lpadmin -m everywhere crashes due to seccomp failure |
||||||
Issue descriptionCrash with signal 31 which indicates minijail. Invoked from debugd CupsAddPrinterAutoConf. 2017-03-22T17:35:07.483799-07:00 INFO cupsd[13635]: REQUEST localhost - - "POST /admin/ HTTP/1.1" 401 242 CUPS-Add-Modify-Printer successful-ok 2017-03-22T17:35:07.486717-07:00 INFO cupsd[13635]: REQUEST localhost - lpadmin "POST /admin/ HTTP/1.1" 200 242 CUPS-Add-Modify-Printer successful-ok 2017-03-22T17:35:07.508695-07:00 NOTICE kernel: [109208.123078] audit: type=1326 audit(1490229307.507:5): auid=4294967295 uid=269 gid=7 ses=4294967295 subj=u:r:chromeos:s0 pid=13836 comm="lpadmin" exe="/usr/sbin/lpadmin" sig=31 arch=c000003e syscall=52 compat=0 ip=0x7c1c3a0cc457 code=0x0 2017-03-22T17:35:07.546927-07:00 WARNING crash_reporter[13837]: [user] Received crash notification for lpadmin[13836] sig 31, user 269 (developer build - not testing - always dumping) 2017-03-22T17:35:07.549954-07:00 INFO crash_reporter[13837]: State of crashed process [13836]: S (sleeping) 2017-03-22T17:35:07.567140-07:00 INFO metrics_daemon[1600]: [INFO:metrics_daemon.cc(396)] Got org.chromium.CrashReporter.UserCrash D-Bus signal 2017-03-22T17:35:07.571046-07:00 INFO crash_reporter[13837]: Stored minidump to /var/spool/crash/lpadmin.20170322.173507.13836.dmp 2017-03-22T17:35:07.571365-07:00 INFO crash_reporter[13837]: Leaving core file at /var/spool/crash/lpadmin.20170322.173507.13836.core due to developer image 2017-03-22T17:35:07.579749-07:00 WARNING minijail0[13835]: libminijail[13835]: child process 13836 received signal 31 2017-03-22T17:35:07.580167-07:00 ERR debugd[12748]: Child process failed: Resource temporarily unavailable
,
Mar 28 2017
This is what gets run:
Lpadmin({"-v", uri, "-p", name, "-m", "everywhere", "-E"}, error)
So it's going to be:
minijail0 -S /usr/share/policy/lpadmin-seccomp.policy -u lpadmin -g lpadmin /usr/sbin/lpadmin -v uri -p name -m everywhere -E
or something pretty close to that
,
Mar 28 2017
Yes. This was observed for x86_64 aka amd64.
,
Apr 3 2017
CL out for review.
,
Apr 13 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/7289a6faab30b5de961c89c6a76c31d3769def47 commit 7289a6faab30b5de961c89c6a76c31d3769def47 Author: Sean Kau <skau@chromium.org> Date: Thu Apr 13 03:25:30 2017 net-print/cups: Fix seccomp filters for autoconfig lpadmin uses getpeername when we use the option '-m everywhere'. It needs this because it must interrogate the printer over the network and needs to resolve the address. Also fix x86 and arm which needed more syscalls. BUG= chromium:704366 TEST=`dbus-send --system --print-reply --dest=org.chromium.debugd /org/chromium/debugd org.chromium.debugd.CupsAddAutoConfiguredPrinter string:'lex' string:'ipp://192.168.1.170/'` verify success. Change-Id: Ie487a34505adbf0da2436e1b6333d0b14600b8ac Reviewed-on: https://chromium-review.googlesource.com/458581 Commit-Ready: Sean Kau <skau@chromium.org> Tested-by: Sean Kau <skau@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/7289a6faab30b5de961c89c6a76c31d3769def47/net-print/cups/files/lpadmin-seccomp-amd64.policy [modify] https://crrev.com/7289a6faab30b5de961c89c6a76c31d3769def47/net-print/cups/files/lpadmin-seccomp-x86.policy [modify] https://crrev.com/7289a6faab30b5de961c89c6a76c31d3769def47/net-print/cups/files/cupsd-seccomp-x86.policy [modify] https://crrev.com/7289a6faab30b5de961c89c6a76c31d3769def47/net-print/cups/files/lpadmin-seccomp-arm.policy [rename] https://crrev.com/7289a6faab30b5de961c89c6a76c31d3769def47/net-print/cups/cups-2.1.4-r15.ebuild
,
Apr 13 2017
,
May 30 2017
,
Aug 1 2017
,
Jan 22 2018
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by justincarlson@chromium.org
, Mar 24 2017