Bug 1690102

Summary: setarch(8) does not check error return values properly.
Product: Red Hat Enterprise Linux 7 Reporter: Peter Jones <pjones>
Component: util-linuxAssignee: Karel Zak <kzak>
Status: CLOSED ERRATA QA Contact: Radka Brychtova <rskvaril>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.6   
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: util-linux-2.23.2-62.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-31 20:00:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Peter Jones 2019-03-18 19:18:40 UTC 
Description of problem: If I run this in a container where seccomp denies ADDR_LIMIT_3G, it thinks it worked when it did not:

[root@daf23c28d8db build]# setarch linux32 -B uname -m
x86_64

This is because setarch is only checking for -EINVAL.  If I run it without -B, it works as expected:

[root@daf23c28d8db build]# setarch linux32 uname -m
i686

Version-Release number of selected component (if applicable): util-linux-2.23.2-59.el7

How reproducible: 100%

Steps to Reproduce:
1. create a container on a system where seccomp denies some personality(2) flags (podman or docker on fedora 29 will do this)
2. run setarch linux32 -B uname -m
3. see the wrong value

Actual results: setarch execs the binary after personality(2) has returned failure


Expected results: setarch shows an error
Comment 2 Karel Zak 2019-03-25 15:08:05 UTC 
It seems we need upstream commits 9ed11cc260a28a64de0c1fa5d94d7cd6273781a5 and ae7065760d9bbe776a93a73d88e85c7796acb8cc.
Comment 7 errata-xmlrpc 2020-03-31 20:00:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1102