[Bug 1925216] Re: confusing but harmless warning messages printed about syscalls

Dan Streetman 1925216 at bugs.launchpad.net
Fri Jun 4 14:29:39 UTC 2021 

ubuntu at lp1925216-b:~$ dpkg -l |grep libseccomp2
ii  libseccomp2:amd64                2.4.3-1ubuntu3.18.04.3                      amd64        high level interface to Linux seccomp filter
ubuntu at lp1925216-b:~$ dpkg -l systemd|grep systemd
ii  systemd        237-3ubuntu10.47 amd64        system and service manager
ubuntu at lp1925216-b:~$ journalctl -b | grep pidfd
Jun 04 14:24:47 lp1925216-b systemd[1]: /lib/systemd/system/systemd-journald.service:33: Failed to parse system call, ignoring: pidfd_getfd
Jun 04 14:24:47 lp1925216-b systemd[1]: /lib/systemd/system/systemd-timesyncd.service:41: Failed to parse system call, ignoring: pidfd_getfd
Jun 04 14:24:47 lp1925216-b systemd[1]: /lib/systemd/system/systemd-networkd.service:38: Failed to parse system call, ignoring: pidfd_getfd
Jun 04 14:24:47 lp1925216-b systemd[1]: /lib/systemd/system/systemd-resolved.service:42: Failed to parse system call, ignoring: pidfd_getfd
Jun 04 14:24:47 lp1925216-b systemd[1]: /lib/systemd/system/systemd-logind.service:35: Failed to parse system call, ignoring: pidfd_getfd
Jun 04 14:24:52 lp1925216-b systemd[1]: /lib/systemd/system/systemd-hostnamed.service:33: Failed to parse system call, ignoring: pidfd_getfd


ubuntu at lp1925216-b:~$ dpkg -l |grep libseccomp2
ii  libseccomp2:amd64                2.4.3-1ubuntu3.18.04.3                      amd64        high level interface to Linux seccomp filter
ubuntu at lp1925216-b:~$ dpkg -l systemd|grep systemd
ii  systemd        237-3ubuntu10.48 amd64        system and service manager
ubuntu at lp1925216-b:~$ journalctl -b | grep pidfd
ubuntu at lp1925216-b:~$ 


** Description changed:

  [impact]
  
  systemd prints messages that complain about system calls such as:
  
  /lib/systemd/system/systemd-journald.service:33: Failed to parse system
  call, ignoring: pidfd_getfd
  
  [test case]
  
  boot bionic system with 4.15 kernel that does not support pidfd_getfd
  syscall
  
  [regression potential]
  
  any regression would prevent correct configuration of seccomp syscall
  filters, and/or failure to load/parse unit files that contain
  SystemCallFilter= directives
  
  [scope]
  
  this is needed only for b
  
  this is fixed upstream by commit
  13d92c6300edbb1369f97c2e1bef4c4096de8ddb which was included in v238, so
  this is fixed in focal and later
  
  this is not needed for x as seccomp handling is completely different in
  that older release
  
  [other info]
  
  as the warning states, the invalid system call is ignored, which is the
  correct action, and the patch to fix this just changes the log to debug
  instead of warning (along with consolidation of several flag params into
  a single flag enum). Thus, no actual change in behavior should occur
  (other than logging the messages as debug instead of warning).
+ 
+ Also note that since this warning is the result of systemd's call into
+ libseccomp2 to query the syscall, if libseccomp2 recognizes the syscall,
+ the message will not be printed; the previous libseccomp2 for bionic
+ (version 2.4.3) did not know the pidfd_getfd syscall, while the latest
+ (version 2.5.1) does. So this is reproducable with libseccomp2 version
+ 2.4.3 but not the latest 2.5.1.

** Tags removed: verification-needed verification-needed-bionic
** Tags added: verification-done verification-done-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1925216

Title:
  confusing but harmless warning messages printed about syscalls

Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Bionic:
  Fix Committed

Bug description:
  [impact]

  systemd prints messages that complain about system calls such as:

  /lib/systemd/system/systemd-journald.service:33: Failed to parse
  system call, ignoring: pidfd_getfd

  [test case]

  boot bionic system with 4.15 kernel that does not support pidfd_getfd
  syscall

  [regression potential]

  any regression would prevent correct configuration of seccomp syscall
  filters, and/or failure to load/parse unit files that contain
  SystemCallFilter= directives

  [scope]

  this is needed only for b

  this is fixed upstream by commit
  13d92c6300edbb1369f97c2e1bef4c4096de8ddb which was included in v238,
  so this is fixed in focal and later

  this is not needed for x as seccomp handling is completely different
  in that older release

  [other info]

  as the warning states, the invalid system call is ignored, which is
  the correct action, and the patch to fix this just changes the log to
  debug instead of warning (along with consolidation of several flag
  params into a single flag enum). Thus, no actual change in behavior
  should occur (other than logging the messages as debug instead of
  warning).

  Also note that since this warning is the result of systemd's call into
  libseccomp2 to query the syscall, if libseccomp2 recognizes the
  syscall, the message will not be printed; the previous libseccomp2 for
  bionic (version 2.4.3) did not know the pidfd_getfd syscall, while the
  latest (version 2.5.1) does. So this is reproducable with libseccomp2
  version 2.4.3 but not the latest 2.5.1.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1925216/+subscriptions

More information about the foundations-bugs mailing list