? 2015/1/28 ?? 02:21, Nikos Mavrogiannopoulos ??: > On Tue, 2015-01-27 at 21:17 +0800, Lemon Lam wrote: >> ? 2015/1/27 ?? 09:10, Nikos Mavrogiannopoulos ??: >>> On Tue, Jan 27, 2015 at 10:39 AM, Lemon Lam <alemonmk at gmail.com> wrote: >>>> ? 2015/1/27 ?? 05:10, Nikos Mavrogiannopoulos ??: >>>>> On Tue, Jan 27, 2015 at 10:01 AM, Lemon Lam <alemonmk at gmail.com> wrote: >>>>>>> Do you use linux-namespaces or seccomp? If yes try disabling it. >>>>>>> Otherwise please provide more information about your build. >>>>>> I can confirm that disabling seccomp do get rid of the problem. >>>>> Then, could you provide more information about your kernel version, >>>>> the cpu architecture, and the output of "strace -f" of ocserv? >>>> Kernel is Linode's customised 3.18.1-x86_64, but the OS is i386. >>>> strace output is attached. >>> >>> As far as I understand the seccomp filter does prevent select() from >>> being executed. Do you have the latest libseccomp in that platform? >>> >> Yes, libseccomp2 from Debian repo is 2.1.1, same with the one on >> sourceforge, aptitude tells me that it's up to date too. > > It looks like an issue in libseccomp. I've reported it to libseccomp ml, > but I have no i686 system to reproduce. I'd appreciate if you could > compile the attached select.c and report the output, here or in > seccomp-discuss. > > https://sourceforge.net/p/libseccomp/mailman/message/33275762/ > > regards, > Nikos > select is blocked, as expected. I've attached a strace output in case you need it. regards, Lam -------------- next part -------------- execve("./a.out", ["./a.out"], [/* 17 vars */]) = 0 brk(0) = 0x9933000 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf7794000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=38983, ...}) = 0 mmap2(NULL, 38983, PROT_READ, MAP_PRIVATE, 3, 0) = 0xf778a000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/usr/lib/i386-linux-gnu/libseccomp.so.2", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20<\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=62976, ...}) = 0 mmap2(NULL, 65808, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf7779000 mmap2(0xf7786000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0xf7786000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/i386-linux-gnu/i686/cmov/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\3\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\233\1\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=1742588, ...}) = 0 mmap2(NULL, 1747580, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf75ce000 mmap2(0xf7773000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a5000) = 0xf7773000 mmap2(0xf7776000, 10876, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf7776000 close(3) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf75cd000 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf75cc000 set_thread_area({entry_number:-1, base_addr:0xf75cc700, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 (entry_number:12) mprotect(0xf7773000, 8192, PROT_READ) = 0 mprotect(0xf7786000, 12288, PROT_READ) = 0 mprotect(0xf77b8000, 4096, PROT_READ) = 0 munmap(0xf778a000, 38983) = 0 open("/dev/null", O_RDONLY) = 3 brk(0) = 0x9933000 brk(0x9954000) = 0x9954000 prctl(PR_SET_NO_NEW_PRIVS, 0x1, 0, 0, 0) = 0 prctl(PR_SET_SECCOMP, 0x2, 0x9933048, 0, 0) = 0 write(2, "select is blocked!\n", 19) = 19 exit_group(1) = ? +++ exited with 1 +++
