[OE-core] [PATCH] file: explicitly disable seccomp

Khem Raj raj.khem at gmail.com
Mon Jan 20 18:53:19 UTC 2020


On Mon, Jan 20, 2020 at 9:10 AM Ross Burton <ross.burton at intel.com> wrote:

> On 20/01/2020 15:45, Khem Raj wrote:
> > pseudo needs some love since it alters syscalls which go out of bounds
> > what is allowed by libseccomp until then pin your file version to 5.37
> > in arch till a supported distro is affected by same problem. It wont
> > be long better option is to fix pseudo
>
> That's not quite right.  pseudo LD_PRELOADs itself into file, and makes
> syscalls which are not whitelisted in file's seccomp configuration.
>

It’s is not different than what I was saying how it inserts itself into
process is a detail which is hidden from operating system

However I think file is only one case when used along with libseccomp there
could be more use cases if other host tools we use start using it

So I wonder If we should start building own native versions of tools or
make it part of build tools tarball
Or perhaps just publish a self built container and not worry about what
distros are doing underneath

>
> There's nothing pseudo can do to solve this.
>
> Ross
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20200120/2e4ac42e/attachment.html>


More information about the Openembedded-core mailing list