Skip to content

libtracker-miners-common: Make AF_NETLINK optional on architecture

As of libseccomp 2.5.4, this library considers the socket() syscall a pseudo-syscall implemented over the multiplexed socketcall() syscall for some architectures (x86 (32bit), s390x, ppc, and others), even though this seems to have changed in the kernel at some point for some of those architectures (x86 and s390x, at least).

And a downside of libseccomp wrt multiplexing syscalls is that the arguments are entirely opaque, so no filters based on arguments are possible. This makes our recently added rule to turn down AF_NETLINK requests fail on those architectures, since the rule is seen as contradicting with the previous SCMP_ACT_ALLOW rules on socket().

This rule was only added due to the icamerasrc GStreamer plugin causing udev access early on gst_init() (i.e. before we can remove this plugin from the registry), that requires netlink access, but we are uninterested in any HW-related plugin, and don't mind seeing it fail.

Since this is the only known path (so far) pulling an AF_NETLINK socket, and this GStreamer plugin is only necessary for IPU6 MIPI cameras, it seems safe to assume these are not going to be commonplace in these stranger architectures.

Closes: #280 (closed)

Merge request reports