Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Operation not permitted - select_internal_with_gvl:epoll_wait with snap base 'core22' #360

Closed
paddor opened this issue Nov 25, 2024 · 19 comments

Comments

@paddor
Copy link
Contributor

paddor commented Nov 25, 2024

After switching from the filesystem namespace for Unix domain sockets for ZMQ (ipc:///tmp/my-endpoint) on Linux to the abstact namespace (ipc://@my-endpoint), I'm getting:

/snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:383:in `select': Operation not permitted - select_internal_with_gvl:epoll_wait (Errno::EPERM)
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:383:in `run_once!'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:103:in `block in close'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:458:in `block in run_loop'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:455:in `handle_interrupt'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:455:in `run_loop'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:101:in `close'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/reactor.rb:27:in `scheduler_close'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/kernel/sync.rb:35:in `set_scheduler'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/kernel/sync.rb:35:in `ensure in Sync'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/kernel/sync.rb:35:in `Sync'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/xyz-4.1.19/lib/xyz/runners/single_process.rb:51:in `start_actors'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/xyz-4.1.19/lib/xyz/runners/single_process.rb:28:in `run'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/xyz-4.1.19/lib/xyz/application.rb:96:in `start'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/xyz-4.1.19/lib/xyz/cli/cli.rb:23:in `start'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/thor-1.3.2/lib/thor/command.rb:28:in `run'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/thor-1.3.2/lib/thor/invocation.rb:127:in `invoke_command'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/thor-1.3.2/lib/thor.rb:538:in `dispatch'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/thor-1.3.2/lib/thor/base.rb:584:in `start'
        from /snap/xyz-protocol-simulator/x83/app/bin/simulator:13:in `<top (required)>'
        from /snap/xyz-protocol-simulator/x83/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/cli/exec.rb:58:in `load'
        from /snap/xyz-protocol-simulator/x83/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/cli/exec.rb:58:in `kernel_load'
        from /snap/xyz-protocol-simulator/x83/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/cli/exec.rb:23:in `run'
        from /snap/xyz-protocol-simulator/x83/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/cli.rb:456:in `exec'
        from /snap/xyz-protocol-simulator/x83/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/vendor/thor/lib/thor/command.rb:28:in `run'
        from /snap/xyz-protocol-simulator/x83/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/vendor/thor/lib/thor/invocation.rb:127:in `invoke_command'
        from /snap/xyz-protocol-simulator/x83/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/vendor/thor/lib/thor.rb:527:in `dispatch'
        from /snap/xyz-protocol-simulator/x83/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/cli.rb:35:in `dispatch'
        from /snap/xyz-protocol-simulator/x83/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/vendor/thor/lib/thor/base.rb:584:in `start'
        from /snap/xyz-protocol-simulator/x83/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/cli.rb:29:in `start'
        from /snap/xyz-protocol-simulator/x83/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/exe/bundle:28:in `block in <top (required)>'
        from /snap/xyz-protocol-simulator/x83/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/friendly_errors.rb:117:in `with_friendly_errors'
        from /snap/xyz-protocol-simulator/x83/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/exe/bundle:20:in `<top (required)>'
        from /snap/xyz-protocol-simulator/x83/usr/bin/bundle:25:in `load'
        from /snap/xyz-protocol-simulator/x83/usr/bin/bundle:25:in `<main>'

Is this a known problem? Maybe a readiness notification FD for Unix domain sockets in the abstract namespace is not possible?

Ruby: 3.3.6
Linux: Ubuntu 22.04 inside a Snap

@paddor paddor changed the title Epoll and Abstract namespaces Operation not permitted - select_internal_with_gvl:epoll_wait with snap base 'core22' Nov 25, 2024
@ioquatix
Copy link
Member

I have not seen this before. Are you able to make a small reproduction?

@paddor
Copy link
Contributor Author

paddor commented Nov 25, 2024

Sorry, it seems to have nothing to do with abstract namespaces.

@paddor paddor closed this as completed Nov 25, 2024
@ioquatix
Copy link
Member

What was the issue?

@paddor
Copy link
Contributor Author

paddor commented Nov 25, 2024

I don't know. The issue persists. But I'm assuming it's because I'm also switching from the snap base core20 to core22.

