Snap-seccomp fails tests on artful (is it?)


#1

Is it just on my Artful machine?

zyga@fyke:~/go/src/github.com/snapcore/snapd/cmd/snap-seccomp$ go test
cannot build multi-lib syscall runner: exit status 1
In file included from /tmp/check-2409566533080319514/1/seccomp_syscall_runner.c:3:0:
/usr/include/stdlib.h:25:10: fatal error: bits/libc-header-start.h: No such file or directory
 #include <bits/libc-header-start.h>
          ^~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.

----------------------------------------------------------------------
FAIL: main_test.go:748: snapSeccompSuite.TestCompatArchWorks

main_test.go:770:
    s.runBpf(c, t.seccompWhitelist, t.bpfInput, t.expected)
main_test.go:318:
    c.Fatalf("unexpected error for %q (failed to run %q): %s", seccompWhitelist, lastKmsg(), err)
... Error: unexpected error for "read" (failed to run "Showing last 10 lines of dmesg:\n[ 2471.526602] audit: type=1326 audit(1506436258.977:1168): auid=1000 uid=1000 gid=1000 ses=3 pid=14007 comm=\"seccomp_syscall\" exe=\"/tmp/check-5509176364762685340/1/seccomp_syscall_runner\" sig=31 arch=c000003e syscall=0 compat=0 ip=0x4436a9 code=0x0\n[ 2471.658385] audit: type=1326 audit(1506436259.109:1169): auid=1000 uid=1000 gid=1000 ses=3 pid=14012 comm=\"seccomp_syscall\" exe=\"/tmp/check-5509176364762685340/1/seccomp_syscall_runner\" sig=31 arch=c000003e syscall=0 compat=0 ip=0x4436a9 code=0x0\n[ 2471.784504] audit: type=1326 audit(1506436259.235:1170): auid=1000 uid=1000 gid=1000 ses=3 pid=14014 comm=\"seccomp_syscall\" exe=\"/tmp/check-5509176364762685340/1/seccomp_syscall_runner\" sig=31 arch=c000003e syscall=0 compat=0 ip=0x4436a9 code=0x0\n[ 2471.915354] audit: type=1326 audit(1506436259.366:1171): auid=1000 uid=1000 gid=1000 ses=3 pid=14018 comm=\"seccomp_syscall\" exe=\"/tmp/check-5509176364762685340/1/seccomp_syscall_runner\" sig=31 arch=c000003e syscall=0 compat=0 ip=0x4436a9 code=0x0\n[ 2472.041957] audit: type=1326 audit(1506436259.492:1172): auid=1000 uid=1000 gid=1000 ses=3 pid=14022 comm=\"seccomp_syscall\" exe=\"/tmp/check-5509176364762685340/1/seccomp_syscall_runner\" sig=31 arch=c000003e syscall=0 compat=0 ip=0x4436a9 code=0x0\n[ 2472.165424] audit: type=1326 audit(1506436259.616:1173): auid=1000 uid=1000 gid=1000 ses=3 pid=14024 comm=\"seccomp_syscall\" exe=\"/tmp/check-5509176364762685340/1/seccomp_syscall_runner\" sig=31 arch=c000003e syscall=0 compat=0 ip=0x4436a9 code=0x0\n[ 2472.293912] audit: type=1326 audit(1506436259.744:1174): auid=1000 uid=1000 gid=1000 ses=3 pid=14028 comm=\"seccomp_syscall\" exe=\"/tmp/check-5509176364762685340/1/seccomp_syscall_runner\" sig=31 arch=c000003e syscall=0 compat=0 ip=0x4436a9 code=0x0\n[ 2500.275907] kauditd_printk_skb: 26 callbacks suppressed\n[ 2500.275908] audit: type=1326 audit(1506436287.725:1201): auid=1000 uid=1000 gid=1000 ses=3 pid=14228 comm=\"seccomp_bpf_loa\" exe=\"/tmp/check-2409566533080319514/0/seccomp_bpf_loader\" sig=31 arch=c000003e syscall=32 compat=0 ip=0x7f02df776777 code=0x0\n"): signal: bad system call (core dumped)

#2

So I confirmed this does not affect the release 2.28 branch for some reason. I’ll try to bisect and find the culprit


#3

The bad commit is:

commit 480f176747b5765007a7d85d106b53f247321e51 (refs/bisect/bad)
Author: Michael Vogt <mvo@ubuntu.com>
Date:   Fri Sep 15 08:25:51 2017 +0200

    address review feedback (thanks to Jamie)

#4

The compile failure seems to be caused by the -m32 command line argument to gcc:

zyga@fyke:~$ gcc -std=c99 -Werror -Wall -static /tmp/check-6185516270145770849/1/seccomp_syscall_runner.c -o /tmp/check-6185516270145770849/1/seccomp_syscall_runner.m32 -Wl,-static -static-libgcc
zyga@fyke:~$ gcc -std=c99 -Werror -Wall -static /tmp/check-6185516270145770849/1/seccomp_syscall_runner.c -o /tmp/check-6185516270145770849/1/seccomp_syscall_runner.m32 -Wl,-static -static-libgcc -m32
In file included from /tmp/check-6185516270145770849/1/seccomp_syscall_runner.c:3:0:
/usr/include/stdlib.h:25:10: fatal error: bits/libc-header-start.h: Nie ma takiego pliku ani katalogu
 #include <bits/libc-header-start.h>
          ^~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.

The program that fails to compile is:

#define _GNU_SOURCE
#include <stdlib.h>
#include <sys/syscall.h>
#include <unistd.h>
int main(int argc, char** argv)
{
    int l[7];
    for (int i = 0; i < 7; i++)
        l[i] = atoi(argv[i + 1]);
    // There might be architecture-specific requirements. see "man syscall"
    // for details.
    syscall(l[0], l[1], l[2], l[3], l[4], l[5], l[6]);
    syscall(SYS_exit, 0, 0, 0, 0, 0, 0);
    return 0;
}

#5

@mvo given this doesn’t affect 2.28 this is not urgent but it does block 2.29 release.


#6

Just fyi, I’m hitting this.


#7

Is this still a problem?


#8

Nope, the HACKING.md file was updated to include “apt build-dep ./” which installs the added packages to fix this. Can close