New issue
Advanced search Search tips

Issue 891253 link

Starred by 4 users
Status: Fixed
Owner:
allenwebb@google.com
Closed: Oct 22
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug



Sign in to add a comment

usbguard: madvise missing from seccomp policy

Project Member Reported by allenwebb@google.com, Oct 2 
A crash was reported in usbguard related to a missed syscall in the seccomp policy:
https://buganizer.corp.google.com/issues/117116656
Project Member

Comment 1 by bugdroid1@chromium.org, Oct 2 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/94499290e515502e3379e0dc7cc0ba61e17b2f84

commit 94499290e515502e3379e0dc7cc0ba61e17b2f84
Author: Allen Webb <allenwebb@google.com>
Date: Tue Oct 02 20:23:01 2018

usbguard: Add madvise to seccomp policy.

A missing syscall was leading to crashes during cleanup of
"usbguard generate-policy".

BUG= chromium:891253 , b:117116656
TEST=/sbin/minijail0 -u usbguard -g usbguard -c 2 -l -p -n -e --uts \\
      --profile=minimalistic-mountns \\
      -b /sys,,1 \\
      -S /usr/share/policy/usbguard-daemon-seccomp.policy \\
      /usr/bin/usbguard generate-policy

Change-Id: I14c3767ca44b035adcc39d429e252c4e5a99f818
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1255848
Reviewed-by: Mattias Nissler <mnissler@chromium.org>

[modify] https://crrev.com/94499290e515502e3379e0dc7cc0ba61e17b2f84/sys-apps/usbguard/files/usbguard-daemon-seccomp-amd64.policy
[rename] https://crrev.com/94499290e515502e3379e0dc7cc0ba61e17b2f84/sys-apps/usbguard/usbguard-20180726-r11.ebuild
[modify] https://crrev.com/94499290e515502e3379e0dc7cc0ba61e17b2f84/sys-apps/usbguard/files/usbguard-daemon-seccomp-arm.policy

Comment 2 by kkaluri@chromium.org, Oct 22 

Issue 897569 has been merged into this issue.

Comment 3 by allenwebb@google.com, Oct 22

Status: Fixed (was: Assigned)

Comment 5 by allenwebb@google.com, Oct 29 

kkaluri mistakenly marked 897569 as a duplicate of this issue. I have cleared that marking.

Comment 6 by dtapu...@chromium.org, Nov 21 

Issue 907169 has been merged into this issue.

Comment 7 by dtapu...@chromium.org, Dec 17 

Issue 915350 has been merged into this issue.

Comment 8 by allenwebb@google.com, Dec 17

Labels: Merge-Request-70
We might want to merge back to m-70 since this is a simple 1 line seccomp policy change and would take care of those crash reports. There isn't any functionality that is impacted by these crashes though because the feature is disabled.

Sign in to add a comment