From: Rich Felker <dalias@aerifal.cx>
To: Satadru Pramanik <satadru@gmail.com>
Cc: musl@lists.openwall.com
Subject: Re: [musl] Re: musl getaddr info breakage on older kernels
Date: Mon, 14 Feb 2022 17:00:44 -0500 [thread overview]
Message-ID: <20220214220043.GK7074@brightrain.aerifal.cx> (raw)
In-Reply-To: <CAFrh3J-L-i4ZnXfSTEe0HRQsmVF8rtCbKZwVmyfuU_PuJHv_vA@mail.gmail.com>
Note: you dropped the list from CC in your last reply; I've re-added
it and bounced your message to the list.
On Mon, Feb 14, 2022 at 02:00:24PM -0500, Satadru Pramanik wrote:
> >
> >
> > Are you sure the "running under strace" has no differences in how the
> > test program is invoked aside from just using strace?
>
>
> I'm running strace & ltrace from the command prompt. For what it is worth,
> the process tree is a little weird on ChromeOS:
> [image: Screenshot 2022-02-14 at 13.58.03.png]
>
>
> > Rather than
> > running it via the ruby machinery, can you just test under plain
> > manual execution from the same shell instance for both?
> >
> The previous email showed it running via manual execution from the same
> shell instance, invoked without and with ltrace.
> i.e. I have the same issue.
>
>
> > Can you report what Docker version you're using, and try executing
> > with Docker's seccomp sandboxing disabled?
>
> docker version
> Client: Docker Engine - Community
> Version: 20.10.12
> API version: 1.41
> Go version: go1.16.12
> Git commit: e91ed57
> Built: Mon Dec 13 11:45:41 2021
> OS/Arch: linux/amd64
> Context: default
> Experimental: true
>
> Server: Docker Engine - Community
> Engine:
> Version: 20.10.12
> API version: 1.41 (minimum version 1.12)
> Go version: go1.16.12
> Git commit: 459d0df
> Built: Mon Dec 13 11:44:05 2021
> OS/Arch: linux/amd64
> Experimental: false
> containerd:
> Version: 1.4.12
> GitCommit: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
> runc:
> Version: 1.0.2
> GitCommit: v1.0.2-0-g52b36a2
> docker-init:
> Version: 0.19.0
> GitCommit: de40ad0
>
> This is the docker command I used, which may disable the seccomp sandboxing?
>
> #!/bin/bash
> docker pull satmandu/crewbuild:alex-i686.m58
> docker pull tonistiigi/binfmt
> docker run --privileged --rm tonistiigi/binfmt --install all
> docker run --security-opt seccomp=unconfined --platform linux/386
> --cap-add SYS_PTRACE --rm -v $(pwd)/pkg_cache:/usr/local/tmp/packages -v
> $(pwd):/output -h $(hostname)-i686 -it satmandu/crewbuild:alex-i686.m58
> /usr/local/bin/setarch i686 sudo -i -u chronos /usr/local/bin/bash -i
>
> .../musl_getaddrinfo_test google.com
> AF_INET: 142.250.80.46
> AF_INET6: 2607:f8b0:4006:80b::200e
>
> Commands inside that docker invocation to test this:
> crew upgrade ; yes | crew install ltrace
> CREW_TESTING_REPO=https://github.com/satmandu/chromebrew.git
> CREW_TESTING_BRANCH=musl_testing CREW_TESTING=1 crew update
> crew upgrade
> cd /usr/local/tmp
> yes | crew build -k musl_getaddrinfo_test
> cd crew/musl_getaddrinfo_test.*
> .../musl_getaddrinfo_test google.com
>
> When I ran that, I got this:
> .../musl_getaddrinfo_test google.com
> AF_INET: 142.250.80.46
> AF_INET6: 2607:f8b0:4006:80b::200e
Are you saying it works (resolves correctly) with the above command
line? If so that's indicative of buggy Docker seccomp.
> > This shouldn't happen, but
> > it's plausible that your old kernel has bugs where seccomp filtering
> > gets bypassed when the process is running under strace, thereby
> > working around a buggy seccomp filter in Docker.
> >
> Is it possible there are seccomp issues with the old kernel that just
> weren't triggered by an older version of musl?
I'm pretty sure it's not a kernel bug causing your problem. It's
possibly a Docker bug that should make it fail both with and without
strace, but that strange kernel behavior (differences when tracing vs
not tracing) made the problem go away as soon as you used strace.
> > If you know how to use gdb, you could also try setting some
> > breakpoints to see what code is or isn't reached.
> >
> This would be ideal. I'm still trying to get gdb built with musl on this
> older setup. The gdb I have built against glibc doesn't seem to be
> particularly helpful when I'm running it with this program built against
> the musl libc.
>
> Is there a static build of i686 gdb built against musl someone has
> available which might be helpful here?
gdb should not need to be built against musl to debug programs built
against musl. Maybe you're just missing debug info?
next prev parent reply other threads:[~2022-02-14 22:00 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAFrh3J9CK67S=Jn531zTK04QeR8yiZwro_ZThQD=3aUx5XghCA@mail.gmail.com>
2022-02-06 21:30 ` Rich Felker
2022-02-06 23:25 ` Satadru Pramanik
2022-02-06 23:44 ` Rich Felker
2022-02-07 1:29 ` Satadru Pramanik
2022-02-07 2:40 ` Rich Felker
2022-02-07 19:19 ` Satadru Pramanik
2022-02-07 21:02 ` Rich Felker
2022-02-14 17:24 ` Satadru Pramanik
2022-02-14 18:29 ` Rich Felker
2022-02-14 19:00 ` Satadru Pramanik
2022-02-14 22:00 ` Rich Felker [this message]
2022-02-15 16:59 ` Satadru Pramanik
2022-02-15 17:44 ` Rich Felker
2022-02-15 22:56 ` Satadru Pramanik
2022-02-16 1:41 ` Rich Felker
2022-02-16 18:37 ` Satadru Pramanik
2022-02-16 18:44 ` Satadru Pramanik
2022-02-16 21:33 ` Rich Felker
2022-02-16 21:53 ` Satadru Pramanik
2022-02-17 1:44 ` Satadru Pramanik
2022-02-17 4:14 ` Satadru Pramanik
2022-02-17 13:17 ` Satadru Pramanik
2022-02-17 13:24 ` Rich Felker
2022-02-17 13:30 ` Satadru Pramanik
2022-02-17 13:46 ` Rich Felker
2022-02-17 14:49 ` Satadru Pramanik
2022-02-17 15:53 ` Rich Felker
2022-02-17 16:05 ` Rich Felker
2022-02-17 16:36 ` Satadru Pramanik
2022-02-17 18:17 ` Rich Felker
2022-02-17 21:39 ` Satadru Pramanik
2022-02-17 21:42 ` Satadru Pramanik
[not found] ` <CAFrh3J9CBGagzmnn9E7W0H15iiOzZEtg4YKfJ1qRwCtrjnw6tA@mail.gmail.com>
2022-02-17 21:43 ` Fwd: " Satadru Pramanik
2022-02-17 22:48 ` Rich Felker
2022-02-18 1:25 ` Satadru Pramanik
2022-02-17 16:17 ` Satadru Pramanik
2022-02-07 5:35 ` Markus Wichmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220214220043.GK7074@brightrain.aerifal.cx \
--to=dalias@aerifal.cx \
--cc=musl@lists.openwall.com \
--cc=satadru@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).