summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2017-10-25 21:49:34 +0200
committerJulian Andres Klode <jak@debian.org>2017-10-25 22:16:24 +0200
commit230b0570532bf2f419608b2043a9d6e02b9467e3 (patch)
tree6881ff8906680f379fe7112eca7510777332239f
parente04bed5109af34a6f14179b3b45b4a8352548d1a (diff)
Only warn about seccomp() EINVAL (normal) and EFAULT (qemu) errors
If seccomp is disabled, we fallback to running without it. Qemu fails in the seccomp() call, returning ENOSYS and libseccomp falls back to prctl() without adjusting the pointer, causing the EFAULT. I hope qemu gets fixed at some point to return EINVAL for seccomp via prctl. Bug-Qemu: https://bugs.launchpad.net/qemu/+bug/1726394
-rw-r--r--methods/aptmethod.h8
1 files changed, 5 insertions, 3 deletions
diff --git a/methods/aptmethod.h b/methods/aptmethod.h
index bb24463c7..6bbf3eb48 100644
--- a/methods/aptmethod.h
+++ b/methods/aptmethod.h
@@ -258,14 +258,16 @@ protected:
for (auto &custom : _config->FindVector("APT::Sandbox::Seccomp::Allow"))
{
if ((rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, seccomp_syscall_resolve_name(custom.c_str()), 0)))
- return _error->FatalE("HttpMethod::Configuration", "Cannot allow %s: %s", custom.c_str(), strerror(-rc));
+ return _error->FatalE("aptMethod::Configuration", "Cannot allow %s: %s", custom.c_str(), strerror(-rc));
}
#undef ALLOW
rc = seccomp_load(ctx);
- if (rc != 0)
- return _error->FatalE("HttpMethod::Configuration", "could not load seccomp policy: %s", strerror(-rc));
+ if (rc == -EINVAL || rc == -EFAULT) // Qemu faults...
+ Warning("aptMethod::Configuration: could not load seccomp policy: %s", strerror(-rc));
+ else if (rc != 0)
+ return _error->FatalE("aptMethod::Configuration", "could not load seccomp policy: %s", strerror(-rc));
#endif
return true;
}