mup | Bug #1579268 opened: Mouse cursor is different inside graphical windows of snaps (snaps not using system theme) <Snappy:New> <snapd (Ubuntu):Triaged> <https://launchpad.net/bugs/1579268> | 03:13 |
---|---|---|
cprov | kyrofa: hey, re. expires TZ, it doesn't record timezones atm and is interpreted as utc. | 10:56 |
cprov | kyrofa: and sorry I wasn't around yesterday. | 10:57 |
kyrofa | cprov, no problem! Would it be possible to return UTC TZ? | 15:47 |
cprov | kyrofa: yes, there is a general problem with timestamps in the API, some are naive (no tz info) and some are RFC3339 (appended 'Z'), we will have to clean this up | 16:04 |
cprov | kyrofa: but for the time being, there is nothing blocking you parse them as UTC, right ? | 16:04 |
ikey | hoping this means anything to anyone because it baffles me | 16:54 |
ikey | Dec 23 16:52:00 ironhide audit[3513]: SECCOMP auid=1000 uid=1000 gid=1000 ses=2 pid=3513 comm="F12017" exe=2F72756E2F6D656469612F6269676469736B2F67616D65732F737465616D617070732F636F6D6D6F6E2F463120323031372F62696E2F463132303137 sig=31 arch=c000003e syscall=101 compat=0 ip=0x7f72201b4e72 code=0x0 | 16:54 |
ikey | it seems to be the thing breaking feral games | 16:56 |
ikey | if im reading this right 101 is ioperm | 16:58 |
ikey | snap run --shell linux-steam-integration | 17:58 |
ikey | [1] 11726 invalid system call snap run --shell linux-steam-integration | 17:58 |
ikey | k thats janky. | 17:58 |
ikey | i dont seem to be getting any apparmor denials or library errors yet under confinement feral games arent working | 18:01 |
ikey | and i cant figure out why they break | 18:01 |
mcphail | isn't 101 ptrace? | 18:10 |
mcphail | https://github.com/torvalds/linux/blob/9c294ec08408ed90c0f2d994a7979366675e3734/arch/x86/entry/syscalls/syscall_64.tbl#L110 - for 64-bit, anyway | 18:15 |
ikey | yeah | 18:32 |
ikey | also chown is causing --shell to die | 18:32 |
ikey | when it chowns .bash_history | 18:32 |
ikey | and the error message seems consistent.. | 18:32 |
ikey | chown ufee1dead:ufee1dead lol | 18:32 |
ikey | Bad system call | 18:32 |
ikey | so i guess i just need to allow ptrace in the new interface.. | 18:32 |
kyrofa | cprov, I'm just leaving them naive for now, but if you promise me that assuming naive datetimesnamps from the store are UTC, then that's also easy | 18:52 |
kyrofa | promise me that doing so is safe, I mean | 18:52 |
ikey | i cant seem to make this dmesg go away whatever i do.. | 19:09 |
ikey | snappy-debug is apparently not portable either.. | 19:14 |
kyrofa | ikey, what are you seeing? | 19:24 |
ikey | kyrofa, snappy-debug or my snap issue? | 19:25 |
ikey | cuz my snap issue is https://forum.snapcraft.io/t/unable-to-use-ptrace-in-confinement/3297 | 19:25 |
kyrofa | ikey, both, haha | 19:25 |
ikey | and my snappy-debug issue is it absolutely requires /var/log/syslog | 19:25 |
ikey | solus doesn't use syslogd we just have journald | 19:25 |
kyrofa | ikey, yeah, seccomp denials are totally different from apparmor ones | 19:26 |
ikey | yeah this is alien territory to me | 19:26 |
ikey | only just got used to doing apparmor rules | 19:26 |
kyrofa | ikey, seccomp doesn't support logging if we use the ERRNO method, so we've chosen to use KILL for now while upstreaming the logging capability | 19:26 |
ikey | ah ok | 19:26 |
kyrofa | ikey, which means if you make a disallowed syscall, unlike apparmor which gives you a nice denial and sends you on your way, you're dead dead dead | 19:27 |
ikey | right | 19:27 |
ikey | and this is happening within the tree of a multiprocess app so it go boom | 19:27 |
kyrofa | ikey, yep | 19:28 |
ikey | ok looking at the bpf ptrace is definitely missing | 19:28 |
kyrofa | Yeah probably need to add something there | 19:28 |
ikey | i thought capability sys_ptrace would do that, guessing not | 19:30 |
ikey | and i dont see any of the bpf explicitly setting ptrace on | 19:31 |
kyrofa | Yeah, that I don't know | 19:32 |
ikey | wonder if this is a kernel issue now. | 19:33 |
* ikey tries a reboot | 19:33 | |
ikey | aha | 19:40 |
ikey | i manually recompiled the bpf and added ptrace to it | 19:40 |
ikey | and that was enough to make it "work" | 19:40 |
kyrofa | Nice! Though I'm sure there are security ramifications there | 19:41 |
ikey | yeah we'll need to add some initial deny ptrace lines in apparmor profile and then some explicit allows | 19:42 |
ikey | that way we wont be able to ptrace unrelated peers | 19:44 |
ikey | boom: https://twitter.com/ufee1dead/status/944666111810965504 | 20:28 |
cprov | kyrofa: yup, assume utc for now | 20:38 |
mcphail | ikey: love it | 21:16 |
ikey | the browser interface is causing me some trouble by breaking my ptrace | 21:29 |
ikey | as it has a deny all | 21:29 |
ikey | and is inserted after my own rules.. | 21:29 |
=== devil is now known as Guest74671 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!