[pve-devel] applied: [PATCH kernel] add apparmor patch to fix recvmsg returning EINVAL
Thomas Lamprecht
t.lamprecht at proxmox.com
Wed Apr 10 15:40:24 CEST 2024
Am 10/04/2024 um 14:17 schrieb Wolfgang Bumiller:
> With apparmor 4, when recvmsg() calls are checked by the apparmor LSM
> they will always return EINVAL.
> This causes very weird issues when apparmor profiles are in use, and a
> lot of networking issues in containers (which are always using
> apparmor).
>
> When coming from sys_recvmsg, msg->msg_namelen is explicitly set to
> zero early on. (see ____sys_recvmsg in net/socket.c)
> We still end up in 'map_addr' where the assumption is that addr !=
> NULL means addrlen has a valid size.
>
> This is likely not a final fix, it was suggested by jjohansen on irc
> to get things going until this is resolved properly.
>
> Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
> ---
> ...pect-msg_namelen-0-for-recvmsg-calls.patch | 31 +++++++++++++++++++
> 1 file changed, 31 insertions(+)
> create mode 100644 patches/kernel/0012-apparmor-expect-msg_namelen-0-for-recvmsg-calls.patch
>
>
applied, thanks!
More information about the pve-devel
mailing list