Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Attempt to clarify error message for missing CONFIG_SECCOMP_FILTER #550

Merged
merged 1 commit into from
Feb 17, 2023

Conversation

smcv
Copy link
Collaborator

@smcv smcv commented Jan 23, 2023

General-purpose desktop distributions are compiled with CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER, but vendor kernels for phones and other assorted embedded devices don't necessarily enable these options. These kernels are unsuitable for running Flatpak, or anything else that relies on bwrap --seccomp or bwrap --add-seccomp-fd.

Missing CONFIG_SECCOMP or CONFIG_SECCOMP_FILTER is not the only reason why we could get EINVAL here: I think we'd also get EINVAL if the seccomp program is syntatically invalid. However, it's a relatively likely reason, so it seems worth providing a hint.

Helps: flatpak/flatpak#3069

General-purpose desktop distributions are compiled with CONFIG_SECCOMP
and CONFIG_SECCOMP_FILTER, but vendor kernels for phones and other
assorted embedded devices don't necessarily enable these options. These
kernels are unsuitable for running Flatpak, or anything else that relies
on `bwrap --seccomp` or `bwrap --add-seccomp-fd`.

Missing CONFIG_SECCOMP or CONFIG_SECCOMP_FILTER is not the *only* reason
why we could get EINVAL here: I think we'd also get EINVAL if the seccomp
program is syntatically invalid. However, it's a relatively likely reason,
so it seems worth providing a hint.

Helps: flatpak/flatpak#3069
Signed-off-by: Simon McVittie <smcv@collabora.com>
@smcv
Copy link
Collaborator Author

smcv commented Jan 30, 2023

Any reviewer thoughts on this?

@smcv
Copy link
Collaborator Author

smcv commented Feb 17, 2023

Timed out, merging this based on non-maintainer review.

@smcv smcv merged commit a319fd5 into containers:main Feb 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants