From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS3215 2.6.0.0/16 X-Spam-Status: No, score=-4.2 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 1CDD11F8C6 for ; Thu, 29 Jul 2021 10:51:45 +0000 (UTC) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 12EDA3889C03 for ; Thu, 29 Jul 2021 10:51:44 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 12EDA3889C03 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1627555904; bh=FfqCCU8KtifGr5GSG9PFKcXslYtnbZArWGlrZvIlWSA=; h=To:Subject:References:Date:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=qsa6zQONuPXTtC88Br5y0Nj+6Zwfjf1WX87PddgeohayA3XrHvPEPaRkzD2dH7GhM a4kTVSNH8JB6TsY8YjcYdIV0459/fAHNWHVn5Ibzgsn0ZjWCCUdXg8KhJpRz2G7Kei e+BM/sY5OB3kBrK6EQ1hsC60V9lBLDS8f7Y8ys9A= Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTP id 92F83385500C for ; Thu, 29 Jul 2021 10:50:44 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 92F83385500C Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-180-31uS46zmOsq1PZIAws0VCw-1; Thu, 29 Jul 2021 06:50:41 -0400 X-MC-Unique: 31uS46zmOsq1PZIAws0VCw-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C2CD7760C0; Thu, 29 Jul 2021 10:50:40 +0000 (UTC) Received: from oldenburg.str.redhat.com (ovpn-112-7.ams2.redhat.com [10.36.112.7]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9D1365D6B1; Thu, 29 Jul 2021 10:50:39 +0000 (UTC) To: Aleksa Sarai Subject: Re: RFC: Disable clone3 for glibc 2.34 References: <87eebkf8ph.fsf@oldenburg.str.redhat.com> <87y29sdsui.fsf@oldenburg.str.redhat.com> <20210727092416.layfgqi6auudbpgc@wittgenstein> <20210727094117.jid7shl7futsciih@wittgenstein> <20210727102222.r2hys526mfkpt4xo@senku> <20210727104816.GC14854@arm.com> <20210729085608.6n6hxithibfsdslj@senku> Date: Thu, 29 Jul 2021 12:50:37 +0200 In-Reply-To: <20210729085608.6n6hxithibfsdslj@senku> (Aleksa Sarai's message of "Thu, 29 Jul 2021 18:56:08 +1000") Message-ID: <87lf5p2y2q.fsf@oldenburg.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Florian Weimer via Libc-alpha Reply-To: Florian Weimer Cc: Szabolcs Nagy , Christian Brauner , Florian Weimer via Libc-alpha Errors-To: libc-alpha-bounces+e=80x24.org@sourceware.org Sender: "Libc-alpha" * Aleksa Sarai: > If you update your syscall profile without knowing what you're doing, > things will break. That will always be the case. But with the current syscall number dependency, this is jusy *way* too hard. Who would think that adding close_range (#436) to the policy would switch clone3 (#435) from ENOSYS to ENOPERM? I realized that Github actually provides a way to report image bugs, so I filed: Docker seccomp policy incompatible with glibc 2.34 Thanks, Florian