[Webkit-unassigned] [Bug 215212] [GLIB] Wrong argument order for clone syscall seccomp filter on s390x

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=215212

Adrian Perez <aperez at igalia.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |aperez at igalia.com,
                   |                            |pgriffis at igalia.com

--- Comment #2 from Adrian Perez <aperez at igalia.com> ---
(In reply to Alberto Garcia from comment #0)
> It seems that the order of the arguments in the clone() syscall depends on
> the architecture (you can see that in the clone(2) manpage).
> 
> We use that in WebKit's seccomp filter (glib/BubblewrapLauncher.cpp), and
> this is broken in s390x at least.
> 
> Flatpak is also affected, and we are using the same code. Here's the fix for
> Flatpak:
> https://github.com/flatpak/flatpak/pull/3777/commits/
> 6d70aabc03f0389e548911b14446d702a07b016c

(CC'ing Patrick, as he's our resident sandboxing expert.)

Yes, we also need a similar fix in the WebKit sandboxing code. One would
imagine that libseccomp takes care of this kind of busy-work… but it turns
out that it's a pretty dumb wrapper around the kernel interface ��️

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200806/12520de1/attachment.htm>