Bug 1768583

Summary: Please update seccomp package to include latest syscalls
Product: Red Hat Enterprise Linux 8 Reporter: Daniel Walsh <dwalsh>
Component: libseccompAssignee: Radovan Sroka <rsroka>
Status: CLOSED ERRATA QA Contact: Martin Zelený <mzeleny>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.2CC: coli, dapospis, gscrivan, mzeleny, rsroka, tjaros
Target Milestone: rcKeywords: Triaged
Target Release: 8.0Flags: pm-rhel: mirror+
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libseccomp-2.4.3-1.el8 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-04 01:42:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Daniel Walsh 2019-11-04 18:38:06 UTC 
Certain container packages like Podman, Buildah, CRI-O, Kubernetes are using upstream projects from Docker and Moby that generate syscall tables.

Libseccomp that is shipped in RHEL8 does not currently contain these definitions.  If you have a c program that is linked with libsemanage and it tries to process the seccomp.json file provided by upstream, it will blow up.

Here is the patch to upstream that defines the new syscalls.

https://github.com/seccomp/libseccomp/commit/bf747eb21e428c2b3ead6ebcca27951b681963a0
Comment 1 Giuseppe Scrivano 2019-11-05 08:14:58 UTC 
I think we need the patch https://github.com/seccomp/libseccomp/commit/5fc22428507ecea00ee9e2215d972777da9a99b6 as well
Comment 14 errata-xmlrpc 2020-11-04 01:42:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (libseccomp bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:4472