From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : in-reply-to : references : date : message-id : content-type : content-transfer-encoding : mime-version; s=pp1; bh=JiYhMuiiucU5kDJiERf6XtwXL18GmfG3QI8EwBpMP9E=; b=q3fJRa8FZDj4pcZGzjEU7dlO/NKGUeTd+awCOlM2ZpKnZNYkOGsUTmfNH1IHLDpUMclh 0jAWP3faLseENCAqb6e/e60f/28HfkqMnImzTbZAi/yRKWPJwIypKdC2H322Gm7O8Tuy Sl6u4coGBvijrHa6nq/6f8rTpJNOic838+qGfMqQxJNcY9jSeeYTl7KFqfNLs1t3YpJP GKXq8GztMkcmCO8q0ModDVEDiIrE3bt2UVODtRX/wrKpWqm9KpX/NdJWKhN3w2vVOC7m Fc7a/Co/f+RiBizWKewF/798Xe5OlJ/xaPnQZCX9XtGeZ0h8jNSEBw/aID/02H56biCv Bg== From: Marc Hartmayer In-Reply-To: References: <20221125143946.27717-1-mhartmay@linux.ibm.com> <87lenvjvxo.fsf@linux.ibm.com> Date: Thu, 01 Dec 2022 10:44:01 +0100 Message-ID: <87y1rr31cu.fsf@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [Virtio-fs] [PATCH] virtiofsd: Add `sigreturn` to the seccomp whitelist List-Id: Development discussions about virtio-fs List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: German Maglione Cc: qemu-devel@nongnu.org, Stefan Liebler , virtio-fs@redhat.com, Christian Borntraeger , qemu-s390x , Sven Schnelle , Stefan Hajnoczi German Maglione writes: > On Mon, Nov 28, 2022 at 10:00 AM Marc Hartmayer = wrote: >> >> German Maglione writes: >> >> > On Fri, Nov 25, 2022 at 3:40 PM Marc Hartmayer wrote: >> >> >> >> The virtiofsd currently crashes on s390x. This is because of a >> >> `sigreturn` system call. See audit log below: >> >> >> >> type=3DSECCOMP msg=3Daudit(1669382477.611:459): auid=3D4294967295 uid= =3D0 gid=3D0 ses=3D4294967295 subj=3Dsystem_u:system_r:virtd_t:s0-s0:c0.c10= 23 pid=3D6649 comm=3D"virtiofsd" exe=3D"/usr/libexec/virtiofsd" sig=3D31 ar= ch=3D80000016 syscall=3D119 compat=3D0 ip=3D0x3fff15f748a code=3D0x80000000= AUID=3D"unset" UID=3D"root" GID=3D"root" ARCH=3Ds390x SYSCALL=3Dsigreturn >> >> >> >> Signed-off-by: Marc Hartmayer >> >> --- >> >> tools/virtiofsd/passthrough_seccomp.c | 1 + >> >> 1 file changed, 1 insertion(+) >> >> >> >> diff --git a/tools/virtiofsd/passthrough_seccomp.c b/tools/virtiofsd/= passthrough_seccomp.c >> >> index 888295c073de..0033dab4939e 100644 >> >> --- a/tools/virtiofsd/passthrough_seccomp.c >> >> +++ b/tools/virtiofsd/passthrough_seccomp.c >> >> @@ -110,6 +110,7 @@ static const int syscall_allowlist[] =3D { >> >> #endif >> >> SCMP_SYS(set_robust_list), >> >> SCMP_SYS(setxattr), >> >> + SCMP_SYS(sigreturn), >> >> SCMP_SYS(symlinkat), >> >> SCMP_SYS(syncfs), >> >> SCMP_SYS(time), /* Rarely needed, except on static builds */ >> >> -- >> >> 2.34.1 >> >> >> >> _______________________________________________ >> >> Virtio-fs mailing list >> >> Virtio-fs@redhat.com >> >> https://listman.redhat.com/mailman/listinfo/virtio-fs >> >> >> > >> > Reviewed-by: German Maglione >> >> Thanks. >> >> > >> > Should we add this also in the rust version?, I see we don't have it >> > enabled either. >> >> Yep - thanks. > > Could you test this MR to see if it is ok? > https://gitlab.com/virtio-fs/virtiofsd/-/merge_requests/144 I couldn=E2=80=99t reproduce the problem using the Rust version - even with= out your patch. With your patch applied it=E2=80=99s (of course) still working. > > Thanks, > > --=20 > German > --=20 Kind regards / Beste Gr=C3=BC=C3=9Fe Marc Hartmayer IBM Deutschland Research & Development GmbH Vorsitzender des Aufsichtsrats: Gregor Pillen=20 Gesch=C3=A4ftsf=C3=BChrung: David Faller Sitz der Gesellschaft: B=C3=B6blingen Registergericht: Amtsgericht Stuttgart, HRB 243294