seccomp: Allow personality with UNAME26 bit set.#32965
Conversation
From personality(2):
Have uname(2) report a 2.6.40+ version number rather than a 3.x version
number. Added as a stopgap measure to support broken applications that
could not handle the kernel version-numbering switch from 2.6.x to 3.x.
This allows both "UNAME26|PER_LINUX" and "UNAME26|PER_LINUX32".
Fixes: moby#32839
Signed-off-by: Ian Campbell <[email protected]>
|
ping @justincormack PTAL |
|
powerpc failure is: Unlikely to be due to this change I think. |
|
Why? And does this do any other kind of emulation? |
|
Why does |
User was tripping over this in #32839, I suppose they only just upgraded from Jessie to Stretch now that Stretch is deeply frozen. In Jessie AIUI seccomp is not enabled in our packages so they wouldn't have noticed this.
I checked in 4.9.25 and it is used solely to fudge the result of uname.
It's not |
|
@ijc25 yeah powerpc failure not related, issue with swarm/etcd. |
|
ok, LGTM |
5 participants
From personality(2):
This allows both "
UNAME26|PER_LINUX" and "UNAME26|PER_LINUX32".Fixes: #32839
Signed-off-by: Ian Campbell [email protected]
- What I did
Added
UNAME26to allowable calls topersonality(2)- How I did it
Editing the seccomp profile then running
go generate github.com/moby/moby/profiles/seccomp- How to verify it
docker run -t --rm debian setarch $(arch) --uname-2.6 uname -ashould return a2.6.Xinstead of4.x. For me it returns2.6.69-2-amd64rather than4.9.0-2-amd64.- Description for the changelog
Support use of
setarch --uname-2.6in containers.- A picture of a cute animal (not mandatory but encouraged)
Spider Kitten: