Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[7.16](backport #28117) Allow clone3 syscall in seccomp filters #28330

Merged
merged 3 commits into from
Dec 12, 2021
Merged

[7.16](backport #28117) Allow clone3 syscall in seccomp filters #28330

merged 3 commits into from
Dec 12, 2021

Conversation

mergify[bot]
Copy link
Contributor

@mergify mergify bot commented Oct 11, 2021
edited by zube bot
Loading

This is an automatic backport of pull request #28117 done by Mergify.

Mergify commands and options

More conditions and actions can be found in the documentation.

You can also trigger Mergify actions by commenting on this pull request:

  • @Mergifyio refresh will re-evaluate the rules
  • @Mergifyio rebase will rebase this PR on its base branch
  • @Mergifyio update will merge the base branch into this PR
  • @Mergifyio backport <destination> will backport this PR on <destination> branch

Additionally, on Mergify dashboard you can:

  • look at your merge queues
  • generate the Mergify configuration with the config editor.

Finally, you can contact us on https://mergify.io/

@mergify mergify bot added the backport label Oct 11, 2021
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Oct 11, 2021
@botelastic
Copy link

botelastic bot commented Oct 11, 2021

This pull request doesn't have a Team:<team> label.

@elasticmachine
Copy link
Collaborator

elasticmachine commented Oct 11, 2021
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Duration: 134 min 23 sec

❕ Flaky test report

No test was executed to be analysed.

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@simitt
Copy link
Contributor

simitt commented Oct 12, 2021

/test

@mergify
Copy link
Contributor Author

mergify bot commented Oct 13, 2021

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b mergify/bp/7.x/pr-28117 upstream/mergify/bp/7.x/pr-28117
git merge upstream/7.x
git push upstream mergify/bp/7.x/pr-28117

@andresrc andresrc changed the base branch from 7.x to 7.16 October 20, 2021 14:50
@andresrc andresrc changed the title [7.x](backport #28117) Allow clone3 syscall in seccomp filters [7.16](backport #28117) Allow clone3 syscall in seccomp filters Oct 20, 2021
@jsoriano
Copy link
Member

/test

@jsoriano
Copy link
Member

Failures seem related:

Syscall filter could not be installederrorfailed to assemble policy: found unknown syscalls for arch x86_64: clone3

Could it be because of the base images used? @simitt is this change needed in 7.16 and 7.15?

@andrewkroh
Copy link
Member

I think #27955 needs backported in order to update go-seccomp-bpf with new syscall tables that include clone3.

@simitt
Copy link
Contributor

simitt commented Nov 11, 2021

@jsoriano somehow I missed your ping; if anyhow possible this should go into 7.16, seems we missed 7.15.2 unfortunately.

@andrewkroh
Copy link
Member

@Mergifyio rebase

BlackYoup and others added 2 commits November 11, 2021 17:56
@BlackYoup
seccomp: allow clone3 syscall for x86 (#28117)
30d1131 
clone3 is a linux syscall that is now used by glibc starting version
2.34. It is used when pthread_create() gets called. Current seccomp
filters do not allow this syscall leading to crashes like
runtime/cgo: pthread_create failed: Operation not permitted

See elastic/apm-server#6238 for more details

(cherry picked from commit 82507fd)
@jsoriano
Update CHANGELOG.next.asciidoc
593d8f9
@mergify
Copy link
Contributor Author

mergify bot commented Nov 11, 2021

rebase

✅ Branch has been successfully rebased

@andrewkroh
Copy link
Member

/test

@mergify
Copy link
Contributor Author

mergify bot commented Nov 17, 2021

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b mergify/bp/7.x/pr-28117 upstream/mergify/bp/7.x/pr-28117
git merge upstream/7.16
git push upstream mergify/bp/7.x/pr-28117

@andrewkroh andrewkroh mentioned this pull request Dec 12, 2021
Merged
7 tasks
@andrewkroh andrewkroh merged commit 1e1249d into 7.16 Dec 12, 2021
@mergify mergify bot deleted the mergify/bp/7.x/pr-28117 branch December 12, 2021 19:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
backport needs_team Indicates that the issue/PR needs a Team:* label
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@elasticmachine @simitt @jsoriano @andrewkroh @BlackYoup