[dm-crypt] The weird bug again: semid XXXXXX: semop failed for cookie 0xdeadbeef: incorrect semaphore state

Milan Broz mbroz at redhat.com
Thu Aug 18 10:56:47 CEST 2011


On 08/17/2011 02:17 PM, Yves-Alexis Perez wrote:
>> I would really like to know what crazy is chromium doing to global
>> system.
>>
>> Despite I like the idea of sandboxing I have to ask
>> why it is part of "browser" and not some separate package.
>> What's next? Bundled kernel? :)
> 
> Because each tab is sandboxed. There's a seccomp sandbox available too.

It doesn't mean it should install trillion of bundled libraries.
(Not that other browsers are much bettter...)


Whatever, the bug is neither in chromium nor in cryptsetup and libdevmapper
but kernel.

Sandoxing uses clone with CLONE_NEWNET (use own net namespace) and after
that call some udev event in kernel reports failure (netlink send fails).

I will report that upstream because this is quite unexpected result, easily
reproducible with simple clone() and dmsetup.

(DM is here victim because it is one of the rare users of kobject_uevent_env()
which checks return value, others quietly ignore this failure:-)

Milan


More information about the dm-crypt mailing list