Ubuntu
thunderbird package

[snap] seccomp denials for syscall=314 on amd64

Bug #1983502 reported by Simon Déziel
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
thunderbird (Ubuntu)
Fix Released
High
Olivier Tilloy

Bug Description

$ snap list thunderbird
Name Version Rev Tracking Publisher Notes
thunderbird 102.1.0-2 237 latest/stable canonical✓ -

During normal operation, the following is logged:

Aug 03 12:07:58 foo kernel: audit: type=1326 audit(1659542878.718:511): auid=1000 uid=1000 gid=1000 ses=9 subj=? pid=154377 comm="thunderbird-bin" exe="/snap/thunderbird/237/thunderbird-bin" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7e4137c4473d code=0x50000

And something similar when the crash reporter executes:

Aug 03 12:02:04 foo kernel: audit: type=1326 audit(1659542524.642:510): auid=1000 uid=1000 gid=1000 ses=9 subj=? pid=150188 comm="crashreporter" exe="/snap/thunderbird/237/crashreporter" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7e5f095e773d code=0x50000

# Additional information:

$ lsb_release -rd
Description: Ubuntu 20.04.4 LTS
Release: 20.04
$ uname -a
Linux foo 5.15.0-43-generic #46~20.04.1-Ubuntu SMP Thu Jul 14 15:20:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

Tags: snap
Revision history for this message
Olivier Tilloy (osomon) wrote :

syscall=314 is sys_sched_setattr on amd64

tags: added: snap
Revision history for this message
Olivier Tilloy (osomon) wrote :

This is probably harmless, but would require further investigation to confirm.

Revision history for this message
Simon Déziel (sdeziel) wrote :

thunderbird itself seems to be working fine but the crashreport seemed to have other issues due to Apparmor:

Aug 3 12:02:04 sdeziel-lemur thunderbird_thunderbird.desktop[32515]: ExceptionHandler::GenerateDump cloned child 150187
Aug 3 12:02:04 sdeziel-lemur thunderbird_thunderbird.desktop[150187]: ExceptionHandler::WaitForContinueSignal waiting for continue signal...
Aug 3 12:02:04 sdeziel-lemur thunderbird_thunderbird.desktop[32515]: ExceptionHandler::SendContinueSignalToChild sent continue signal to child
Aug 3 12:02:04 sdeziel-lemur kernel: [13893.569377] audit: type=1400 audit(1659542524.386:509): apparmor="DENIED" operation="open" profile="snap.thunderbird.thunderbird" name="/proc/32515/environ" pid=150187 comm="thunderbird-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Aug 3 12:02:04 sdeziel-lemur thunderbird_thunderbird.desktop[32711]: Exiting due to channel error.
Aug 3 12:02:04 sdeziel-lemur kernel: [13893.827373] audit: type=1326 audit(1659542524.642:510): auid=1000 uid=1000 gid=1000 ses=9 subj=? pid=150188 comm="crashreporter" exe="/snap/thunderbird/237/crashreporter" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7e5f095e773d code=0x50000
Aug 3 12:02:07 sdeziel-lemur thunderbird_thunderbird.desktop[150188]: Failed to open curl lib from binary, use libcurl.so instead

Revision history for this message
Olivier Tilloy (osomon) wrote :

Is the crash reporter failing to submit crash reports?
If so, it might be a similar issue to https://bugzilla.mozilla.org/show_bug.cgi?id=1732720, which was fixed by staging libcurl4 in the snap.

Revision history for this message
Simon Déziel (sdeziel) wrote :

There are quite a few "pending" crash reports and one from the day I opened this bug so I'd say yes, it's failing to submit them:

sdeziel@sdeziel-lemur:~/snap/thunderbird/common/.thunderbird/Crash Reports/pending$ ls -ltr | tail
-rw------- 1 sdeziel sdeziel 2088424 May 27 14:04 5f6acf74-091e-649d-d405-8f515d115c43.dmp
-rw------- 1 sdeziel sdeziel 11518 May 27 14:04 5f6acf74-091e-649d-d405-8f515d115c43.extra
-rw------- 1 sdeziel sdeziel 1790080 Jun 2 12:07 36f475a4-a06d-805a-f37c-3537f767db0d.dmp
-rw------- 1 sdeziel sdeziel 12510 Jun 2 12:07 36f475a4-a06d-805a-f37c-3537f767db0d.extra
-rw------- 1 sdeziel sdeziel 1752936 Jun 30 09:27 42252ef9-1b81-6337-f078-a16915f5a550.dmp
-rw------- 1 sdeziel sdeziel 8111 Jun 30 09:27 42252ef9-1b81-6337-f078-a16915f5a550.extra
-rw-rw-r-- 1 sdeziel sdeziel 344429 Jul 26 13:34 44fcac7c-c079-c1c2-d25b-a421fdc9b60b.dmp
-rw------- 1 sdeziel sdeziel 9526 Jul 26 13:34 44fcac7c-c079-c1c2-d25b-a421fdc9b60b.extra
-rw------- 1 sdeziel sdeziel 1667280 Aug 3 12:02 09575f30-efa8-4267-8875-7c78e787f556.dmp
-rw------- 1 sdeziel sdeziel 11198 Aug 3 12:02 09575f30-efa8-4267-8875-7c78e787f556.extra

Revision history for this message
Olivier Tilloy (osomon) wrote :

I can confirm that the crash reporter dialog doesn't submit crashes, and that the same fix that was used in firefox (stage libcurl) makes it work.

FTR, I used this trick to test-crash thunderbird: https://superuser.com/a/678426

i.e. input the following in the devtools console:

    Cu.import("resource://gre/modules/ctypes.jsm");
    let zero = new ctypes.intptr_t(8);
    let badptr = ctypes.cast(zero, ctypes.PointerType(ctypes.int32_t));
    badptr.contents;

Revision history for this message
Olivier Tilloy (osomon) wrote :

The crash reporter is fixed with https://github.com/ubuntu/thunderbird/pull/2.

Changed in thunderbird (Ubuntu):
status: New → In Progress
assignee: nobody → Olivier Tilloy (osomon)
importance: Undecided → High
Revision history for this message
Simon Déziel (sdeziel) wrote :

Awesome, thank you Olivier!

Olivier Tilloy (osomon)
Changed in thunderbird (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.