From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pvorel@suse.cz>
Received: from mx2.suse.de (mx2.suse.de [195.135.220.15])
 by sourceware.org (Postfix) with ESMTPS id C256E386F446
 for <libc-alpha@sourceware.org>; Thu,  4 Mar 2021 08:27:56 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org C256E386F446
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=suse.cz
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=pvorel@suse.cz
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.221.27])
 by mx2.suse.de (Postfix) with ESMTP id D9BAAABE4;
 Thu,  4 Mar 2021 08:27:55 +0000 (UTC)
Date: Thu, 4 Mar 2021 09:27:54 +0100
From: Petr Vorel <pvorel@suse.cz>
To: Florian Weimer <fweimer@redhat.com>
Cc: Aleksa Sarai <cyphar@cyphar.com>, "Dmitry V. Levin" <ldv@altlinux.org>,
 libc-alpha@sourceware.org, Fabian Vogt <fvogt@suse.com>,
 Andreas Schwab <schwab@suse.de>, Kir Kolyshkin <kolyshkin@gmail.com>,
 Ladislav Slezak <lslezak@suse.com>
Subject: Re: [RFC PATCH] Linux: Workaround seccomp() issue with faccessat2()
Message-ID: <YECaCn0st2ij3iMl@pevik>
Reply-To: Petr Vorel <pvorel@suse.cz>
References: <20210225194702.6113-1-pvorel@suse.cz>
 <20210225223817.GB20456@altlinux.org>
 <20210228075615.vx7vomaqshipal75@yavin.dot.cyphar.com>
 <87wnurgkda.fsf@oldenburg.str.redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <87wnurgkda.fsf@oldenburg.str.redhat.com>
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS,
 RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Mar 2021 08:27:58 -0000

Hi all,

> There are some indications that not all container runtimes will pick up
> the runc kludge (thanks for developing that by the way).  So it's likely
> that the general issue will be with us for a while longer.  Maybe the
> competitive pressure from other working container runtimes will
> encourage other re-evaluate their approach, I don't know.
Hopefully.

> We still don't plan to throw in downstream-only glibc patches to paper
> over this (given that it's been rejected by kernel and glibc developers
> alike, I really think it's the wrong way to go).  So far management
> isn't breathing down our necks.
As workaround exists (for openSUSE using podman with newest runc v1.0.0-rc93)
I understand the reluctance to accept a workaround. It just reminds me occasional
musl approach to be correct no matter what problems it brings to users.

Kind regards,
Petr

> Thanks,
> Florian