Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow different syscalls from kernels 5.12 -> 5.16 #43594

Merged
merged 1 commit into from
May 13, 2022

Conversation

rumpl
Copy link
Member

@rumpl rumpl commented May 13, 2022

- What I did

Allowed different syscalls from kernels 5.12 -> 5.16

Kernel 5.12:

mount_setattr: needs CAP_SYS_ADMIN

Kernel 5.14:

quotactl_fd: needs CAP_SYS_ADMIN
memfd_secret: always allowed

Kernel 5.15:

process_mrelease: always allowed

Kernel 5.16:

futex_waitv: always allowed

- How I did it

This is a carry from containerd/containerd#6494

@rumpl rumpl force-pushed the seccomp-5.16 branch 2 times, most recently from 7cc8961 to 2533d1d Compare May 13, 2022 09:37
Kernel 5.12:

    mount_setattr: needs CAP_SYS_ADMIN

Kernel 5.14:

    quotactl_fd: needs CAP_SYS_ADMIN
    memfd_secret: always allowed

Kernel 5.15:

    process_mrelease: always allowed

Kernel 5.16:

    futex_waitv: always allowed

Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rumpl
Copy link
Member Author

rumpl commented May 13, 2022

I'm not sure the errors are related

[2022-05-13T12:47:56.156Z] === Failed
[2022-05-13T12:47:56.156Z] === FAIL: github.com/docker/docker/integration/container TestRenameRunningContainerAndReuse (16.88s)
[2022-05-13T12:47:56.156Z]     main_test.go:32: assertion failed: error is not nil: Error response from daemon: Could not kill running container df88cffbdbb15afeae6f1adc727ed677f165abf8a39d15999131dc51daa704c0, cannot remove - tried to kill container, but did not receive an exit event: failed to remove df88cffbdbb15afeae6f1adc727ed677f165abf8a39d15999131dc51daa704c0
[2022-05-13T13:40:25.351Z] === FAIL: github.com/docker/docker/integration-cli TestDockerSuite/TestSlowStdinClosing/2 (0.92s)
[2022-05-13T13:40:25.351Z]     docker_cli_run_test.go:4165: d:\CI\PR-43594\6\binary\docker.exe: Error response from daemon: failed to create shim task: open \\.\pipe\containerd-e0f5a0f6e00f82eba60b058d40422009dcf515e1c7fd386ef36075419481d9f9-init-stdin: The system cannot find the file specified.: not found.

@thaJeztah
Copy link
Member

Windows is kinda flaky (sometimes slow), e.g. TestRunInteractiveWithRestartPolicy is known to be flaky (#39352); TestSlowStdinClosing as well (#43012)

No ticket (yet) for TestRenameRunningContainerAndReuse, but I see it failed in a couple of occasions; https://github.com/moby/moby/search?q=TestRenameRunningContainerAndReuse&type=issues

I'll kick it again

@thaJeztah
Copy link
Member

Although Windows doesn't use seccomp, so it's just to get CI green 😂

@thaJeztah
Copy link
Member

Another failure on Windows; unrelated, but in case there's an issue somewhere (I saw something similar recently);

