You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Compiling master with GLIBC on arm fails in procd trying to compile the list of syscall names (see below) when SECCOMP is enabled. The list of syscall names is generated in procd by the make_syscall_h.sh script using the following sed expression:
which does not match the sed expression, as it does not accept all capital letters. The resulting lines become:
[(_NR] = "waitid",
I am not very familiar with the context, but SECCOMP is a new option which is enabled by default, as per https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=b118efa0d25f5b60226a9d316eb838dd6be22f78. Previously, in my builds at least, procd was not compiled with seccomp and no syscall list was generated. I could not find any suspicious recent changes and can't see a way how the sed script could work, unless I'm missing something obvious. I am also not sure what "NR_Linux" is supposed to do in the sed pattern.
Please note that this is a glibc build.
My configuration is almost the default one, with the following added:
ak:
Compiling master with GLIBC on arm fails in procd trying to compile the list of syscall names (see below) when SECCOMP is enabled. The list of syscall names is generated in procd by the make_syscall_h.sh script using the following sed expression:
sed -r -n -e 's/^#define[ \t]+NR([a-z0-9]+)[ \t]+([ ()+0-9a-zNR_Linux]+)(.*)/ [\2] = "\1",/p'
However, the list of syscalls generated in the arm kernel takes the following form:
user_headers/include/asm/unistd-common.h:#define __NR_exit (__NR_SYSCALL_BASE + 1)
which does not match the sed expression, as it does not accept all capital letters. The resulting lines become:
[(_NR] = "waitid",
I am not very familiar with the context, but SECCOMP is a new option which is enabled by default, as per https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=b118efa0d25f5b60226a9d316eb838dd6be22f78. Previously, in my builds at least, procd was not compiled with seccomp and no syscall list was generated. I could not find any suspicious recent changes and can't see a way how the sed script could work, unless I'm missing something obvious. I am also not sure what "NR_Linux" is supposed to do in the sed pattern.
Please note that this is a glibc build.
My configuration is almost the default one, with the following added:
CONFIG_TARGET_sunxi=y
CONFIG_TARGET_sunxi_cortexa7=y
CONFIG_TARGET_sunxi_cortexa7_Default=y
CONFIG_LIBC_USE_GLIBC=y
The compilation errors look like this:
/home/openwrt/staging_dir/toolchain-arm_cortex-a7+neon-vfpv4_gcc-8.4.0_glibc_eabi/bin/arm-openwrt-linux-gnueabi-gcc -DEARLY_PATH="/usr/sbin:/usr/bin:/sbin:/bin" -DSECCOMP_SUPPORT -Dpreload_seccomp_EXPORTS -Os -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=hard -fmacro-prefix-map=/home/openwrt/build_dir/target-arm_cortex-a7+neon-vfpv4_glibc_eabi/procd-default/procd-2021-11-23-01ac2c45=procd-2021-11-23-01ac2c45 -Wformat -Werror=format-security -DPIC -fpic -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -flto -DNDEBUG -fPIC -Os -ggdb -Wall -Werror --std=gnu99 -Wmissing-declarations -MD -MT CMakeFiles/preload-seccomp.dir/jail/seccomp-oci.c.o -MF CMakeFiles/preload-seccomp.dir/jail/seccomp-oci.c.o.d -o CMakeFiles/preload-seccomp.dir/jail/seccomp-oci.c.o -c /home/openwrt/build_dir/target-arm_cortex-a7+neon-vfpv4_glibc_eabi/procd-default/procd-2021-11-23-01ac2c45/jail/seccomp-oci.c
In file included from /home/openwrt/build_dir/target-arm_cortex-a7+neon-vfpv4_glibc_eabi/procd-default/procd-2021-11-23-01ac2c45/jail/seccomp-oci.c:36:
/home/openwrt/build_dir/target-arm_cortex-a7+neon-vfpv4_glibc_eabi/procd-default/procd-2021-11-23-01ac2c45/jail/../syscall-names.h:3:4: error: '_NR' undeclared here (not in a function)
[(_NR] = "waitid",
^~~~~
/m/vm/a-dev/openwrt/build_dir/target-arm_cortex-a7+neon-vfpv4_glibc_eabi/procd-default/procd-2021-11-23-01ac2c45/jail/../syscall-names.h:3:9: error: expected ')' before ']' token
[(_NR] = "waitid",
~ ^
)
The text was updated successfully, but these errors were encountered: