Bug 2051521
Summary: | add fsync syscall in systemd sandbox | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Fabrice Bellet <fabrice> |
Component: | arpwatch | Assignee: | Ben Beasley <code> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | code |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | arpwatch-3.2-4.fc36 arpwatch-3.2-2.fc34 arpwatch-3.2-2.fc35 arpwatch-3.2-2.el9 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-02-07 13:45:19 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Fabrice Bellet
2022-02-07 12:21:42 UTC
Thanks for the report! This is not the first time the syscall filter has needed to be expanded. It’s hard to get right—for example, “fsync” is called by the “sendmail” executable and appears nowhere in arpwatch’s source code. Hopefully allowing the @sync group (“Synchronizing files and memory to disk (fsync(2), msync(2), and related calls”) in the service file will be sufficient. If there are other issues, please let me know and I’ll handle them too. FEDORA-2022-731283251a has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-731283251a Hmm, it seems odd to me. I'm not sure @sync is enough to include fsync, at least on fedora 34 (this is the version where this bug appears). The error message comes from arpwatch-3.2-1.fc34.x86_64, where the service file already contains "@sync". Replacing "@sync" by "@fsync" seems sufficient to make sendmail work in my case. But as I understand the documentation of systemd, "@" is a notation for syscalls groups description already ? I'll make some more tests. OK, I missed the meaning of the "~" at the beginning of the SystemCallFilter= option. FEDORA-2022-72bdec0aa7 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-72bdec0aa7 The updated service file works for me too. Thanks! FEDORA-2022-731283251a has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report. (In reply to Fabrice Bellet from comment #4) > OK, I missed the meaning of the "~" at the beginning of the > SystemCallFilter= option. Exactly right: removing @sync from this line stops excluding it, therefore allows it. I’ll be backporting this fix to stable releases, too. FEDORA-2022-61fe8850d0 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2022-61fe8850d0 FEDORA-EPEL-2022-bb65b22de7 has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-bb65b22de7 FEDORA-2022-72bdec0aa7 has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-72bdec0aa7` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-72bdec0aa7 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2022-61fe8850d0 has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-61fe8850d0` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-61fe8850d0 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-EPEL-2022-bb65b22de7 has been pushed to the Fedora EPEL 9 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-bb65b22de7 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2022-61fe8850d0 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2022-72bdec0aa7 has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-EPEL-2022-bb65b22de7 has been pushed to the Fedora EPEL 9 stable repository. If problem still persists, please make note of it in this bug report. |