On Mon, Nov 21, 2011 at 2:11 PM, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > On Mon, Nov 21, 2011 at 1:49 PM, Rafael J. Wysocki <rjw@xxxxxxx> wrote: >> >> Subject : [3.1 REGRESSION] Commit 5cec93c216db77c45f7ce970d46283bcb1933884 breaks the Chromium seccomp sandbox >> Submitter : Nix <nix@xxxxxxxxxxxxx> >> Date : 2011-11-14 0:40 >> Message-ID : 8762inleno.fsf@xxxxxxxxxxxxxxxx >> References : http://marc.info/?l=linux-kernel&m=132123396226377&w=2 > > So this should be fixed by commit 2b666859ec32 ("x86: Default to > vsyscall=native for now"), since we disabled the vsyscall emulation > because it broken UML too. I don't think so. I think the issue is that the chromium sandbox is trying to use getcpu, time, or gettimeofday from seccomp mode and the kernel is (IMO correctly) sending it SIGKILL. Nix can trigger the bug in vsyscall=native mode, so it's not the emulation. (If it's gettimeofday, then it's definitely not a regression. vgettimeofday would SIGKILL in seccomp mode with any timing source other than rdtsc or hpet even on old kernels.) I sent a patch to show which syscall is causing SIGKILL and haven't heard back. Meanwhile, I'm downloading the 1.1GB (!) tarball to see if I can reproduce it here. Fedora's build didn't trigger it for me, probably because the sandbox was disabled. To try to reduce the incidence of this stuff in the future, and to make vsyscall=none and UML more useful, I filed this bug: http://sourceware.org/bugzilla/show_bug.cgi?id=13425 --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html