Sandbox too strict when compiled with libxml2

[TobiX]

When using ctags in sandbox mode (from zoekt), ctags crashes often when it is instructed to parse xml files:

Program terminated with signal SIGSYS, Bad system call.
#0  0x00007fa00bb13760 in futex_wake (private=0, processes_to_wake=2147483647, futex_word=0x7fa00f6d36a8 <once_control>) at ../sysdeps/unix/sysv/linux/futex-internal.h:231
231     ../sysdeps/unix/sysv/linux/futex-internal.h: No such file or directory.
(gdb) bt
#0  0x00007fa00bb13760 in futex_wake (private=0, processes_to_wake=2147483647, futex_word=0x7fa00f6d36a8 <once_control>) at ../sysdeps/unix/sysv/linux/futex-internal.h:231
#1  __pthread_once_slow (once_control=0x7fa00f6d36a8 <once_control>, init_routine=0x7fa00f3e9860 <xmlOnceInit>) at pthread_once.c:127
#2  0x00007fa00bb137e5 in __GI___pthread_once (once_control=once_control@entry=0x7fa00f6d36a8 <once_control>, init_routine=init_routine@entry=0x7fa00f3e9860 <xmlOnceInit>) at pthread_once.c:143
#3  0x00007fa00f3e9d41 in xmlIsMainThread__internal_alias () at ../../threads.c:805
#4  0x00007fa00f3e92b9 in __xmlGenericErrorContext__internal_alias () at ../../globals.c:883
#5  0x00007fa00f350311 in xmlSetGenericErrorFunc__internal_alias (ctx=ctx@entry=0x0, handler=handler@entry=0x5593ae5518d0 <suppressWarning>) at ../../error.c:114
#6  0x00005593ae551bd2 in findXMLTags (ctx=0x0, root=0x0, xpathTableTable=0x5593ae7e9f60 <maven2XpathTableTable>, kinds=kinds@entry=0x5593ae7ea160 <Maven2Kinds>, userData=userData@entry=0x7fff5aa1ff98)
    at main/lxpath.c:167
#7  0x00005593ae5a7fdb in findMaven2TagsForTable (tindex=<optimized out>, node=<optimized out>, ctx=<optimized out>) at parsers/maven2.c:220
#8  0x00005593ae55d807 in createTagsForFile (passCount=1, language=93) at main/parse.c:2802
#9  createTagsWithFallback1 (language=language@entry=93, exclusive_subparser=exclusive_subparser@entry=0x7fff5aa2004c) at main/parse.c:2898
#10 0x00005593ae55db01 in createTagsWithFallback (mio=<optimized out>, language=93, fileName=0x5593af5c0510 "pom.xml") at main/parse.c:2982
#11 parseFileWithMio (fileName=0x5593af5c0510 "pom.xml", mio=<optimized out>) at main/parse.c:3162
#12 0x00005593ae552818 in interactiveLoop (args=<optimized out>, user=0x5593ae7ec750 <args>) at main/main.c:563
#13 0x00005593ae547b19 in runMainLoop (args=0x5593af596240) at main/main.c:432
#14 main (argc=<optimized out>, argv=0x7fff5aa205f0) at main/main.c:673

I could fix this by allowing the futex syscall, but I don't know the security implications (probably none?):

diff --git a/main/seccomp.c b/main/seccomp.c
index f93e9ed9..4df46221 100644
--- a/main/seccomp.c
+++ b/main/seccomp.c
@@ -46,6 +46,10 @@ int installSyscallFilter (void)
        // main/parse.c:2764 : tagFilePosition (&tagfpos);
        seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (lseek), 0);

+#ifdef HAVE_LIBXML
+       seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (futex), 0);
+#endif
+
        verbose ("Entering sandbox\n");
        int err = seccomp_load (ctx);
        if (err < 0)

Probably @hanwen wants to chime in? Do you see any problems with this?

[masatake]

Could you submit your chanage as a pull request?

[hanwen]

I think it should be fine to allow futex() . You should probably remove the #ifdef and put a comment instead.

[masatake]

@hanwen, thank you for the comment.