Bug 2218663

Summary: [abrt] oci-seccomp-bpf-hook: runtime.raise(): oci-seccomp-bpf-hook killed by SIGABRT
Product: [Fedora] Fedora Reporter: xspielinbox+redhat
Component: oci-seccomp-bpf-hookAssignee: Jindrich Novy <jnovy>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 38CC: container-sig, go-sig, jnovy, lsm5, rh.container.bot, vrothber, xspielinbox+redhat
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/e9d36dfa2ffe91aa5ca8854f7235884d7994908
Whiteboard: abrt_hash:61d175b91fe33017f9297f584e38ee5da56a1063;VARIANT_ID=workstation;
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: proc_pid_status
none
File: maps
none
File: limits
none
File: open_fds
none
File: mountinfo
none
File: os_info
none
File: cpuinfo
none
File: core_backtrace
none
File: dso_list
none
File: backtrace
none
File: environ none

Description xspielinbox+redhat 2023-06-29 18:56:18 UTC
Description of problem:
I used oci-seccomp-bpf-hook without root (podman run [...] --annotation io.containers.trace-syscall=of:/tmp/seccomp-custom.json [...]).
It then gave me the cryptic error "Error: OCI runtime error: crun: error executing hook `/usr/libexec/oci/hooks.d/oci-seccomp-bpf-hook` (exit code: 1)"
and crashed.

I know, that it does not work without administrative permission, but the error handling could be improved.
It should not crash with insufficient permission, but this should be handled "gracefully" and the error message should perhaps include something that would indicate, what the error could be, e.g. that it has some permissions problems.

Version-Release number of selected component:
oci-seccomp-bpf-hook-1.2.9-1.fc38

Additional info:
reporter:       libreport-2.17.10
type:           CCpp
reason:         oci-seccomp-bpf-hook killed by SIGABRT
journald_cursor: s=9a7a550263b44ce2aae567ae74362384;i=1de052;b=633cd69c786741e2b385c6d8365fddf7;m=56f3e723b;t=5ff48c544934e;x=3805e3d70f08887
executable:     /usr/libexec/oci/hooks.d/oci-seccomp-bpf-hook
cmdline:        oci-seccomp-bpf-hook -r 54024 -o /tmp/seccomp-custom.json -i
cgroup:         0::/user.slice/user-1000.slice/user/user.slice/libpod-conmon-10893be2bbe297589572c3d765953536d4c86aa67c45f9d3e214961ae3ddbfe5.scope
rootdir:        /
uid:            1000
kernel:         6.3.8-200.fc38.x86_64
package:        oci-seccomp-bpf-hook-1.2.9-1.fc38
runlevel:       N 5
backtrace_rating: 4
crash_function: runtime.raise

