proot icon indicating copy to clipboard operation
proot copied to clipboard

Published 20 hours ago verified publisher icon proot-me

proot 5.3 regression wrt. seccomp?

Open kcgthb opened this issue 3 years ago • 0 comments

Summary

It looks like the seccomp auto-detection system doesn't work anymore in 5.3.1 Running proot ... generates a segfault, while PROOT_NO_SECCOMP=1 proot ... works.

Expected Behavior

Working proot.

Actual Behavior

Segfault.

Steps to Reproduce the Problem

  1. Compile and install proot 5.3.1
  2. Run proot echo "foo"
  3. Note the lack of output (and explicit segfault in verbose mode)

Specifications

  • Proot/Care version: 5.3.1
  • Kernel version: 3.10.0-1160.76.1.el7.x86_64)
  • Host distribution: CentOS 7.9
  • Guest distribution: CentOS 7.9

Command Output

With version 5.3.1:

$ proot -V
 _____ _____              ___
|  __ \  __ \_____  _____|   |_
|   __/     /  _  \/  _  \    _|
|__|  |__|__\_____/\_____/\____| v5.3.1-99a84175

built-in accelerators: process_vm = yes, seccomp_filter = yes

Visit https://proot-me.github.io for help, bug reports, suggestions, patches, ...
Copyright (C) 2022 PRoot Developers, licensed under GPL v2 or later.

$ proot -v 1 echo "foo"
proot info: binding = /
proot info: exe = /usr/bin/echo
proot info: argv = echo foo
proot info: initial cwd = /home/users/kilian
proot info: verbose level = 1
proot info: pid 27882: access to "/dev/pts/0" (fd 0) won't be translated until closed
proot info: pid 27882: access to "/dev/pts/0" (fd 1) won't be translated until closed
proot info: pid 27882: access to "/dev/pts/0" (fd 2) won't be translated until closed
proot info: pid 27882: access to "/proc/27882/fd" (fd 3) won't be translated until closed
proot info: ptrace acceleration (seccomp mode 2) enabled
proot info: vpid 1: terminated with signal 11

$ PROOT_NO_SECCOMP=1 proot -v 1 echo "foo"
proot info: binding = /
proot info: exe = /usr/bin/echo
proot info: argv = echo foo
proot info: initial cwd = /home/users/kilian
proot info: verbose level = 1
proot info: pid 28577: access to "/dev/pts/0" (fd 0) won't be translated until closed
proot info: pid 28577: access to "/dev/pts/0" (fd 1) won't be translated until closed
proot info: pid 28577: access to "/dev/pts/0" (fd 2) won't be translated until closed
proot info: pid 28577: access to "/proc/28577/fd" (fd 3) won't be translated until closed
foo
proot info: vpid 1: exited with status 0

The same thing works with proot 5.2.0:

$ proot -V
 _____ _____              ___
|  __ \  __ \_____  _____|   |_
|   __/     /  _  \/  _  \    _|
|__|  |__|__\_____/\_____/\____| v5.2.0

built-in accelerators: process_vm = yes, seccomp_filter = yes

Visit https://proot-me.github.io for help, bug reports, suggestions, patches, ...
Copyright (C) 2021 PRoot Developers, licensed under GPL v2 or later.

$ proot -v 1 echo "foo"
proot info: binding = /
proot info: exe = /usr/bin/echo
proot info: argv = echo foo
proot info: initial cwd = /home/users/kilian
proot info: verbose level = 1
proot info: pid 28661: access to "/dev/pts/0" (fd 0) won't be translated until closed
proot info: pid 28661: access to "/dev/pts/0" (fd 1) won't be translated until closed
proot info: pid 28661: access to "/dev/pts/0" (fd 2) won't be translated until closed
proot info: pid 28661: access to "/proc/28661/fd" (fd 3) won't be translated until closed
proot info: ptrace acceleration (seccomp mode 2) enabled
foo
proot info: vpid 1: exited with status 0

It looks like some sort of regression between 5.2.0 and 5.3.1?

kcgthb avatar Sep 19 '22 22:09 kcgthb