github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

seccomp: allow sync_file_range2 on supported architectures.

Browse Source 
On a ppc64le host, running postgres (tried with 9.4 to 9.6) gives the following
warning when trying to flush data to disks (which happens very frequently):

     WARNING: could not flush dirty data: Operation not permitted.

A quick dig in postgres source code indicate it uses sync_file_range(2) to
flush data; which on ppe64le and arm64 is translated to sync_file_range2(2)
for alignements reasons.

The profile did not allow sync_file_range2(2), making postgres sad because
it can not flush its buffers. arm_sync_file_range(2) is an ancient alias to
sync_file_range2(2), the syscall was renamed in Linux 2.6.22 when the same
syscall was added for PowerPC.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2020-08-24 12:36:53 +02:00
parent 117d678749
commit 5862285fac
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
contrib/seccomp/seccomp_default.go
View File

@ -455,11 +455,20 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
// include by arch // include by arch
switch runtime.GOARCH { switch runtime.GOARCH {
case "ppc64le":
s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
Names: []string{
"sync_file_range2",
},
Action: specs.ActAllow,
Args: []specs.LinuxSeccompArg{},
})
case "arm", "arm64": case "arm", "arm64":
s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{ s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
Names: []string{ Names: []string{
"arm_fadvise64_64", "arm_fadvise64_64",
"arm_sync_file_range", "arm_sync_file_range",
"sync_file_range2",
"breakpoint", "breakpoint",
"cacheflush", "cacheflush",
"set_tls", "set_tls",