[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#56359: seccomp test failures on RHEL 9.0
From: |
Philipp Stephani |
Subject: |
bug#56359: seccomp test failures on RHEL 9.0 |
Date: |
Sat, 16 Jul 2022 12:50:01 +0200 |
> Am 16.07.2022 um 01:35 schrieb Glenn Morris <rgm@gnu.org>:
>
> Philipp Stephani wrote:
>
>> Does the attached patch fix the issue?
>
> Not entirely. I have to also allow "clone3", then it passes.
Hmm, I'm not sure we should allow clone3 unconditionally since it can do lots
of things, and I'd expect that its capabilities will only grow over time. OTOH,
BPF (or at least the libseccomp library) don't support pointer indirections
which would be needed to inspect the structure fields. See
https://lwn.net/Articles/822256/.
Any opinions?