc 2.34 Message-ID: <20210730121617.hroekeifiexefqrn@senku> References: <87eebkf8ph.fsf@oldenburg.str.redhat.com> <87y29sdsui.fsf@oldenburg.str.redhat.com> <20210727092416.layfgqi6auudbpgc@wittgenstein> <20210727094117.jid7shl7futsciih@wittgenstein> <20210727102222.r2hys526mfkpt4xo@senku> <20210727104816.GC14854@arm.com> <20210729085608.6n6hxithibfsdslj@senku> <87lf5p2y2q.fsf@oldenburg.str.redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="dyg4old6yshdj3oj" Content-Disposition: inline In-Reply-To: <87lf5p2y2q.fsf@oldenburg.str.redhat.com> X-Rspamd-Queue-Id: 294BE1898 X-Rspamd-UID: 50d159 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Szabolcs Nagy , Christian Brauner , Florian Weimer via Libc-alpha Errors-To: libc-alpha-bounces+e=80x24.org@sourceware.org Sender: "Libc-alpha" --dyg4old6yshdj3oj Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2021-07-29, Florian Weimer wrote: > * Aleksa Sarai: >=20 > > If you update your syscall profile without knowing what you're doing, > > things will break. That will always be the case. >=20 > But with the current syscall number dependency, this is jusy *way* too > hard. Who would think that adding close_range (#436) to the policy > would switch clone3 (#435) from ENOSYS to ENOPERM? Yeah, I expected that the Docker folks would've been aware of this when updating the profile (the maintainers were aware of the runc change at the time) so it does seem this is a bit too complicated... I think changing this to one of the older versions of the feature I had (only EPERM for syscalls that were present in Linux 3.0) is probably less likely to cause confusion, until we have the whole minimum kernel version infrastructure I mentioned. --=20 Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH --dyg4old6yshdj3oj Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQSxZm6dtfE8gxLLfYqdlLljIbnQEgUCYQPtjgAKCRCdlLljIbnQ Eq7wAQDgjjvUgGHGG9lQg+2T98YIr7djfM7KHYG7lJXhCxecjQEAngIXk6eUkOJr s4pB0LNj8TKbDdRO6244ONmIt8vdIAk= =VNtz -----END PGP SIGNATURE----- --dyg4old6yshdj3oj--