Opened 8 months ago

Closed 8 months ago

Last modified 8 months ago

#5487 closed enhancement (worksforme)

glibc enable-kernel version

Reported by: thomas Owned by: lfs-book
Priority: normal Milestone: 12.2
Component: Book Version: git
Severity: normal Keywords:
Cc:

Description

In #lfs, a user reported

[08:51:00] <urja> If you build glibc with --enable-kernel=4.19, as is said in
                  the book, firefox 125 sandboxed content process will not be
                  able to find any fonts (and mysteriously crashes) because
                  glibc statx() will not fall back to fstat (the sandbox
                  blocks statx expecting the fallback)

I just add this as noone else of us is in #lfs, so i want to make sure that this doesn't get lost. I know, we do not have ff-125 in book for whatever reason, but its also true that Arch uses --enable-kernel=4.4.

I cannot comment any further as my technical knowledge about this stuff is quite clear...

Change History (3)

comment:1 by Xi Ruoyao, 8 months ago

The entire idea of "seccomp sandboxing" is bullsh*t, I'd say.

comment:2 by Xi Ruoyao, 8 months ago

Resolution: worksforme
Status: newclosed

I've built Firefox-125.0.3 and it runs fine for me on a system with Glibc built --enable-kernel=6.8.

I guess the issue has been covered up since the Glibc commit:

commit 551101e8240b7514fc646d1722f8b79c90362b8f
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date:   Mon Sep 11 10:25:48 2023 -0300

    io: Do not implement fstat with fstatat
    
    AT_EMPTY_PATH is a requirement to implement fstat over fstatat,
    however it does not prevent the kernel to read the path argument.
    It is not an issue, but on x86-64 with SMAP-capable CPUs the kernel is
    forced to perform expensive user memory access.  After that regular
    lookup is performed which adds even more overhead.
    
    Instead, issue the fstat syscall directly on LFS fstat implementation
    (32 bit architectures will still continue to use statx, which is
    required to have 64 bit time_t support).  it should be even a
    small performance gain on non x86_64, since there is no need
    to handle the path argument.
    
    Checked on x86_64-linux-gnu.

which is released in Glibc-2.39 for x86_64. For 32-bit x86 we are already saying --disable-sandbox should be used in BLFS Firefox page.

Last edited 8 months ago by Xi Ruoyao (previous) (diff)

comment:3 by Xi Ruoyao, 8 months ago

No my previous guess seems incorrect. On x86_64 even Glibc-2.38 does not use statx for fstatat or fstat.

But anyway Firefox-125.0.3 is running fine for me. So I now guess the OP is just running a 32-bit LFS, and for 32-bit system we are already telling to disable Firefox sandbox.

Note: See TracTickets for help on using tickets.