Truncated backtrace:
Thread no. 1 (22 frames)
 #0 runtime.raise at /usr/lib/golang/src/runtime/sys_linux_amd64.s:154
 #1 runtime.dieFromSignal at /usr/lib/golang/src/runtime/signal_unix.go:879
 #2 runtime.sigfwdgo at /usr/lib/golang/src/runtime/signal_unix.go:1092
 #3 runtime.sigtrampgo at /usr/lib/golang/src/runtime/signal_unix.go:432
 #4 runtime.sigtramp at /usr/lib/golang/src/runtime/sys_linux_amd64.s:354
 #6 runtime.raise at /usr/lib/golang/src/runtime/sys_linux_amd64.s:154
 #7 runtime.dieFromSignal at /usr/lib/golang/src/runtime/signal_unix.go:879
 #8 runtime.crash at /usr/lib/golang/src/runtime/signal_unix.go:971
 #9 runtime.fatalpanic at /usr/lib/golang/src/runtime/panic.go:1168
 #10 runtime.gopanic at /usr/lib/golang/src/runtime/panic.go:987
 #11 runtime.panicmem at /usr/lib/golang/src/runtime/panic.go:260
 #12 runtime.sigpanic at /usr/lib/golang/src/runtime/signal_unix.go:837
 #13 github.com/containers/oci-seccomp-bpf-hook/vendor/github.com/iovisor/gobpf/bcc.(*Module).Close.func1 at /usr/src/debug/oci-seccomp-bpf-hook-1.2.9-1.fc38.x86_64/_build/src/github.com/containers/oci-seccomp-bpf-hook/vendor/github.com/iovisor/gobpf/bcc/module.go:155
 #14 github.com/containers/oci-seccomp-bpf-hook/vendor/github.com/iovisor/gobpf/bcc.(*Module).Close at /usr/src/debug/oci-seccomp-bpf-hook-1.2.9-1.fc38.x86_64/_build/src/github.com/containers/oci-seccomp-bpf-hook/vendor/github.com/iovisor/gobpf/bcc/module.go:155
 #15 main.runBPFSource.func3 at /usr/src/debug/oci-seccomp-bpf-hook-1.2.9-1.fc38.x86_64/_build/src/github.com/containers/oci-seccomp-bpf-hook/oci-seccomp-bpf-hook.go:223
 #16 runtime.gopanic at /usr/lib/golang/src/runtime/panic.go:890
 #17 runtime.panicmem at /usr/lib/golang/src/runtime/panic.go:260
 #18 runtime.sigpanic at /usr/lib/golang/src/runtime/signal_unix.go:837
 #19 github.com/containers/oci-seccomp-bpf-hook/vendor/github.com/iovisor/gobpf/bcc.(*Module).Load at /usr/src/debug/oci-seccomp-bpf-hook-1.2.9-1.fc38.x86_64/_build/src/github.com/containers/oci-seccomp-bpf-hook/vendor/github.com/iovisor/gobpf/bcc/module.go:224
 #20 github.com/containers/oci-seccomp-bpf-hook/vendor/github.com/iovisor/gobpf/bcc.(*Module).LoadTracepoint at /usr/src/debug/oci-seccomp-bpf-hook-1.2.9-1.fc38.x86_64/_build/src/github.com/containers/oci-seccomp-bpf-hook/vendor/github.com/iovisor/gobpf/bcc/module.go:205
 #21 main.runBPFSource at /usr/src/debug/oci-seccomp-bpf-hook-1.2.9-1.fc38.x86_64/_build/src/github.com/containers/oci-seccomp-bpf-hook/oci-seccomp-bpf-hook.go:226
 #22 main.main at /usr/src/debug/oci-seccomp-bpf-hook-1.2.9-1.fc38.x86_64/_build/src/github.com/containers/oci-seccomp-bpf-hook/oci-seccomp-bpf-hook.go:84

Comment 1 xspielinbox+redhat 2023-06-29 18:56:21 UTC
Created attachment 1973238 [details]
File: proc_pid_status

Comment 2 xspielinbox+redhat 2023-06-29 18:56:23 UTC
Created attachment 1973239 [details]
File: maps

Comment 3 xspielinbox+redhat 2023-06-29 18:56:24 UTC
Created attachment 1973240 [details]
File: limits

Comment 4 xspielinbox+redhat 2023-06-29 18:56:26 UTC
Created attachment 1973241 [details]
File: open_fds

Comment 5 xspielinbox+redhat 2023-06-29 18:56:28 UTC
Created attachment 1973242 [details]
File: mountinfo

Comment 6 xspielinbox+redhat 2023-06-29 18:56:29 UTC
Created attachment 1973243 [details]
File: os_info

Comment 7 xspielinbox+redhat 2023-06-29 18:56:31 UTC
Created attachment 1973244 [details]
File: cpuinfo

Comment 8 xspielinbox+redhat 2023-06-29 18:56:33 UTC
Created attachment 1973245 [details]
File: core_backtrace

Comment 9 xspielinbox+redhat 2023-06-29 18:56:34 UTC
Created attachment 1973246 [details]
File: dso_list

Comment 10 xspielinbox+redhat 2023-06-29 18:56:36 UTC
Created attachment 1973247 [details]
File: backtrace

Comment 11 xspielinbox+redhat 2023-06-29 18:56:38 UTC
Created attachment 1973248 [details]
File: environ