[Bug libc/30270] New: syslog: openlog with NDELAY, but seccomp still requires openat(2) and lseek(2)?

[Bug libc/30270] New: syslog: openlog with NDELAY, but seccomp still requires openat(2) and lseek(2)?

[steffen at sdaoden dot eu]

https://sourceware.org/bugzilla/show_bug.cgi?id=30270

            Bug ID: 30270
           Summary: syslog: openlog with NDELAY, but seccomp still
                    requires openat(2) and lseek(2)?
           Product: glibc
           Version: 2.36
            Status: UNCONFIRMED
          Severity: enhancement
          Priority: P2
         Component: libc
          Assignee: unassigned at sourceware dot org
          Reporter: steffen at sdaoden dot eu
                CC: drepper.fsp at gmail dot com
  Target Milestone: ---

Just an observation (2.36 patch 4), but in order to be able to use syslog in a
seccomp protected program i had to add the two mentioned to the list of allowed
system calls, even though openlog(3) was called with NDELAY.  Just an
observation, but would be cool to be fixed i thought.
Thank you.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/30270] syslog: openlog with NDELAY, but seccomp still requires openat(2) and lseek(2)?

[schwab@linux-m68k.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=30270

--- Comment #1 from Andreas Schwab <schwab@linux-m68k.org> ---
What does "2.36 patch 4" mean?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/30270] syslog: openlog with NDELAY, but seccomp still requires openat(2) and lseek(2)?

[adhemerval.zanella at linaro dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=30270

Adhemerval Zanella <adhemerval.zanella at linaro dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |adhemerval.zanella at linaro dot o
                   |                            |rg

--- Comment #2 from Adhemerval Zanella <adhemerval.zanella at linaro dot org> ---
The open syscall is implemented in terms of openat, and lssek is used
internally to format large message (through __snprintf).  This is expected.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/30270] syslog: openlog with NDELAY, but seccomp still requires openat(2) and lseek(2)?

[steffen at sdaoden dot eu]

https://sourceware.org/bugzilla/show_bug.cgi?id=30270

--- Comment #3 from Steffen Nurpmeso <steffen at sdaoden dot eu> ---
I am explicitly doing "%.950s" to avoid taking the alloc path.
'Would have hoped NDELAY gets over some..  i do have

        /* syslog (plus reopen) */\
        a_SEND,\
a_ALLOW(SYS_openat),\
a_ALLOW(SYS_lseek),\
        a_ALLOW(SYS_socket),\
        a_ALLOW(SYS_connect),\
        a_ALLOW(SYS_getpid),\

unfortunately (i use LOG_PID).
(I am currently wondering whether i can really do enable seccomp(2) for this by
default, sitting on a moving black box.)

Patch 4 is (CRUX Linux, core collection)

Commit:     Juergen Daubert <jue@jue.li>
CommitDate: 2023-02-27 12:54:14 +0100

    glibc: sync with upstream 2.36 branch
---
 glibc/.signature                                 |    7 +-
 glibc/Pkgfile                                    |    8 +-
 glibc/glibc-2.35-make-4.4-MAKEFLAGS.patch        |  102 ----------
 glibc/{glibc-2.36-3.patch => glibc-2.36-4.patch} | 1430
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 4 files changed, 1428 insertions(+), 119 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/30270] syslog: openlog with NDELAY, but seccomp still requires openat(2) and lseek(2)?

[steffen at sdaoden dot eu]

https://sourceware.org/bugzilla/show_bug.cgi?id=30270

Steffen Nurpmeso <steffen at sdaoden dot eu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|---                         |WONTFIX

--- Comment #4 from Steffen Nurpmeso <steffen at sdaoden dot eu> ---
Well i mean OpenBSD, yes.  But since that shall also go FreeBSD i had to
outsource logging to a dedicated (fork(2)ed) process, before entering
seccomp(2).  I think this is the only viable way to do this, then.
(Having a text file with something like "malloc - mmap munmap mprotect" would
be cool nonetheless, so one could use grep(1) and such to build a list of
syscalls for at least some C library use cases.  Ok: where to stop.  I do not
know.)
Thanks.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/30270] syslog: openlog with NDELAY, but seccomp still requires openat(2) and lseek(2)?

[adhemerval.zanella at linaro dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=30270

Adhemerval Zanella <adhemerval.zanella at linaro dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|WONTFIX                     |NOTABUG

-- 
You are receiving this mail because:
You are on the CC list for the bug.