Bug 2051521

Summary: add fsync syscall in systemd sandbox
Product: [Fedora] Fedora Reporter: Fabrice Bellet <fabrice>
Component: arpwatchAssignee: Ben Beasley <code>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: code
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: arpwatch-3.2-4.fc36 arpwatch-3.2-2.fc34 arpwatch-3.2-2.fc35 arpwatch-3.2-2.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-02-07 13:45:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Fabrice Bellet 2022-02-07 12:21:42 UTC
Hi!

I'm not sure if the "sync" syscall is needed for arpwatch, but "fsync" is, and probably should be added to the service file. Without this exception, arpwatch fails to send notification emails:


systemd-coredump[2282]: Process 2280 (sendmail) of user 77 dumped core.#012#012Stack trace of thread 2280:#012#0  0x00007f1df3d29fc7 fsync (libc.so.6 + 0xf7fc7)#012#1  0x000055f5834884d8 collect (sendmail.sendmail + 0x1f4d8)#012#2  0x000055f58347ceaa main (sendmail.sendmail + 0x13eaa)#012#3  0x00007f1df3c59b75 __libc_start_main (libc.so.6 + 0x27b75)#012#4  0x000055f58348128e _start (sendmail.sendmail + 0x1828e)

Comment 1 Ben Beasley 2022-02-07 13:14:38 UTC
Thanks for the report!

This is not the first time the syscall filter has needed to be expanded. It’s hard to get right—for example, “fsync” is called by the “sendmail” executable and appears nowhere in arpwatch’s source code. Hopefully allowing the @sync group (“Synchronizing files and memory to disk (fsync(2), msync(2), and related calls”) in the service file will be sufficient. If there are other issues, please let me know and I’ll handle them too.

Comment 2 Fedora Update System 2022-02-07 13:27:54 UTC
FEDORA-2022-731283251a has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-731283251a

Comment 3 Fabrice Bellet 2022-02-07 13:32:05 UTC
Hmm, it seems odd to me. I'm not sure @sync is enough to include fsync, at least on fedora 34 (this is the version where this bug appears). The error message comes from arpwatch-3.2-1.fc34.x86_64, where the service file already contains "@sync". Replacing "@sync" by "@fsync" seems sufficient to make sendmail work in my case. But as I understand the documentation of systemd, "@" is a notation for syscalls groups description already ?

I'll make some more tests.

Comment 4 Fabrice Bellet 2022-02-07 13:36:36 UTC
OK, I missed the meaning of the "~" at the beginning of the SystemCallFilter= option.

Comment 5 Fedora Update System 2022-02-07 13:38:31 UTC
FEDORA-2022-72bdec0aa7 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-72bdec0aa7

Comment 6 Fabrice Bellet 2022-02-07 13:43:18 UTC
The updated service file works for me too. Thanks!

Comment 7 Fedora Update System 2022-02-07 13:45:19 UTC
FEDORA-2022-731283251a has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 8 Ben Beasley 2022-02-07 18:40:16 UTC
(In reply to Fabrice Bellet from comment #4)
> OK, I missed the meaning of the "~" at the beginning of the
> SystemCallFilter= option.

Exactly right: removing @sync from this line stops excluding it, therefore allows it.

I’ll be backporting this fix to stable releases, too.

Comment 9 Fedora Update System 2022-02-07 19:52:02 UTC
FEDORA-2022-61fe8850d0 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2022-61fe8850d0

Comment 10 Fedora Update System 2022-02-07 19:58:40 UTC
FEDORA-EPEL-2022-bb65b22de7 has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-bb65b22de7

Comment 11 Fedora Update System 2022-02-08 01:42:16 UTC
FEDORA-2022-72bdec0aa7 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-72bdec0aa7`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-72bdec0aa7

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 12 Fedora Update System 2022-02-08 02:00:21 UTC
FEDORA-2022-61fe8850d0 has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-61fe8850d0`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-61fe8850d0

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 13 Fedora Update System 2022-02-08 02:14:07 UTC
FEDORA-EPEL-2022-bb65b22de7 has been pushed to the Fedora EPEL 9 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-bb65b22de7

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 14 Fedora Update System 2022-02-16 01:13:20 UTC
FEDORA-2022-61fe8850d0 has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 15 Fedora Update System 2022-02-16 01:26:34 UTC
FEDORA-2022-72bdec0aa7 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 16 Fedora Update System 2022-02-16 01:54:39 UTC
FEDORA-EPEL-2022-bb65b22de7 has been pushed to the Fedora EPEL 9 stable repository.
If problem still persists, please make note of it in this bug report.