Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 15 Feb 2022 12:44:20 -0500
From: Rich Felker <dalias@...ifal.cx>
To: Satadru Pramanik <satadru@...il.com>
Cc: musl@...ts.openwall.com
Subject: Re: Re: musl getaddr info breakage on older kernels

On Tue, Feb 15, 2022 at 11:59:52AM -0500, Satadru Pramanik wrote:
> On Mon, Feb 14, 2022 at 5:00 PM Rich Felker <dalias@...ifal.cx> wrote:
> 
> > Note: you dropped the list from CC in your last reply; I've re-added
> > it and bounced your message to the list.
> >
> > Mea culpa!
> 
> 
> >
> > > When I ran that, I got this:
> > > .../musl_getaddrinfo_test  google.com
> > > AF_INET: 142.250.80.46
> > > AF_INET6: 2607:f8b0:4006:80b::200e
> >
> > Are you saying it works (resolves correctly) with the above command
> > line? If so that's indicative of buggy Docker seccomp.
> >
> I am saying it resolves correctly with the above command line.
> 
> Suggestions on what command line I should be using?

OK, then in that case it's surely Docker's seccomp filters that are
the problem. I think --security-opt seccomp=unconfined is the part you
need to work around it.

Alternatively, I'm pretty sure this is fixed in latest Docker (note:
this includes latest for its runtime components like runc, libseccomp,
etc.) so upgrading Docker might be an option too that would let you
keep the seccomp protections in place.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.