On Fri, 2016-06-10 at 18:32 +0100, Dimitri John Ledkov wrote:
> New libseccomp is in yakkety proposed. There is a change, on some
> architecutres, w.r.t. to canonical representation of syscall
> There are normal syscall numbers and multiplexed ones. And some are
> exposed as both - direct numbers and negative pseudo syscall numbers.
> All filtering should remain in place for both direct and pseudo
> But I had to adjust our autopkgtests for this, and I'm wondering if
> there are any other pieces of software to fix as a result of this
> upstream change on some architectures (e.g. lxc, apparmor, click,
> snapd, juju, etc....)
AppArmor shouldn't care and click doesn't do anything with seccomp.
snapd does, but we take the syscall and use seccomp_syscall_resolve_name() from
libseccomp to get the syscall number to feed into seccomp_rule_add_* so it
should be fine.
Jamie Strandboge | http://www.canonical.com