Bug 1897712
Summary: | openssh SIGSYS on connection attempt | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Paul Whalen <pwhalen> | ||||
Component: | openssh | Assignee: | Jakub Jelen <jjelen> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | rawhide | CC: | crypto-team, dwalsh, jjelen, lkundrak, mattias.ellert, plautrba, tmraz | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | openssh-8.4p1-3.fc33 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2020-11-27 01:22:51 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 245418 | ||||||
Attachments: |
|
Description
Paul Whalen
2020-11-13 20:47:09 UTC
Created attachment 1729215 [details]
sshd backtrace
Can you check audit for what syscall was used in your case on ARM which failed? Is it called now select64 or something else? type=SECCOMP msg=audit(1605645779.332:638): auid=4294967295 uid=74 gid=74 ses=4294967295 subj=system_u:system_r:sshd_net_t:s0-s0:c0.c1023 pid=796 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=40000028 syscall=413 compat=0 ip=0xb68db370 code=0x0AUID="unset" UID="sshd" GID="sshd" ARCH=armeb SYSCALL=unknown-syscall(413) On arm 413 looks to be pselect6_time64 Thank you for report and checking the syscall. This is something new. The following patch should address the issue: diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index e0768c06..5065ae7e 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -267,6 +267,9 @@ static const struct sock_filter preauth_insns[] = { #ifdef __NR_pselect6 SC_ALLOW(__NR_pselect6), #endif +#ifdef __NR_pselect6_time64 + SC_ALLOW(__NR_pselect6_time64), +#endif #ifdef __NR_read SC_ALLOW(__NR_read), #endif I submitted a scratch build with the patch above. Please, check if it will work for you. Then I can fix it in Fedora and report upstream. https://koji.fedoraproject.org/koji/taskinfo?taskID=55805956 (In reply to Jakub Jelen from comment #4) > I submitted a scratch build with the patch above. Please, check if it will > work for you. Then I can fix it in Fedora and report upstream. > > https://koji.fedoraproject.org/koji/taskinfo?taskID=55805956 Thanks! That works as expected. FEDORA-2020-413ab3bca3 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2020-413ab3bca3 FEDORA-2020-413ab3bca3 has been pushed to the Fedora 33 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-413ab3bca3` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-413ab3bca3 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2020-413ab3bca3 has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report. |