@paddor
Copy link
Contributor Author

paddor commented Nov 25, 2024

I have a small reproduction: https://github.com/paddor/async-issue-360

Build, install, and run the snap with:

bundle
bundle exec rake snap
sudo snap install --dangerous async-issue-360_0.1.0_amd64.snap
async-issue-360

I had to include the plug network to avoid the following error:

$ async-issue-360
bundler: failed to load command: /snap/async-issue-360/x7/app/bin/async-issue-360 (/snap/async-issue-360/x7/app/bin/async-issue-360)
/snap/async-issue-360/x7/usr/lib/ruby/3.3.0/resolv.rb:970:in `initialize': Permission denied @ rb_sysopen - /etc/resolv.conf (Errno::EACCES)
        from /snap/async-issue-360/x7/usr/lib/ruby/3.3.0/resolv.rb:970:in `open'
        from /snap/async-issue-360/x7/usr/lib/ruby/3.3.0/resolv.rb:970:in `parse_resolv_conf'
        from /snap/async-issue-360/x7/usr/lib/ruby/3.3.0/resolv.rb:999:in `default_config_hash'
        from /snap/async-issue-360/x7/usr/lib/ruby/3.3.0/resolv.rb:88:in `initialize'
        from /snap/async-issue-360/x7/usr/lib/ruby/3.3.0/resolv.rb:3371:in `new'
        from /snap/async-issue-360/x7/usr/lib/ruby/3.3.0/resolv.rb:3371:in `<class:Resolv>'
        from /snap/async-issue-360/x7/usr/lib/ruby/3.3.0/resolv.rb:38:in `<top (required)>'
        from /snap/async-issue-360/x7/usr/lib/ruby/3.3.0/bundled_gems.rb:69:in `require'
        from /snap/async-issue-360/x7/usr/lib/ruby/3.3.0/bundled_gems.rb:69:in `block (2 levels) in replace_require'
        from /snap/async-issue-360/x7/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:14:in `<top (required)>'
        from /snap/async-issue-360/x7/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/reactor.rb:8:in `require_relative'
        from /snap/async-issue-360/x7/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/reactor.rb:8:in `<top (required)>'
        from /snap/async-issue-360/x7/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async.rb:8:in `require_relative'
        from /snap/async-issue-360/x7/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async.rb:8:in `<top (required)>'
        from /snap/async-issue-360/x7/usr/lib/ruby/3.3.0/bundled_gems.rb:69:in `require'
        from /snap/async-issue-360/x7/usr/lib/ruby/3.3.0/bundled_gems.rb:69:in `block (2 levels) in replace_require'
        from /snap/async-issue-360/x7/app/bin/async-issue-360:3:in `<top (required)>'
        from /snap/async-issue-360/x7/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/cli/exec.rb:58:in `load'
        from /snap/async-issue-360/x7/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/cli/exec.rb:58:in `kernel_load'
        from /snap/async-issue-360/x7/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/cli/exec.rb:23:in `run'
        from /snap/async-issue-360/x7/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/cli.rb:456:in `exec'
        from /snap/async-issue-360/x7/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/vendor/thor/lib/thor/command.rb:28:in `run'
        from /snap/async-issue-360/x7/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/vendor/thor/lib/thor/invocation.rb:127:in `invoke_command'
        from /snap/async-issue-360/x7/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/vendor/thor/lib/thor.rb:527:in `dispatch'
        from /snap/async-issue-360/x7/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/cli.rb:35:in `dispatch'
        from /snap/async-issue-360/x7/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/vendor/thor/lib/thor/base.rb:584:in `start'
        from /snap/async-issue-360/x7/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/cli.rb:29:in `start'
        from /snap/async-issue-360/x7/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/exe/bundle:28:in `block in <top (required)>'
        from /snap/async-issue-360/x7/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/friendly_errors.rb:117:in `with_friendly_errors'
        from /snap/async-issue-360/x7/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/exe/bundle:20:in `<top (required)>'
        from /snap/async-issue-360/x7/usr/bin/bundle:25:in `load'
        from /snap/async-issue-360/x7/usr/bin/bundle:25:in `<main>'

@paddor paddor reopened this Nov 25, 2024
@paddor
Copy link
Contributor Author

paddor commented Nov 25, 2024

Maybe Async::Scheduler should only try to require "resolv" when #address_resolve is called and ::Resolv isn't defined yet. That would make it possible to use Async in non-network snaps. But I guess that would bring race-conditions since require isn't thread-safe if I'm not mistaken.

