Seccomp Syscall: pidfd_open

andy.rohr · December 12, 2025, 7:47am

Hi

Our snap invokes a syscall pidfd_open which is blocked. I tried to add various interfaces in hope there is one which allows the call, but no luck. How can I allow this syscall?

OS: Ubuntu 24.04 LTS snapd: v2.72, also tried v2.73 beta

snappy-debug says:

= Seccomp =
Time: 2025-12-12T08:3
Log: auid=4294967295 uid=0 gid=0 ses=4294967295 subj=snap.vms-ge4.daemon pid=3352 comm="ruby" exe="/snap/vms-ge4/x10/usr/bin/ruby" sig=0 arch=c000003e 434(pidfd_open) compat=0 ip=0x7532758ee28d code=0x50000
Syscall: pidfd_open

Any help is appreciated.

andy.rohr · December 15, 2025, 1:20pm

It would be nice if this could be solved with the release of v2.73.

paddor · March 5, 2026, 5:08pm

Same here when a snap (core24) is trying to determine disk usage using df (interface mount-observe is connected):

Errno::EPERM: Operation not permitted - IO_Event_Selector_EPoll_process_wait:pidfd_open

@mborzecki1 Could you please take a look? Seems to be a similar issue as here

mborzecki1 · March 6, 2026, 6:06am

Hi,

The fix has already landed in master and will be included in 2.75 (which will likely be tagged next week). In the meantime, could you snap refresh –edge snapd and see if that resolves your problem?

andy.rohr · March 6, 2026, 7:16am

I can confirm that it works now with snapd v2.74.1+g265.4987ba4 (edge)

Thanks a lot!