#5487 closed enhancement (worksforme)
glibc enable-kernel version
Reported by: | thomas | Owned by: | lfs-book |
---|---|---|---|
Priority: | normal | Milestone: | 12.2 |
Component: | Book | Version: | git |
Severity: | normal | Keywords: | |
Cc: |
Description
In #lfs, a user reported
[08:51:00] <urja> If you build glibc with --enable-kernel=4.19, as is said in the book, firefox 125 sandboxed content process will not be able to find any fonts (and mysteriously crashes) because glibc statx() will not fall back to fstat (the sandbox blocks statx expecting the fallback)
I just add this as noone else of us is in #lfs, so i want to make sure that this doesn't get lost. I know, we do not have ff-125 in book for whatever reason, but its also true that Arch uses --enable-kernel=4.4
.
I cannot comment any further as my technical knowledge about this stuff is quite clear...
Change History (3)
comment:1 by , 8 months ago
comment:2 by , 8 months ago
Resolution: | → worksforme |
---|---|
Status: | new → closed |
I've built Firefox-125.0.3 and it runs fine for me on a system with Glibc built --enable-kernel=6.8.
I guess the issue has been covered up since the Glibc commit:
commit 551101e8240b7514fc646d1722f8b79c90362b8f Author: Adhemerval Zanella <adhemerval.zanella@linaro.org> Date: Mon Sep 11 10:25:48 2023 -0300 io: Do not implement fstat with fstatat AT_EMPTY_PATH is a requirement to implement fstat over fstatat, however it does not prevent the kernel to read the path argument. It is not an issue, but on x86-64 with SMAP-capable CPUs the kernel is forced to perform expensive user memory access. After that regular lookup is performed which adds even more overhead. Instead, issue the fstat syscall directly on LFS fstat implementation (32 bit architectures will still continue to use statx, which is required to have 64 bit time_t support). it should be even a small performance gain on non x86_64, since there is no need to handle the path argument. Checked on x86_64-linux-gnu.
which is released in Glibc-2.39 for x86_64. For 32-bit x86 we are already saying --disable-sandbox should be used in BLFS Firefox page.
comment:3 by , 8 months ago
No my previous guess seems incorrect. On x86_64 even Glibc-2.38 does not use statx for fstatat or fstat.
But anyway Firefox-125.0.3 is running fine for me. So I now guess the OP is just running a 32-bit LFS, and for 32-bit system we are already telling to disable Firefox sandbox.
The entire idea of "seccomp sandboxing" is bullsh*t, I'd say.