1
submitted 10 months ago by zygoon@fosstodon.org to c/kde@lemmy.kde.social

There's some mismatch between Linux kernel 3.10 and #KDE that wants to use clone3 to create a process thread.

Do I know anyone from @kde@lemmy.kde.social @kde@floss.social who is able to assist with debugging it further?

The system call clone3 has been added to linux 5.3 but it seems that KDE does not do any fallback in case the system call is rejected with EPERM.

all 8 comments
sorted by: hot top controversial new old
[-] carlschwan@floss.social 2 points 10 months ago

@zygoon @kde@lemmy.kde.social @kde kernel 3.10 was released more than 10 years ago and received a last update in 2017. Is that really a kernel still used in the wild?

Looking at https://lxr.kde.org/search?%21v=kf5-qt5&_filestring=&_string=sched.h, KDE does not do a clone3 directly. It's likely done by a dependency of Plasma :( But I might be wrong as I'm definitively not an expert in syscall

[-] zygoon@fosstodon.org 0 points 10 months ago
[-] Conan_Kudo@fosstodon.org 2 points 10 months ago

@zygoon @carlschwan @kde@lemmy.kde.social @kde@floss.social It's likely coming from some usage of libseccomp somewhere. This also afflicts the container stack and such, which is why RHEL 9 containers on RHEL 7 are not supported.

Container/sandbox runtimes using libseccomp need to explicitly always allow clone3() through, or otherwise it will not fail correctly on RHEL 7.

[-] zygoon@fosstodon.org 1 points 10 months ago

@Conan_Kudo @carlschwan @kde@lemmy.kde.social @kde@floss.social yeah, I strongly suspect seccomp. I’m debugging this now and I will share updates when I get to the bottom of the problem.

[-] Conan_Kudo@fosstodon.org 1 points 10 months ago* (last edited 10 months ago)

@zygoon @carlschwan @kde@lemmy.kde.social @kde@floss.social The clone3() call is done implicitly and automatically by glibc. It started with glibc 2.34. This is most likely a problem in the Ubuntu Core 22 runtime that KDE snaps are built on.

The fix is to patch out the logic that uses it for clone() in Ubuntu's glibc.

[-] brauner@mastodon.social 1 points 10 months ago

@zygoon @kde@lemmy.kde.social @kde@floss.social because any reasonable implementation will treat EPERM from a process creation system call as a fatal error. If this is e.g., blocked through seccomp. ENOSYS is the correct error to return. It's just naive seccomp sandboxes that started this EPERM nonsense. So I'd rule that out first. Unless you're using something that requires specific capabilities such as creating a process with a specific PID. That can legitimately return EPERM.

[-] zygoon@fosstodon.org 1 points 10 months ago

@brauner @kde@lemmy.kde.social @kde@floss.social

Thanks for the insight. I was surprised by EPERM, would have expected ENOSYS as well.

Looks like EPERM is most likely coming out of unknow system call name being filtered-out by snap-seccomp compiler. I'll update snapd to 2.61.1 to avoid chasing fixed bugs and then see if there's something to improve in the compiler.

this post was submitted on 23 Jan 2024
1 points (60.0% liked)

KDE

5401 readers
181 users here now

KDE is an international technology team creating user-friendly free and open source software for desktop and portable computing. KDE’s software runs on GNU/Linux, BSD and other operating systems, including Windows.

Plasma 6 Bugs

If you encounter a bug, proceed to https://bugs.kde.org, check whether it has been reported.

If it hasn't, report it yourself.

PLEASE THINK CAREFULLY BEFORE POSTING HERE.

Developers do not look for reports on social media, so they will not see it and all it does is clutter up the feed.

founded 1 year ago
MODERATORS