=== RUN   TestRenameAnonymousContainer
    main_test.go:32: assertion failed: error is not nil: Error response from daemon: Could not kill running container 9000d33b282204b81b11913c1e49b3411b8f8d657a4f34899065ed48b08c62da, cannot remove - tried to kill container, but did not receive an exit event: failed to remove 9000d33b282204b81b11913c1e49b3411b8f8d657a4f34899065ed48b08c62da
    main_test.go:32: assertion failed: error is not nil: Error response from daemon: error while removing network: network network1TestRenameAnonymousContainer id ca59a08111066149cbc5b4e0a37cfc42e3d0f5b4fbbce9da1b33c85ba2a56490 has active endpoints: failed to remove network ca59a08111066149cbc5b4e0a37cfc42e3d0f5b4fbbce9da1b33c85ba2a56490
--- FAIL: TestRenameAnonymousContainer (23.53s)
[2022-05-13T17:44:26.275Z] INFO: Killing daemon with PID 11184
[2022-05-13T17:44:26.275Z] INFO: Tidying pidfile d:\CI\PR-43594\8\docker.pid
[2022-05-13T17:44:26.275Z] INFO: Stopping possible daemon pid 11184
[2022-05-13T17:44:26.275Z] ERROR: The process "11184" not found.
[2022-05-13T17:44:26.743Z] 
[2022-05-13T17:44:26.743Z] 
[2022-05-13T17:44:26.743Z] __GENUS          : 2
[2022-05-13T17:44:26.743Z] __CLASS          : __PARAMETERS
[2022-05-13T17:44:26.743Z] __SUPERCLASS     : 
[2022-05-13T17:44:26.743Z] __DYNASTY        : __PARAMETERS
[2022-05-13T17:44:26.743Z] __RELPATH        : 
[2022-05-13T17:44:26.743Z] __PROPERTY_COUNT : 1
[2022-05-13T17:44:26.743Z] __DERIVATION     : {}
[2022-05-13T17:44:26.743Z] __SERVER         : 
[2022-05-13T17:44:26.743Z] __NAMESPACE      : 
[2022-05-13T17:44:26.743Z] __PATH           : 
[2022-05-13T17:44:26.743Z] ReturnValue      : 0
[2022-05-13T17:44:26.743Z] PSComputerName   : 
[2022-05-13T17:44:26.743Z] 
[2022-05-13T17:44:26.743Z] __GENUS          : 2
[2022-05-13T17:44:26.743Z] __CLASS          : __PARAMETERS
[2022-05-13T17:44:26.743Z] __SUPERCLASS     : 
[2022-05-13T17:44:26.743Z] __DYNASTY        : __PARAMETERS
[2022-05-13T17:44:26.743Z] __RELPATH        : 
[2022-05-13T17:44:26.743Z] __PROPERTY_COUNT : 1
[2022-05-13T17:44:26.743Z] __DERIVATION     : {}
[2022-05-13T17:44:26.743Z] __SERVER         : 
[2022-05-13T17:44:26.743Z] __NAMESPACE      : 
[2022-05-13T17:44:26.743Z] __PATH           : 
[2022-05-13T17:44:26.743Z] ReturnValue      : 0
[2022-05-13T17:44:26.743Z] PSComputerName   : 
[2022-05-13T17:44:26.743Z] 
[2022-05-13T17:44:27.212Z] __GENUS          : 2
[2022-05-13T17:44:27.212Z] __CLASS          : __PARAMETERS
[2022-05-13T17:44:27.212Z] __SUPERCLASS     : 
[2022-05-13T17:44:27.212Z] __DYNASTY        : __PARAMETERS
[2022-05-13T17:44:27.212Z] __RELPATH        : 
[2022-05-13T17:44:27.212Z] __PROPERTY_COUNT : 1
[2022-05-13T17:44:27.212Z] __DERIVATION     : {}
[2022-05-13T17:44:27.212Z] __SERVER         : 
[2022-05-13T17:44:27.212Z] __NAMESPACE      : 
[2022-05-13T17:44:27.212Z] __PATH           : 
[2022-05-13T17:44:27.212Z] ReturnValue      : 0
[2022-05-13T17:44:27.212Z] PSComputerName   : 
[2022-05-13T17:44:27.212Z] 
[2022-05-13T17:44:27.212Z] __GENUS          : 2
