From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS17314 8.43.84.0/22 X-Spam-Status: No, score=-3.8 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, PDS_RDNS_DYNAMIC_FP,RCVD_IN_DNSWL_HI,RDNS_DYNAMIC,SPF_HELO_PASS, SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from sourceware.org (ip-8-43-85-97.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id D59A11F8C6 for ; Tue, 27 Jul 2021 09:11:46 +0000 (UTC) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 947733839826 for ; Tue, 27 Jul 2021 09:11:45 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 947733839826 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1627377105; bh=KjvNmk6P5H4pFYgZq3Ha6/zF+/DcS3f/dkfHt43etK8=; h=To:Subject:References:Date:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=BEWDUKzdB3Wy5E3zVd52+0dI13P3nAJ5UyA43Kyth0Rakn65XSnSLZMDdw201fvnq f3QDKzYWXyDnUG5N8Vi0tOHKnHBA4X59c/duNrjmibHCKJqRPw5JKWWmkfH+O/nsb2 3sp+PSZFJvU/pQvny2qbtljXQ8kJGNYB+NDDy1gg= Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTP id CF93A3877439 for ; Tue, 27 Jul 2021 09:11:25 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org CF93A3877439 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-160-u1Sc7Le4NsKfQCtpxgIxdg-1; Tue, 27 Jul 2021 05:11:21 -0400 X-MC-Unique: u1Sc7Le4NsKfQCtpxgIxdg-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4D6991006C82 for ; Tue, 27 Jul 2021 09:11:20 +0000 (UTC) Received: from oldenburg.str.redhat.com (ovpn-112-7.ams2.redhat.com [10.36.112.7]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A55F460657 for ; Tue, 27 Jul 2021 09:11:19 +0000 (UTC) To: Florian Weimer via Libc-alpha Subject: Re: RFC: Disable clone3 for glibc 2.34 References: <87eebkf8ph.fsf@oldenburg.str.redhat.com> Date: Tue, 27 Jul 2021 11:11:17 +0200 In-Reply-To: <87eebkf8ph.fsf@oldenburg.str.redhat.com> (Florian Weimer via Libc-alpha's message of "Tue, 27 Jul 2021 10:43:22 +0200") Message-ID: <87y29sdsui.fsf@oldenburg.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Florian Weimer via Libc-alpha Reply-To: Florian Weimer Errors-To: libc-alpha-bounces+e=80x24.org@sourceware.org Sender: "Libc-alpha" * Florian Weimer via Libc-alpha: > Reportedly, the docker package in Ubuntu as used by Github Actions and > others does not provide a way to enable the clone3 system call. It > always fails with EPERM. > > Should we apply a patch like this for the release? > > diff --git a/sysdeps/unix/sysv/linux/clone-internal.c b/sysdeps/unix/sysv/linux/clone-internal.c > index 1e7a8f6b35..4046c81180 100644 > --- a/sysdeps/unix/sysv/linux/clone-internal.c > +++ b/sysdeps/unix/sysv/linux/clone-internal.c > @@ -48,17 +48,6 @@ __clone_internal (struct clone_args *cl_args, > int (*func) (void *arg), void *arg) > { > int ret; > -#ifdef HAVE_CLONE3_WAPPER > - /* Try clone3 first. */ > - int saved_errno = errno; > - ret = __clone3 (cl_args, sizeof (*cl_args), func, arg); > - if (ret != -1 || errno != ENOSYS) > - return ret; > - > - /* NB: Restore errno since errno may be checked against non-zero > - return value. */ > - __set_errno (saved_errno); > -#endif > > /* Map clone3 arguments to clone arguments. NB: No need to check > invalid clone3 specific bits in flags nor exit_signal since this > > My concern with this is that we don't know yet where the CET kernel API > will land exactly and if CET will require clone3. So clone3 might have > to come back once we turn on CET, which is hopefully soon. Ubuntu 20.04 LTS may have already been fixed, I cannot reproduce the issue with its docker.io/containerd/runc packages. I could trivially fix a previously failing Github Action with: diff --git a/.github/workflows/fedora.yml b/.github/workflows/fedora.yml index d2381ec..7b10286 100644 --- a/.github/workflows/fedora.yml +++ b/.github/workflows/fedora.yml @@ -22,6 +22,7 @@ jobs: runs-on: ubuntu-latest container: image: fedora:${{matrix.release}} + options: --security-opt seccomp=unconfined steps: - name: Checkout repository So I think we need to figure out what people are actually complaining about. Thanks, Florian