Bug #109934 for Linux-Prctl: Test failures when building in LXC containers with some configuration

Hi The following is basically a forward from a report in Debian, found while Linux::Prctl started failing the autopkgtest runs on the ci.debian.net infrastructure: https://bugs.debian.org/806542 There is some specific configuration for those container with 'Debian' template, but present basically as well in other templates: First for the t/capbset.t failures. The LXC configuration for the debian template contain: 12 # Default capabilities 13 lxc.cap.drop = sys_module mac_admin mac_override sys_time and in same way for t/seccomp.t, this is caused by: 63 # Blacklist some syscalls which are not safe in privileged 64 # containers 65 lxc.seccomp = /usr/share/lxc/config/common.seccomp where in common.seccomp: 1 2 2 blacklist 3 reject_force_umount # comment this to allow umount -f; not recommended 4 [all] 5 kexec_load errno 1 6 open_by_handle_at errno 1 7 init_module errno 1 8 finit_module errno 1 9 delete_module errno 1 In this configuration, get_seccomp will return 2, # perl -E 'use Linux::Prctl qw(:constants :functions); say get_seccomp();' 2 PR_GET_SECCOMP (since Linux 2.6.23) Return (as the function result) the secure computing mode of the calling thread. If the caller is not in secure computing mode, this operation returns 0; if the caller is in strict secure com- puting mode, then the prctl() call will cause a SIGKILL signal to be sent to the process. If the caller is in filter mode, and this system call is allowed by the seccomp filters, it returns 2. This operation is available only if the kernel is configured with CONFIG_SECCOMP enabled. I'm attaching such a build log showing the failures for t/capbset.t and t/seccomp.t. Regards, Salvatore