Re: [libseccomp-discuss] allowing select() fails in i686
High level interface to the Linux Kernel's seccomp filter
Brought to you by:
pcmoore
Menu
▾
▴
Re: [libseccomp-discuss] allowing select() fails in i686
|
From: Paul M. <pm...@re...> - 2015-01-27 18:05:23
|
On Tuesday, January 27, 2015 12:13:15 PM Nikos Mavrogiannopoulos wrote: > ----- Original Message ----- > > > On Tuesday, January 27, 2015 04:45:52 PM Nikos Mavrogiannopoulos wrote: > > > Hello, > > > > > > The attached program as far as I understand creates a filter which > > > > > > allows select(). That works well on my x86-64: > > > $ gcc test.c -lseccomp;./a.out > > > all ok > > > > > > However, if I run the same thing under i686 emulation, I have: > > > $ gcc -m32 test.c -lseccomp;./a.out > > > select is blocked! > > > > Since you are running on an x86_64 system, you probably want to explicitly > > add support for the x86 ABI if you are interested in creating a filter > > that works on both x86_64 and x86. This is probably not strictly > > necessary if you are certain that you are linking to a properly build > > native x86 library, but I can't be certain based on what you've posted. > > Yes, I'm linking using the Fedora's i686 library. I should have mentioned > that this is a reproducer for an issue reported to me: > http://lists.infradead.org/pipermail/openconnect-devel/2015-January/002640. > html I have no i686 available to me, that's why I reproduce that way. > > > > Note that allow others calls (e.g., write) are properly executed as > > > expected. > > > > Have you verified this via strace, or similar? > > I see the output on my screen so write worked :) Running it with strace > shows the expected result. Yes, of course. Sorry about that :) Did you try adding the x86 ABI to the filter? I'm curious if that resolves the problem. -- paul moore security @ redhat |
