• Status Assigned
  • Percent Complete
    0%
  • Task Type Bug Report
  • Category Packages
  • Assigned To No-one
  • Operating System pentium4
  • Severity Low
  • Priority Medium
  • Reported Version
  • Due in Version Undecided
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Arch Linux 32
Opened by Andreas Baumann - 20.02.2021
Last edited by Andreas Baumann - 06.03.2021

FS#162 - browsers based on Chromium break in secomp sanboxing

Everything using chromium/seccomp jailing breaks currently including chromium due to missing IA-32
rules in libseccomp and/or chromium itself.

Firefox seems to work fine.
epiphany works.
midori works.
luakit works.

Chromium crashes with sigsegv (I would expect something which reminds me of a seccomp syscall?).

konqueror, falkon, qutebrowser are based on qt5-webengine. They all open up but then don’t render a page (issuing the seccomp error messages attached below).

vivaldi the same, but as it is closed source, we cannot fix it.

Admin
Andreas Baumann commented on 20.02.2021 15:56

../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:CRASHING:seccomp-bpf failure in syscall 0360../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:CRASHING:seccomp-bpf failure in syscall 0360../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:CRASHING:seccomp-bpf failure in syscall 0360
../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:CRASHING:seccomp-bpf failure in syscall 0422
libva error: vaGetDriverNameByIndex() failed with unknown libva error, driver_name = (null)
[2958:2958:0220/161221.637197:ERROR:vaapi_wrapper.cc(541)] vaInitialize failed: unknown libva error
[2958:2958:0220/161221.933576:ERROR:sandbox_linux.cc(374)] InitializeSandbox() called with multiple threads in process gpu-process.
../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:CRASHING:seccomp-bpf failure in syscall ../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:CRASHING:seccomp-bpf failure in syscall 0422
../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:CRASHING:seccomp-bpf failure in syscall 0360../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:CRASHING:seccomp-bpf failure in syscall 0422../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:CRASHING:seccomp-bpf failure in syscall 0360

Admin
Andreas Baumann commented on 28.02.2021 07:57

This would be qt5-webengine. The whole thing is easy to fix (volunteers welcome):

Have a look at the existing patch:
qtwebengine-everywhere-src-5.15.0-sandbox-Aw-snap-for-syscalls-403-and-407.patch

Find out which new syscalls appeared in kernel 5.11 and glibc 2.33, make a new patch.

Admin
Andreas Baumann commented on 28.02.2021 19:11

statx and sendmsg? somebody just forgot to add i386 in #ifdefs in the sandbox and
forgot to define __NR_xxx constants in a operating system syscall wrapper.
qt5-webengine patch is on it's way, this fixes konqeror, falcon.

Admin
Andreas Baumann commented on 01.03.2021 07:38

They work but on some pages we miss font rendering, without any seccomp errors though…

Admin
Andreas Baumann commented on 11.03.2021 08:16

much better, now I have to recomile qt5-webengine with debug symbols enabled to see what
the new error is:

#
# Fatal error in , line 0
# ignored
#
#
#
#FailureMessage Object: 0xbfa8b1f4#0 0x0000b29c92ad <unknown>
#1 0x0000b293be71 <unknown>
#2 0x0000b3b2cb62 <unknown>
#3 0x0000b3b1e254 <unknown>
#4 0x0000b1c7f0bf <unknown>
#5 0x0000b18535b7 <unknown>
#6 0x0000b3b1e2a8 <unknown>
#7 0x0000b1853909 <unknown>
#8 0x0000b15f3907 <unknown>
#9 0x0000b3b2a583 <unknown>
#10 0x0000b3b271a2 <unknown>

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing