[OE-core] [PATCH] file: explicitly disable seccomp
Khem Raj
raj.khem at gmail.com
Mon Jan 20 18:53:19 UTC 2020
On Mon, Jan 20, 2020 at 9:10 AM Ross Burton <ross.burton at intel.com> wrote:
> On 20/01/2020 15:45, Khem Raj wrote:
> > pseudo needs some love since it alters syscalls which go out of bounds
> > what is allowed by libseccomp until then pin your file version to 5.37
> > in arch till a supported distro is affected by same problem. It wont
> > be long better option is to fix pseudo
>
> That's not quite right. pseudo LD_PRELOADs itself into file, and makes
> syscalls which are not whitelisted in file's seccomp configuration.
>
It’s is not different than what I was saying how it inserts itself into
process is a detail which is hidden from operating system
However I think file is only one case when used along with libseccomp there
could be more use cases if other host tools we use start using it
So I wonder If we should start building own native versions of tools or
make it part of build tools tarball
Or perhaps just publish a self built container and not worry about what
distros are doing underneath
>
> There's nothing pseudo can do to solve this.
>
> Ross
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20200120/2e4ac42e/attachment.html>
More information about the Openembedded-core
mailing list