[2022-05-13T17:44:27.212Z] __CLASS          : __PARAMETERS
[2022-05-13T17:44:27.212Z] __SUPERCLASS     : 
[2022-05-13T17:44:27.212Z] __DYNASTY        : __PARAMETERS
[2022-05-13T17:44:27.212Z] __RELPATH        : 
[2022-05-13T17:44:27.212Z] __PROPERTY_COUNT : 1
[2022-05-13T17:44:27.212Z] __DERIVATION     : {}
[2022-05-13T17:44:27.212Z] __SERVER         : 
[2022-05-13T17:44:27.212Z] __NAMESPACE      : 
[2022-05-13T17:44:27.212Z] __PATH           : 
[2022-05-13T17:44:27.212Z] ReturnValue      : 0
[2022-05-13T17:44:27.212Z] PSComputerName   : 
[2022-05-13T17:44:27.212Z] 
[2022-05-13T17:44:28.202Z] INFO: Nuking d:\CI
[2022-05-13T17:44:30.436Z] Exception 0xc0000420 0x0 0x0 0x7ff976472e0a
[2022-05-13T17:44:30.436Z] PC=0x7ff976472e0a
[2022-05-13T17:44:30.436Z] 
[2022-05-13T17:44:30.436Z] syscall.Syscall(0x7ff97125d430, 0x2, 0xc082069d68, 0xc0820066b0, 0x0, 0x3, 0x3, 0x0)
[2022-05-13T17:44:30.436Z] 	c:/go/src/runtime/syscall_windows.go:128 +0x5c
[2022-05-13T17:44:30.436Z] github.com/microsoft/hcsshim._destroyLayer(0xc082069d68, 0xc0820066b0, 0x0, 0x0)
[2022-05-13T17:44:30.436Z] 	e:/go/src/github.com/docker/docker/vendor/src/github.com/microsoft/hcsshim/zhcsshim.go:181 +0x9f
[2022-05-13T17:44:30.436Z] github.com/microsoft/hcsshim.destroyLayer(0xc082069d68, 0xc0820062cb, 0x2, 0x0, 0x0)
[2022-05-13T17:44:30.436Z] 	e:/go/src/github.com/docker/docker/vendor/src/github.com/microsoft/hcsshim/zhcsshim.go:174 +0x77
[2022-05-13T17:44:30.436Z] github.com/microsoft/hcsshim.DestroyLayer(0x0, 0xc0820062c8, 0x3, 0xc0820062cb, 0x2, 0x0, 0x0)
[2022-05-13T17:44:30.436Z] 	e:/go/src/github.com/docker/docker/vendor/src/github.com/microsoft/hcsshim/destroylayer.go:18 +0x38a
[2022-05-13T17:44:30.436Z] main.main()
[2022-05-13T17:44:30.436Z] 	E:/docker/ci/docker-ci-zap/zap.go:38 +0x23a
[2022-05-13T17:44:30.436Z] rax     0x20
[2022-05-13T17:44:30.436Z] rbx     0x0
[2022-05-13T17:44:30.436Z] rcx     0x60
[2022-05-13T17:44:30.436Z] rdi     0x20
[2022-05-13T17:44:30.436Z] rsi     0x13e48d0
[2022-05-13T17:44:30.436Z] rbp     0x8dc19
[2022-05-13T17:44:30.436Z] rsp     0x8dbb0
[2022-05-13T17:44:30.436Z] r8      0x20
[2022-05-13T17:44:30.436Z] r9      0x58
[2022-05-13T17:44:30.436Z] r10     0x17
[2022-05-13T17:44:30.436Z] r11     0x246
[2022-05-13T17:44:30.436Z] r12     0x0
[2022-05-13T17:44:30.436Z] r13     0x0
[2022-05-13T17:44:30.436Z] r14     0x0
[2022-05-13T17:44:30.437Z] r15     0x0
[2022-05-13T17:44:30.437Z] rip     0x7ff976472e0a
[2022-05-13T17:44:30.437Z] rflags  0x246
[2022-05-13T17:44:30.437Z] cs      0x33
[2022-05-13T17:44:30.437Z] fs      0x53
[2022-05-13T17:44:30.437Z] gs      0x2b
[2022-05-13T17:44:30.437Z] 
[2022-05-13T17:44:30.437Z] INFO: executeCI.ps1 exiting at Fri May 13 17:44:30 CUT 2022. Duration 00:24:56.6287914
[2022-05-13T17:44:30.437Z] 

@thaJeztah
Copy link
Member

And Windows/c8d is hitting TestSlowStdinClosing again 🙄

@thaJeztah
Copy link
Member

Bringing this one in

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants