search

seccomp / libseccomp-golang

The libseccomp golang bindings repository
BSD 2-Clause "Simplified" License
267 stars 56 forks source link

BUG: unable to compile on Archlinux #89

Closed quinnjr closed 2 years ago

quinnjr commented 2 years ago

Attempts to compile this library on Archlinux for using snap result in the following error:

# github.com/snapcore/snapd/vendor/github.com/seccomp/libseccomp-golang
../go/src/github.com/snapcore/snapd/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go:630:2: duplicate case _Ciconst_C_ACT_KILL_THREAD (value 0) in switch
    previous case at ../go/src/github.com/snapcore/snapd/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go:626:2

The library does compile correctly in a clean chroot. The only thing I can really find different in my system versus a clean chroot is that I have CC/CXX set to Clang versus gcc.

kolyshkin commented 2 years ago

I believe this is fixed by https://github.com/seccomp/libseccomp-golang/pull/85, which is currently being reviewed.

pcmoore commented 2 years ago

With #85 merged, any chance @quinnjr that you can verify that the current main branch solved your problem?

quinnjr commented 2 years ago

With #85 merged, any chance @quinnjr that you can verify that the current main branch solved your problem?

No, still having the same issue with the switch statement.

*** Setting version to '2.55.4-1' from user.
# github.com/snapcore/snapd/vendor/github.com/seccomp/libseccomp-golang
../go/src/github.com/snapcore/snapd/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go:630:7: duplicate case (_Ciconst_C_ACT_KILL_THREAD) (constant 0 of type C.uint) in expression switch
    ../go/src/github.com/snapcore/snapd/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go:626:7: previous case
pcmoore commented 2 years ago

Hmm, I wonder if this is due to something related to snap? On my current (as of May 8, 2022) Arch system with my libseccomp-golang repo sitting at f57e1d55ea18cbace22a9eefbd5e83417a2c1ace, I'm able to build and run the tests without problem.

% make test
go test -v -timeout 10s
=== RUN   TestExpectedSeccompVersion
...
ok      github.com/seccomp/libseccomp-golang    0.021s

@quinnjr are you able to fetch the current repo and successfully do a make test outside of a snap environment?

quinnjr commented 2 years ago

@quinnjr are you able to fetch the current repo and successfully do a make test outside of a snap environment?

Tests all are passing just using make test. Might just be a snap issue then.

