search

ros-infrastructure / buildfarm_deployment

Apache License 2.0
30 stars 39 forks source link

Docker default seccomp policy blocks personality systemcall required by sbcl #176

Closed nuclearsandwich closed 6 years ago

nuclearsandwich commented 6 years ago

Recent versions of Docker include a default seccomp configurations which block system calls the Docker upstream feel could allow malicious action. This configuration blocks the personality system call used by sbcl. When sbcl is unable to execute the system call successfully it prints the warning reported in https://github.com/ros/roslisp/issues/40 which causes the build to be marked unstable.

From https://github.com/ros/roslisp/issues/40#issuecomment-339735708:

gaya- writes: This warning happens because docker's seccomp (secure computation) mode enables Address Space Layout Randomization technique, which makes it more difficult for processes to corrupt other processes' memory. SBCL tries to turn off ASLR for its own process, as its ok to do that for yourself if you're not worried about others corrupting your memory. Usually Linux allows this but Docker doesn't per default. SBCL only supports ASLR mode partially, hence the warning. I can see the following solutions to this problem:

Also excerpted from that issue https://github.com/ros/roslisp/issues/40#issuecomment-340005344

nuclearsandwich writes: I would prefer not to disable seccomp entirely. The personality syscall is specifically un-whitelisted to prevent BSD emulation which is very untested within Docker. I have to re-up my seccomp knowledge in more detail but it looks like it's possible to whitelist syscalls with a subset of arguments enabling us to allow processes to disable ASLR without changing the execution persona to emulate another unix.

If we can't enable ASLR deactivation without also enabling BSD emulation I think it's potentially worth attempting to squelch the warning in the script or Jenkins config. We're already stretched for operations time and I'd like not to stray too far from defaults without being able to spend time investigating the potential side effects.

nuclearsandwich commented 6 years ago

Successful build of http://build.ros.org/view/Kdoc/job/Kdoc__ros_comm__ubuntu_xenial_amd64/52/