Bug#933803: udev: seccomp filter blocks wrong syscalls
Marc Lehmann
schmorp at schmorp.de
Sat Aug 3 22:35:40 BST 2019
On Sat, Aug 03, 2019 at 07:58:15PM +0200, Michael Biebl <biebl at debian.org> wrote:
> > forbids (among other things) syscall 45 for all architectures - syscall 45
> > is recvfrom on amd64, but brk on i386, and dash unsurprisingly calls brk
> > for memory management.
>
> systemd-udevd.service uses
> SystemCallArchitectures=native
>
> https://www.freedesktop.org/software/systemd/man/systemd-system.conf.html#SystemCallArchitectures=
>
> So what you see is expected.
>
> With an exotic setup like yours, you should probably disable
> SystemCallArchitectures via a drop-in config file.
Are you sure this only affects exotic setups? udev running scripts by
other packages mean almost anything can be executed, and multi-arch in
itself isn't very exotic.
IT's not udev itself that is failing to work, it's other packages that
integrate into udev.
> > I think udev should either have some strict dependencies or
> > anti-dependencies
>
> I have no idea what you mean by that. Could you elaborate?
If udev doesn't support multi-arch, it should somehow ensure you
can't install additional architectures, given that doing so can wreck your
system. Basically, this bug in udev forces users to check every package they
install from "another" achitecture for udev integration and compatibility.
I don't think this is reasonable - udev integration should be an
implementation detail of a package, not something an end-user needs to
care about.
--
The choice of a Deliantra, the free code+content MORPG
-----==- _GNU_ http://www.deliantra.net
----==-- _ generation
---==---(_)__ __ ____ __ Marc Lehmann
--==---/ / _ \/ // /\ \/ / schmorp at schmorp.de
-=====/_/_//_/\_,_/ /_/\_\
More information about the Pkg-systemd-maintainers
mailing list