@paddor
Copy link
Contributor Author

paddor commented Nov 25, 2024

Or try to require it, rescue Errno::EACCESS, and then have #address_resolve fail with NotImplementedError. That's maybe too specific already. And this isn't an actual problem I'm personally running into. My snaps are networked.

@paddor
Copy link
Contributor Author

paddor commented Dec 12, 2024

Any updates here? It also happens on core24. Should I open an issue somewhere else?

@ioquatix
Copy link
Member

I will take a look today.

@paddor
Copy link
Contributor Author

paddor commented Dec 18, 2024

I tried again and checked /var/log/syslog. I have lines like these:

Dec 18 13:39:16 xxx-dev-2022 kernel: [624196.804854] audit: type=1400 audit(1734525556.003:3100): apparmor="DENIED" operation="open" class="file" profile="snap.async-issue-360.async-issue-360" name="/home/xxx/.gem/ruby/3.3.6/specifications/" pid=2714560 comm="ruby" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Dec 18 13:39:16 xxx-dev-2022 kernel: [624196.804862] audit: type=1400 audit(1734525556.003:3101): apparmor="DENIED" operation="open" class="file" profile="snap.async-issue-360.async-issue-360" name="/home/xxx/.rubies/ruby-3.3.6/lib/ruby/gems/3.3.0/specifications/" pid=2714560 comm="ruby" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

Maybe they have something to do with it?

@ioquatix
Copy link
Member

Sorry 😞 I did not have time to check it yet, let me take a look now.

@ioquatix
Copy link
Member

Can you please clarify, is the issue here the issue with the address_resolve hook or the issue with abstract unix domain sockets? Or both?

@paddor
Copy link
Contributor Author

paddor commented Dec 18, 2024

The issue has nothing to do with the abstract namespace or address_resolve. It's only about this:

/snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:383:in `select': Operation not permitted - select_internal_with_gvl:epoll_wait (Errno::EPERM)
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:383:in `run_once!'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:103:in `block in close'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:458:in `block in run_loop'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:455:in `handle_interrupt'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:455:in `run_loop'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:101:in `close'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/reactor.rb:27:in `scheduler_close'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/kernel/sync.rb:35:in `set_scheduler'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/kernel/sync.rb:35:in `ensure in Sync'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/kernel/sync.rb:35:in `Sync'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/xyz-4.1.19/lib/xyz/runners/single_process.rb:51:in `start_actors'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/xyz-4.1.19/lib/xyz/runners/single_process.rb:28:in `run'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/xyz-4.1.19/lib/xyz/application.rb:96:in `start'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/xyz-4.1.19/lib/xyz/cli/cli.rb:23:in `start'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/thor-1.3.2/lib/thor/command.rb:28:in `run'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/thor-1.3.2/lib/thor/invocation.rb:127:in `invoke_command'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/thor-1.3.2/lib/thor.rb:538:in `dispatch'
        from /snap/xyz-protocol-simulator/x83/app/vendor/bundle/ruby/3.3.0/gems/thor-1.3.2/lib/thor/base.rb:584:in `start'
        from /snap/xyz-protocol-simulator/x83/app/bin/simulator:13:in `<top (required)>'

Something related to epoll it seems.

@paddor
Copy link
Contributor Author

paddor commented Dec 18, 2024

I just tried starting the snap without an env, so it won't try to look up files in $GEM_HOME or $GEM_PATH. It still leads to the same error:

(Command is in Fish-shell syntax)

