Ubuntu
chromium-browser package

many seccomp denials for set_robust_list in xenial

Bug #1570111 reported by Jamie Strandboge
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

I have 517 messages and counting like this:
kernel: [ 2899.006553] audit: type=1326 audit(1460584187.442:1256): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=18839 comm="chromium-browse" exe="/usr/lib/chromium-browser/chromium-browser" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7fa52f21a694 code=0x50000

$ scmp_sys_resolver 273
set_robust_list

It seems that chromium's seccomp sandbox needs to enable this call or chromium adjusted to not use it.

$ cat /proc/version_signature
Ubuntu 4.4.0-18.34-generic 4.4.6

$ apt-cache policy chromium-browser
$ apt-cache policy chromium-browser
chromium-browser:
  Installed: 49.0.2623.108-0ubuntu1.1233
  Candidate: 49.0.2623.108-0ubuntu1.1233
  Version table:
 *** 49.0.2623.108-0ubuntu1.1233 500
        500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
        100 /var/lib/dpkg/status

Chad Miller (cmiller)
Changed in chromium-browser (Ubuntu):
assignee: nobody → Chad Miller (cmiller)
status: New → Confirmed
Revision history for this message
Chad Miller (cmiller) wrote :

Oh hello, libc.

Catchpoint 1 (call to syscall set_robust_list), __pthread_initialize_minimal_internal () at nptl-init.c:384
(gdb) bt
#0 __pthread_initialize_minimal_internal () at nptl-init.c:384
#1 0x00007f2b878845d1 in _init () at ../sysdeps/x86_64/crti.S:72

    int res = INTERNAL_SYSCALL (set_robust_list, err, 2, &pd->robust_head,
                sizeof (struct robust_list_head));

Changed in chromium-browser (Ubuntu):
status: Confirmed → In Progress
importance: Undecided → Medium
Olivier Tilloy (osomon)
Changed in chromium-browser (Ubuntu):
assignee: Chad Miller (cmiller) → nobody
status: In Progress → Confirmed
Revision history for this message
Simon Déziel (sdeziel) wrote :

Marking as fix released because newer chromium/snapd do not get any denials for syscall=273 on amd64.

Tested with:

$ snap list snapd chromium
Name Version Rev Tracking Publisher Notes
chromium 106.0.5249.119 2136 latest/stable canonical✓ -
snapd 2.57.4 17336 latest/stable canonical✓ snapd

$ lsb_release -rd
Description: Ubuntu 22.04.1 LTS
Release: 22.04

$ uname -r
5.15.0-52-generic

Changed in chromium-browser (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.