search

proot-me / proot

chroot, mount --bind, and binfmt_misc without privilege/setup for Linux
https://proot-me.github.io
GNU General Public License v2.0
1.96k stars 369 forks source link

proot 5.3 regression wrt. seccomp? #336

Open kcgthb opened 1 year ago

kcgthb commented 1 year ago

Summary

It looks like the seccomp auto-detection system doesn't work anymore in 5.3.1 Running proot ... generates a segfault, while PROOT_NO_SECCOMP=1 proot ... works.

Expected Behavior

Working proot.

Actual Behavior

Segfault.

Steps to Reproduce the Problem

  1. Compile and install proot 5.3.1
  2. Run proot echo "foo"
  3. Note the lack of output (and explicit segfault in verbose mode)

Specifications

Command Output

With version 5.3.1:

$ proot -V
 _____ _____              ___
|  __ \  __ \_____  _____|   |_
|   __/     /  _  \/  _  \    _|
|__|  |__|__\_____/\_____/\____| v5.3.1-99a84175

built-in accelerators: process_vm = yes, seccomp_filter = yes

Visit https://proot-me.github.io for help, bug reports, suggestions, patches, ...
Copyright (C) 2022 PRoot Developers, licensed under GPL v2 or later.

$ proot -v 1 echo "foo"
proot info: binding = /
proot info: exe = /usr/bin/echo
proot info: argv = echo foo
proot info: initial cwd = /home/users/kilian
proot info: verbose level = 1
proot info: pid 27882: access to "/dev/pts/0" (fd 0) won't be translated until closed
proot info: pid 27882: access to "/dev/pts/0" (fd 1) won't be translated until closed
proot info: pid 27882: access to "/dev/pts/0" (fd 2) won't be translated until closed
proot info: pid 27882: access to "/proc/27882/fd" (fd 3) won't be translated until closed
proot info: ptrace acceleration (seccomp mode 2) enabled
proot info: vpid 1: terminated with signal 11

$ PROOT_NO_SECCOMP=1 proot -v 1 echo "foo"
proot info: binding = /
proot info: exe = /usr/bin/echo
proot info: argv = echo foo
proot info: initial cwd = /home/users/kilian
proot info: verbose level = 1
proot info: pid 28577: access to "/dev/pts/0" (fd 0) won't be translated until closed
proot info: pid 28577: access to "/dev/pts/0" (fd 1) won't be translated until closed
proot info: pid 28577: access to "/dev/pts/0" (fd 2) won't be translated until closed
proot info: pid 28577: access to "/proc/28577/fd" (fd 3) won't be translated until closed
foo
proot info: vpid 1: exited with status 0

The same thing works with proot 5.2.0:

$ proot -V
 _____ _____              ___
|  __ \  __ \_____  _____|   |_
|   __/     /  _  \/  _  \    _|
|__|  |__|__\_____/\_____/\____| v5.2.0

built-in accelerators: process_vm = yes, seccomp_filter = yes

Visit https://proot-me.github.io for help, bug reports, suggestions, patches, ...
Copyright (C) 2021 PRoot Developers, licensed under GPL v2 or later.

$ proot -v 1 echo "foo"
proot info: binding = /
proot info: exe = /usr/bin/echo
proot info: argv = echo foo
proot info: initial cwd = /home/users/kilian
proot info: verbose level = 1
proot info: pid 28661: access to "/dev/pts/0" (fd 0) won't be translated until closed
proot info: pid 28661: access to "/dev/pts/0" (fd 1) won't be translated until closed
proot info: pid 28661: access to "/dev/pts/0" (fd 2) won't be translated until closed
proot info: pid 28661: access to "/proc/28661/fd" (fd 3) won't be translated until closed
proot info: ptrace acceleration (seccomp mode 2) enabled
foo
proot info: vpid 1: exited with status 0

It looks like some sort of regression between 5.2.0 and 5.3.1?