The compiled zipjail binary on the master branch is outdated (version 0.5 vs 0.5.2 from the tracy project master)
As a result, its syscall whitelist is missing getdents64 and getpid:
sflock master:
.rodata:000000000049B914 aGettimeofday db 'gettimeofday',0 ; DATA XREF: .data:00000000006C81C0↓o
.rodata:000000000049B921 aStat64 db 'stat64',0 ; DATA XREF: .data:00000000006C81C8↓o
.rodata:000000000049B928 aSysDevicesSyst_1 db '/sys/devices/system/cpu',0
compiled tracy master:
.rodata:000000000049F0B4 aGettimeofday db 'gettimeofday',0 ; DATA XREF: .data:00000000004CE1C0↓o
.rodata:000000000049F0C1 aStat64 db 'stat64',0 ; DATA XREF: .data:00000000004CE1C8↓o
.rodata:000000000049F0C8 aGetdents64 db 'getdents64',0 ; DATA XREF: .data:00000000004CE1D0↓o
.rodata:000000000049F0D3 aGetpid_0 db 'getpid',0 ; DATA XREF: .data:00000000004CE1D8↓o
.rodata:000000000049F0DA aSysDevicesSyst_1 db '/sys/devices/system/cpu',0
This will cause some archives to be incorrectly dropped: (unpacking an iso archive using 7zip)
ERROR:root:Blocked system call occurred during sandboxing!
ip=0x7fd816c6d07b sp=0x7fffbe193978 abi=0 nr=217 syscall=getdents64
Killing child 7064
The compiled zipjail binary on the
masterbranch is outdated (version0.5vs0.5.2from the tracy project master) As a result, its syscall whitelist is missinggetdents64andgetpid: sflock master:compiled tracy master:
This will cause some archives to be incorrectly dropped: (unpacking an iso archive using 7zip)