$ env -i (which async-issue-360)
.bundler: failed to load command: /snap/async-issue-360/x13/app/bin/async-issue-360 (/snap/async-issue-360/x13/app/bin/async-issue-360)
/snap/async-issue-360/x13/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:383:in `select': Operation not permitted - select_internal_with_gvl:epoll_wait (Errno::EPERM)
        from /snap/async-issue-360/x13/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:383:in `run_once!'
        from /snap/async-issue-360/x13/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:422:in `run_once'
        from /snap/async-issue-360/x13/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:495:in `block in run'
        from /snap/async-issue-360/x13/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:458:in `block in run_loop'
        from /snap/async-issue-360/x13/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:455:in `handle_interrupt'
        from /snap/async-issue-360/x13/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:455:in `run_loop'
        from /snap/async-issue-360/x13/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/async/scheduler.rb:494:in `run'
        from /snap/async-issue-360/x13/app/vendor/bundle/ruby/3.3.0/gems/async-2.21.0/lib/kernel/sync.rb:33:in `Sync'
        from /snap/async-issue-360/x13/app/bin/async-issue-360:5:in `<top (required)>'
        from /snap/async-issue-360/x13/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/cli/exec.rb:58:in `load'
        from /snap/async-issue-360/x13/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/cli/exec.rb:58:in `kernel_load'
        from /snap/async-issue-360/x13/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/cli/exec.rb:23:in `run'
        from /snap/async-issue-360/x13/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/cli.rb:456:in `exec'
        from /snap/async-issue-360/x13/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/vendor/thor/lib/thor/command.rb:28:in `run'
        from /snap/async-issue-360/x13/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/vendor/thor/lib/thor/invocation.rb:127:in `invoke_command'
        from /snap/async-issue-360/x13/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/vendor/thor/lib/thor.rb:527:in `dispatch'
        from /snap/async-issue-360/x13/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/cli.rb:35:in `dispatch'
        from /snap/async-issue-360/x13/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/vendor/thor/lib/thor/base.rb:584:in `start'
        from /snap/async-issue-360/x13/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/cli.rb:29:in `start'
        from /snap/async-issue-360/x13/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/exe/bundle:28:in `block in <top (required)>'
        from /snap/async-issue-360/x13/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/lib/bundler/friendly_errors.rb:117:in `with_friendly_errors'
        from /snap/async-issue-360/x13/usr/lib/ruby/gems/3.3.0/gems/bundler-2.5.23/exe/bundle:20:in `<top (required)>'
        from /snap/async-issue-360/x13/usr/bin/bundle:25:in `load'
        from /snap/async-issue-360/x13/usr/bin/bundle:25:in `<main>'

@paddor
Copy link
Contributor Author

paddor commented Dec 18, 2024

That lead to these lines in /var/log/syslog:

Dec 18 14:30:21 xxx-dev-2022 systemd[6169]: Started snap.async-issue-360.async-issue-360-3b5f7460-8d14-4e54-a23c-47060dde08f8.scope.
Dec 18 14:30:21 xxx-dev-2022 kernel: [627262.375484] kauditd_printk_skb: 1 callbacks suppressed
Dec 18 14:30:21 xxx-dev-2022 kernel: [627262.375487] audit: type=1326 audit(1734528621.679:3103): auid=1000 uid=1000 gid=1000 ses=6 subj=snap.async-issue-360.async-issue-360 pid=2725419 comm="ruby" exe="/snap/async-issue-360/x13/usr/bin/ruby" sig=0 arch=c000003e syscall=441 compat=0 ip=0x72af23530fa1 code=0x50000

@paddor
Copy link
Contributor Author

paddor commented Dec 18, 2024

strace says it's this call:

epoll_ctl(4, EPOLL_CTL_ADD, 8, {events=EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, data={u32=3901425000, u64=133603154134376}}) = -1 EPERM (Operation not permitted)

@paddor
Copy link
Contributor Author

paddor commented Dec 19, 2024

You probably don't have to investigate any further. I've created a post on the snapcraft forum and it seems that epoll_pwait2 is missing in some seccomp template [1].

[1] https://forum.snapcraft.io/t/epoll-works-on-core20-but-fails-on-core22/44347/4

@ioquatix
Copy link
Member

Thanks, that looks promising.

Relevant PR: canonical/snapd#14885

@paddor
Copy link
Contributor Author

paddor commented Jan 17, 2025

Can confirm it works with base22 and base24 when run on the next version v2.67.1 of Snapd, which is currently available with sudo snap refresh --edge.

@paddor paddor closed this as completed Jan 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants