diff options
author | Julian Andres Klode <jak@debian.org> | 2017-10-25 21:49:34 +0200 |
---|---|---|
committer | Julian Andres Klode <jak@debian.org> | 2017-10-25 22:16:24 +0200 |
commit | 230b0570532bf2f419608b2043a9d6e02b9467e3 (patch) | |
tree | 6881ff8906680f379fe7112eca7510777332239f | |
parent | e04bed5109af34a6f14179b3b45b4a8352548d1a (diff) |
Only warn about seccomp() EINVAL (normal) and EFAULT (qemu) errors
If seccomp is disabled, we fallback to running without it. Qemu fails
in the seccomp() call, returning ENOSYS and libseccomp falls back to
prctl() without adjusting the pointer, causing the EFAULT. I hope
qemu gets fixed at some point to return EINVAL for seccomp via
prctl.
Bug-Qemu: https://bugs.launchpad.net/qemu/+bug/1726394
-rw-r--r-- | methods/aptmethod.h | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/methods/aptmethod.h b/methods/aptmethod.h index bb24463c7..6bbf3eb48 100644 --- a/methods/aptmethod.h +++ b/methods/aptmethod.h @@ -258,14 +258,16 @@ protected: for (auto &custom : _config->FindVector("APT::Sandbox::Seccomp::Allow")) { if ((rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, seccomp_syscall_resolve_name(custom.c_str()), 0))) - return _error->FatalE("HttpMethod::Configuration", "Cannot allow %s: %s", custom.c_str(), strerror(-rc)); + return _error->FatalE("aptMethod::Configuration", "Cannot allow %s: %s", custom.c_str(), strerror(-rc)); } #undef ALLOW rc = seccomp_load(ctx); - if (rc != 0) - return _error->FatalE("HttpMethod::Configuration", "could not load seccomp policy: %s", strerror(-rc)); + if (rc == -EINVAL || rc == -EFAULT) // Qemu faults... + Warning("aptMethod::Configuration: could not load seccomp policy: %s", strerror(-rc)); + else if (rc != 0) + return _error->FatalE("aptMethod::Configuration", "could not load seccomp policy: %s", strerror(-rc)); #endif return true; } |