Skip to content

SYS_open and SYS_mmap get denied by the seccomp filter #485

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Tracked by #1177
elradu opened this issue Sep 13, 2018 · 2 comments
Closed
Tracked by #1177

SYS_open and SYS_mmap get denied by the seccomp filter #485

elradu opened this issue Sep 13, 2018 · 2 comments
Labels
Priority: Low Indicates that an issue or pull request should be resolved behind issues or pull requests labelled `

Comments

@elradu
Copy link

elradu commented Sep 13, 2018

  • functional/test_api.py::test_api_patch_post_boot
  • functional/test_api.py::test_patch_drive

Fail because they get denied by seccomp filtering.
The offending syscalls are SYS_open and SYS_mmap.

More information about the argument values cannot be acquired because it is not logged by seccomp.
When tracing the syscall invocations of the integration test suite, all recorded rules were added accordingly to the default filter context. This implies that the two offending syscalls were not properly traced and thus there are no rules in place to allow them.

Temporary solution: allow SYS_open and SYS_mmap regardless of the argument values.
@andreeaflorescu andreeaflorescu added Quality: Improvement Priority: Low Indicates that an issue or pull request should be resolved behind issues or pull requests labelled ` labels Nov 20, 2018
@dianpopa dianpopa changed the title SYS_open and SYS_mmap with argument values outside traced values SYS_open and SYS_mmap get denied by the seccomp filter Nov 26, 2018
@raduweiss
Copy link
Contributor

Is this still happening?

This was referenced Jul 14, 2019
Closed
Closed
@alxiord
Copy link

alxiord commented Oct 10, 2019

open and mmap are allowed through the seccomp filter regardless of parameters and there is no plan to tighten conditions for them. Closing.

@alxiord alxiord closed this as completed Oct 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Priority: Low Indicates that an issue or pull request should be resolved behind issues or pull requests labelled `
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@alxiord @andreeaflorescu @raduweiss @elradu