- Status New
- Percent Complete
- Task Type Bug Report
- Category Packages
- Assigned To No-one
- Operating System pentium4
- Severity Low
- Priority Medium
- Reported Version
- Due in Version Undecided
-
Due Date
Undecided
- Votes
- Private
Attached to Project: Arch Linux 32
Opened by Andreas Baumann - 20.02.2021
Last edited by Andreas Baumann - 25.02.2022
Opened by Andreas Baumann - 20.02.2021
Last edited by Andreas Baumann - 25.02.2022
FS#162 - browsers based on Chromium break in secomp sanboxing
Everything using chromium/seccomp jailing breaks currently including chromium due to missing IA-32
rules in libseccomp and/or chromium itself.
Firefox seems to work fine.
epiphany works.
midori works.
luakit works.
Chromium crashes with sigsegv (I would expect something which reminds me of a seccomp syscall?).
konqueror, falkon, qutebrowser are based on qt5-webengine. They all open up but then don’t render a page (issuing the seccomp error messages attached below).
vivaldi the same, but as it is closed source, we cannot fix it.
../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:CRASHING:seccomp-bpf failure in syscall 0360../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:CRASHING:seccomp-bpf failure in syscall 0360../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:CRASHING:seccomp-bpf failure in syscall 0360
../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:CRASHING:seccomp-bpf failure in syscall 0422
libva error: vaGetDriverNameByIndex() failed with unknown libva error, driver_name = (null)
[2958:2958:0220/161221.637197:ERROR:vaapi_wrapper.cc(541)] vaInitialize failed: unknown libva error
[2958:2958:0220/161221.933576:ERROR:sandbox_linux.cc(374)] InitializeSandbox() called with multiple threads in process gpu-process.
../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:CRASHING:seccomp-bpf failure in syscall ../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:CRASHING:seccomp-bpf failure in syscall 0422
../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:CRASHING:seccomp-bpf failure in syscall 0360../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:CRASHING:seccomp-bpf failure in syscall 0422../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:CRASHING:seccomp-bpf failure in syscall 0360
This would be qt5-webengine. The whole thing is easy to fix (volunteers welcome):
Have a look at the existing patch:
qtwebengine-everywhere-src-5.15.0-sandbox-Aw-snap-for-syscalls-403-and-407.patch
Find out which new syscalls appeared in kernel 5.11 and glibc 2.33, make a new patch.
statx and sendmsg? somebody just forgot to add i386 in #ifdefs in the sandbox and
forgot to define __NR_xxx constants in a operating system syscall wrapper.
qt5-webengine patch is on it's way, this fixes konqeror, falcon.
They work but on some pages we miss font rendering, without any seccomp errors though…
much better, now I have to recomile qt5-webengine with debug symbols enabled to see what
the new error is:
https://groups.google.com/a/chromium.org/g/chromium-packagers/c/EwWwdXmCcgY
https://chromium-review.googlesource.com/c/chromium/src/+/2753571
This is for futex64 only for now..
WAIT!! vivaldi worked for me few months ago with `–no-sandbox` and even the chromium which i compiled yesterday for arch32 showed some error but with this it worked…