From 230b0570532bf2f419608b2043a9d6e02b9467e3 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Wed, 25 Oct 2017 21:49:34 +0200 Subject: Only warn about seccomp() EINVAL (normal) and EFAULT (qemu) errors If seccomp is disabled, we fallback to running without it. Qemu fails in the seccomp() call, returning ENOSYS and libseccomp falls back to prctl() without adjusting the pointer, causing the EFAULT. I hope qemu gets fixed at some point to return EINVAL for seccomp via prctl. Bug-Qemu: https://bugs.launchpad.net/qemu/+bug/1726394 --- methods/aptmethod.h | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/methods/aptmethod.h b/methods/aptmethod.h index bb24463c7..6bbf3eb48 100644 --- a/methods/aptmethod.h +++ b/methods/aptmethod.h @@ -258,14 +258,16 @@ protected: for (auto &custom : _config->FindVector("APT::Sandbox::Seccomp::Allow")) { if ((rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, seccomp_syscall_resolve_name(custom.c_str()), 0))) - return _error->FatalE("HttpMethod::Configuration", "Cannot allow %s: %s", custom.c_str(), strerror(-rc)); + return _error->FatalE("aptMethod::Configuration", "Cannot allow %s: %s", custom.c_str(), strerror(-rc)); } #undef ALLOW rc = seccomp_load(ctx); - if (rc != 0) - return _error->FatalE("HttpMethod::Configuration", "could not load seccomp policy: %s", strerror(-rc)); + if (rc == -EINVAL || rc == -EFAULT) // Qemu faults... + Warning("aptMethod::Configuration: could not load seccomp policy: %s", strerror(-rc)); + else if (rc != 0) + return _error->FatalE("aptMethod::Configuration", "could not load seccomp policy: %s", strerror(-rc)); #endif return true; } -- cgit v1.2.3-70-g09d2