public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/30270] New: syslog: openlog with NDELAY, but seccomp still requires openat(2) and lseek(2)?
@ 2023-03-23 23:27 steffen at sdaoden dot eu
2023-03-24 11:47 ` [Bug libc/30270] " schwab@linux-m68k.org
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: steffen at sdaoden dot eu @ 2023-03-23 23:27 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30270
Bug ID: 30270
Summary: syslog: openlog with NDELAY, but seccomp still
requires openat(2) and lseek(2)?
Product: glibc
Version: 2.36
Status: UNCONFIRMED
Severity: enhancement
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: steffen at sdaoden dot eu
CC: drepper.fsp at gmail dot com
Target Milestone: ---
Just an observation (2.36 patch 4), but in order to be able to use syslog in a
seccomp protected program i had to add the two mentioned to the list of allowed
system calls, even though openlog(3) was called with NDELAY. Just an
observation, but would be cool to be fixed i thought.
Thank you.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/30270] syslog: openlog with NDELAY, but seccomp still requires openat(2) and lseek(2)?
2023-03-23 23:27 [Bug libc/30270] New: syslog: openlog with NDELAY, but seccomp still requires openat(2) and lseek(2)? steffen at sdaoden dot eu
@ 2023-03-24 11:47 ` schwab@linux-m68k.org
2023-03-24 11:50 ` adhemerval.zanella at linaro dot org
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: schwab@linux-m68k.org @ 2023-03-24 11:47 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30270
--- Comment #1 from Andreas Schwab <schwab@linux-m68k.org> ---
What does "2.36 patch 4" mean?
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/30270] syslog: openlog with NDELAY, but seccomp still requires openat(2) and lseek(2)?
2023-03-23 23:27 [Bug libc/30270] New: syslog: openlog with NDELAY, but seccomp still requires openat(2) and lseek(2)? steffen at sdaoden dot eu
2023-03-24 11:47 ` [Bug libc/30270] " schwab@linux-m68k.org
@ 2023-03-24 11:50 ` adhemerval.zanella at linaro dot org
2023-03-24 19:22 ` steffen at sdaoden dot eu
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: adhemerval.zanella at linaro dot org @ 2023-03-24 11:50 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30270
Adhemerval Zanella <adhemerval.zanella at linaro dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |adhemerval.zanella at linaro dot o
| |rg
--- Comment #2 from Adhemerval Zanella <adhemerval.zanella at linaro dot org> ---
The open syscall is implemented in terms of openat, and lssek is used
internally to format large message (through __snprintf). This is expected.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/30270] syslog: openlog with NDELAY, but seccomp still requires openat(2) and lseek(2)?
2023-03-23 23:27 [Bug libc/30270] New: syslog: openlog with NDELAY, but seccomp still requires openat(2) and lseek(2)? steffen at sdaoden dot eu
2023-03-24 11:47 ` [Bug libc/30270] " schwab@linux-m68k.org
2023-03-24 11:50 ` adhemerval.zanella at linaro dot org
@ 2023-03-24 19:22 ` steffen at sdaoden dot eu
2023-04-03 22:26 ` steffen at sdaoden dot eu
2023-04-03 23:37 ` adhemerval.zanella at linaro dot org
4 siblings, 0 replies; 6+ messages in thread
From: steffen at sdaoden dot eu @ 2023-03-24 19:22 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30270
--- Comment #3 from Steffen Nurpmeso <steffen at sdaoden dot eu> ---
I am explicitly doing "%.950s" to avoid taking the alloc path.
'Would have hoped NDELAY gets over some.. i do have
/* syslog (plus reopen) */\
a_SEND,\
a_ALLOW(SYS_openat),\
a_ALLOW(SYS_lseek),\
a_ALLOW(SYS_socket),\
a_ALLOW(SYS_connect),\
a_ALLOW(SYS_getpid),\
unfortunately (i use LOG_PID).
(I am currently wondering whether i can really do enable seccomp(2) for this by
default, sitting on a moving black box.)
Patch 4 is (CRUX Linux, core collection)
Commit: Juergen Daubert <jue@jue.li>
CommitDate: 2023-02-27 12:54:14 +0100
glibc: sync with upstream 2.36 branch
---
glibc/.signature | 7 +-
glibc/Pkgfile | 8 +-
glibc/glibc-2.35-make-4.4-MAKEFLAGS.patch | 102 ----------
glibc/{glibc-2.36-3.patch => glibc-2.36-4.patch} | 1430
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
4 files changed, 1428 insertions(+), 119 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/30270] syslog: openlog with NDELAY, but seccomp still requires openat(2) and lseek(2)?
2023-03-23 23:27 [Bug libc/30270] New: syslog: openlog with NDELAY, but seccomp still requires openat(2) and lseek(2)? steffen at sdaoden dot eu
` (2 preceding siblings ...)
2023-03-24 19:22 ` steffen at sdaoden dot eu
@ 2023-04-03 22:26 ` steffen at sdaoden dot eu
2023-04-03 23:37 ` adhemerval.zanella at linaro dot org
4 siblings, 0 replies; 6+ messages in thread
From: steffen at sdaoden dot eu @ 2023-04-03 22:26 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30270
Steffen Nurpmeso <steffen at sdaoden dot eu> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution|--- |WONTFIX
--- Comment #4 from Steffen Nurpmeso <steffen at sdaoden dot eu> ---
Well i mean OpenBSD, yes. But since that shall also go FreeBSD i had to
outsource logging to a dedicated (fork(2)ed) process, before entering
seccomp(2). I think this is the only viable way to do this, then.
(Having a text file with something like "malloc - mmap munmap mprotect" would
be cool nonetheless, so one could use grep(1) and such to build a list of
syscalls for at least some C library use cases. Ok: where to stop. I do not
know.)
Thanks.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/30270] syslog: openlog with NDELAY, but seccomp still requires openat(2) and lseek(2)?
2023-03-23 23:27 [Bug libc/30270] New: syslog: openlog with NDELAY, but seccomp still requires openat(2) and lseek(2)? steffen at sdaoden dot eu
` (3 preceding siblings ...)
2023-04-03 22:26 ` steffen at sdaoden dot eu
@ 2023-04-03 23:37 ` adhemerval.zanella at linaro dot org
4 siblings, 0 replies; 6+ messages in thread
From: adhemerval.zanella at linaro dot org @ 2023-04-03 23:37 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30270
Adhemerval Zanella <adhemerval.zanella at linaro dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|WONTFIX |NOTABUG
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-04-03 23:37 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-23 23:27 [Bug libc/30270] New: syslog: openlog with NDELAY, but seccomp still requires openat(2) and lseek(2)? steffen at sdaoden dot eu
2023-03-24 11:47 ` [Bug libc/30270] " schwab@linux-m68k.org
2023-03-24 11:50 ` adhemerval.zanella at linaro dot org
2023-03-24 19:22 ` steffen at sdaoden dot eu
2023-04-03 22:26 ` steffen at sdaoden dot eu
2023-04-03 23:37 ` adhemerval.zanella at linaro dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).