Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1690102 - setarch(8) does not check error return values properly.
Summary: setarch(8) does not check error return values properly.
Keywords:
Status: POST
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: util-linux
Version: 7.6
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Karel Zak
QA Contact: Radka Skvarilova
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-03-18 19:18 UTC by Peter Jones
Modified: 2019-04-10 11:13 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:


Attachments (Terms of Use)

Description Peter Jones 2019-03-18 19:18:40 UTC
Description of problem: If I run this in a container where seccomp denies ADDR_LIMIT_3G, it thinks it worked when it did not:

[root@daf23c28d8db build]# setarch linux32 -B uname -m
x86_64

This is because setarch is only checking for -EINVAL.  If I run it without -B, it works as expected:

[root@daf23c28d8db build]# setarch linux32 uname -m
i686

Version-Release number of selected component (if applicable): util-linux-2.23.2-59.el7

How reproducible: 100%

Steps to Reproduce:
1. create a container on a system where seccomp denies some personality(2) flags (podman or docker on fedora 29 will do this)
2. run setarch linux32 -B uname -m
3. see the wrong value

Actual results: setarch execs the binary after personality(2) has returned failure


Expected results: setarch shows an error

Comment 2 Karel Zak 2019-03-25 15:08:05 UTC
It seems we need upstream commits 9ed11cc260a28a64de0c1fa5d94d7cd6273781a5 and ae7065760d9bbe776a93a73d88e85c7796acb8cc.


Note You need to log in before you can comment on or make changes to this bug.