ishtar AUR/libseccomp-golang ‹main› » make test  
go test -v -timeout 10s
=== RUN   TestExpectedSeccompVersion
    seccomp_test.go:39: === RUN   TestExpectedSeccompVersion
        === RUN   TestExpectedSeccompVersion/subprocess
            seccomp_test.go:55: _EXPECTED_LIBSECCOMP_VERSION not set
        --- PASS: TestExpectedSeccompVersion (0.00s)
            --- SKIP: TestExpectedSeccompVersion/subprocess (0.00s)
        PASS
--- PASS: TestExpectedSeccompVersion (0.00s)
=== RUN   TestGetAPILevel
    seccomp_test.go:39: === RUN   TestGetAPILevel
        === RUN   TestGetAPILevel/subprocess
            seccomp_test.go:90: Got API level of 6
        --- PASS: TestGetAPILevel (0.00s)
            --- PASS: TestGetAPILevel/subprocess (0.00s)
        PASS
--- PASS: TestGetAPILevel (0.00s)
=== RUN   TestSetAPILevel
    seccomp_test.go:39: === RUN   TestSetAPILevel
        === RUN   TestSetAPILevel/subprocess
        --- PASS: TestSetAPILevel (0.00s)
            --- PASS: TestSetAPILevel/subprocess (0.00s)
        PASS
--- PASS: TestSetAPILevel (0.00s)
=== RUN   TestActionSetReturnCode
--- PASS: TestActionSetReturnCode (0.00s)
=== RUN   TestSyscallGetName
    seccomp_test.go:140: Got name of syscall 0x1 on native arch as write
--- PASS: TestSyscallGetName (0.00s)
=== RUN   TestSyscallGetNameByArch
--- PASS: TestSyscallGetNameByArch (0.00s)
=== RUN   TestGetSyscallFromName
    seccomp_test.go:185: Got syscall number of write on native arch as 1
--- PASS: TestGetSyscallFromName (0.00s)
=== RUN   TestGetSyscallFromNameByArch
    seccomp_test.go:203: Got syscall number of write on AMD64 as 1
--- PASS: TestGetSyscallFromNameByArch (0.00s)
=== RUN   TestMakeCondition
--- PASS: TestMakeCondition (0.00s)
=== RUN   TestGetNativeArch
    seccomp_test.go:266: Got native arch of system as amd64
--- PASS: TestGetNativeArch (0.00s)
=== RUN   TestFilterCreateRelease
--- PASS: TestFilterCreateRelease (0.00s)
=== RUN   TestFilterReset
--- PASS: TestFilterReset (0.00s)
=== RUN   TestFilterArchFunctions
--- PASS: TestFilterArchFunctions (0.00s)
=== RUN   TestFilterAttributeGettersAndSetters
--- PASS: TestFilterAttributeGettersAndSetters (0.00s)
=== RUN   TestMergeFilters
--- PASS: TestMergeFilters (0.00s)
=== RUN   TestAddRuleErrors
    seccomp_test.go:39: === RUN   TestAddRuleErrors
        === RUN   TestAddRuleErrors/subprocess
        --- PASS: TestAddRuleErrors (0.00s)
            --- PASS: TestAddRuleErrors/subprocess (0.00s)
        PASS
--- PASS: TestAddRuleErrors (0.00s)
=== RUN   TestRuleAddAndLoad
    seccomp_test.go:39: === RUN   TestRuleAddAndLoad
        === RUN   TestRuleAddAndLoad/subprocess
        --- PASS: TestRuleAddAndLoad (0.00s)
            --- PASS: TestRuleAddAndLoad/subprocess (0.00s)
        PASS
--- PASS: TestRuleAddAndLoad (0.00s)
=== RUN   TestLogAct
    seccomp_test.go:39: === RUN   TestLogAct
        === RUN   TestLogAct/subprocess
        --- PASS: TestLogAct (0.00s)
            --- PASS: TestLogAct/subprocess (0.00s)
        PASS
--- PASS: TestLogAct (0.00s)
=== RUN   TestCreateActKillThreadFilter
    seccomp_test.go:39: === RUN   TestCreateActKillThreadFilter
        === RUN   TestCreateActKillThreadFilter/subprocess
        --- PASS: TestCreateActKillThreadFilter (0.00s)
            --- PASS: TestCreateActKillThreadFilter/subprocess (0.00s)
        PASS
--- PASS: TestCreateActKillThreadFilter (0.00s)
=== RUN   TestCreateActKillProcessFilter
    seccomp_test.go:39: === RUN   TestCreateActKillProcessFilter
        === RUN   TestCreateActKillProcessFilter/subprocess
        --- PASS: TestCreateActKillProcessFilter (0.00s)
            --- PASS: TestCreateActKillProcessFilter/subprocess (0.00s)
        PASS
--- PASS: TestCreateActKillProcessFilter (0.00s)
=== RUN   TestNotif
    seccomp_test.go:39: === RUN   TestNotif
        === RUN   TestNotif/subprocess
            seccomp_test.go:936: Starting test 0
            seccomp_test.go:936: Test 0 completed
            seccomp_test.go:936: Starting test 1
            seccomp_test.go:936: Test 1 completed
            seccomp_test.go:936: Starting test 2
            seccomp_test.go:936: Test 2 completed
            seccomp_test.go:936: Starting test 3
            seccomp_test.go:936: Test 3 completed
            seccomp_test.go:933: Tests completed
        --- PASS: TestNotif (0.00s)
            --- PASS: TestNotif/subprocess (0.00s)
        PASS
--- PASS: TestNotif (0.00s)
=== RUN   TestNotifUnsupported
    seccomp_test.go:39: === RUN   TestNotifUnsupported
        === RUN   TestNotifUnsupported/subprocess
            seccomp_test.go:958: seccomp notification is supported
        --- PASS: TestNotifUnsupported (0.00s)
            --- SKIP: TestNotifUnsupported/subprocess (0.00s)
        PASS
--- PASS: TestNotifUnsupported (0.00s)
=== RUN   TestCheckVersion
    seccomp_ver_test.go:25: verNew requires libseccomp >= 100.99.7 (current version: 2.5.4)
    seccomp_ver_test.go:25: verMajor+1 requires libseccomp >= 3.0.0 (current version: 2.5.4)
    seccomp_ver_test.go:25: verMinor+1 requires libseccomp >= 2.6.0 (current version: 2.5.4)
    seccomp_ver_test.go:25: verMicro+1 requires libseccomp >= 2.5.5 (current version: 2.5.4)
    seccomp_ver_test.go:25: <nil>
    seccomp_ver_test.go:25: <nil>
--- PASS: TestCheckVersion (0.00s)
=== RUN   TestCheckAPI
    seccomp_ver_test.go:59: apiHigh requires libseccomp >= 0.0.0 and API level >= 99 (current version: 2.5.4, API level: 6)
    seccomp_ver_test.go:59: api+1 requires libseccomp >= 0.0.0 and API level >= 7 (current version: 2.5.4, API level: 6)
    seccomp_ver_test.go:59: <nil>
    seccomp_ver_test.go:59: <nil>
    seccomp_ver_test.go:59: <nil>
    seccomp_ver_test.go:59: verHigh requires libseccomp >= 99.0.0 (current version: 2.5.4)
--- PASS: TestCheckAPI (0.00s)
PASS
ok      github.com/seccomp/libseccomp-golang    0.016s
pcmoore commented 2 years ago

@quinnjr are you able to fetch the current repo and successfully do a make test outside of a snap environment?

Tests all are passing just using make test. Might just be a snap issue then.

If I'm understanding snap's go.mod correctly, it looks like they need to point to a more recent point in the repo as the revision they are referencing doesn't have the fix from #85. @quinnjr I'm going to close this issue as I don't think there is anything else we can do from a libseccomp-golang perspective, but if you find that not to be the case please feel free to comment/reopen this issue.

bboozzoo commented 2 years ago

I can reproduce this with the version of libseccomp-golandg we're using in snapd and CC=clang. Interestingly gcc does not complain. Anyways, I'll see if I can update the revision have we have in snapd.

pcmoore commented 2 years ago

Thanks @bboozzoo. FWIW, I just tried CC=clang make test on the current libseccomp-golang repo and it run clean, as expected. I really believe it is simply an older version of libseccomp-golang that is causing the issue. If you find there is a problem with the libseccomp-goland bindings, or if there is anything we can do to help resolve this on our end please comment/reopen.

Thanks.

allendred commented 7 months ago

snap 2.61.3-1 seccomp.h no such file or directory

pcmoore commented 7 months ago

The original issue was closed almost two years ago with a verdict it was a problem with snap and not libseccomp; please follow up with the snapcore/snapd team to further troubleshoot this issue.