github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #5821] No syscall table provided in firejail on ARM64 platform #3105

New issue

Closed

opened 2026-05-05 09:44:25 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented

2026-05-05 09:44:25 -06:00

Owner

Originally created by @dehuo0 on GitHub (May 8, 2023).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5821

Description

No syscall listed on ARM64 platform

Steps to Reproduce

When run command 'firejail --debug-syscalls' in order to get syscall list on our bcm-2xxx-rpi4 platform which is arm64 arch, there is nothing printed, but if run the same command on x86 or arm32 platforms the syscall can be listed properly.
And there is same problem in firejail command about seccomp functions(for example command ' firejail --seccomp.drop=execve') on our side.
I check below code in "src/lib/syscall.c", I find there is only variable 'syslist' defined for arch x86_64, i386 and arm, there is no such variable defined for arm64 arch.

static const SyscallEntry syslist[] = {
#if defined(x86_64)
// code generated using
// awk '/_NR/ { print "{ "" gensub("_NR", "", "g", $2) "", " $3 " },"; }' < /usr/include/x86_64-linux-gnu/asm/unistd_64.h
#include "../include/syscall_x86_64.h"
#elif defined(i386)
// awk '/_NR/ { print "{ "" gensub("_NR", "", "g", $2) "", " $3 " },"; }' < /usr/include/x86_64-linux-gnu/asm/unistd_32.h
#include "../include/syscall_i386.h"
#elif defined(arm)
#include "../include/syscall_armeabi.h"
#else
#warning "Please submit a syscall table for your architecture"
#endif
};

And there are only syscall table files about x86-64, i386 and arm32 provided in src/include/ as src/include/syscall_armeabi.h src/include/syscall_i386.h src/include/syscall_x86_64.h.

So my question is why firejail didn't provide syscall table for arch ARM64? Is there any risk when provide syscall table for arch arm64 in firejail?
When will firejail provide syscall table for arch ARM64?
If I provide the syscall table for arm64 arch privately, will it cause any potential risk for firejail?

My current firejail version is 0.9.72, but it looks there should be same issue in lasted version.

Originally created by @dehuo0 on GitHub (May 8, 2023). Original GitHub issue: https://github.com/netblue30/firejail/issues/5821 ### Description No syscall listed on ARM64 platform ### Steps to Reproduce When run command 'firejail --debug-syscalls' in order to get syscall list on our bcm-2xxx-rpi4 platform which is arm64 arch, there is nothing printed, but if run the same command on x86 or arm32 platforms the syscall can be listed properly. And there is same problem in firejail command about seccomp functions(for example command ' firejail --seccomp.drop=execve') on our side. I check below code in "src/lib/syscall.c", I find there is only variable 'syslist' defined for arch x86_64, i386 and arm, there is no such variable defined for arm64 arch. _**_static const SyscallEntry syslist[] = { #if defined(__x86_64__) // code generated using // awk '/__NR_/ { print "{ \"" gensub("__NR_", "", "g", $2) "\", " $3 " },"; }' < /usr/include/x86_64-linux-gnu/asm/unistd_64.h #include "../include/syscall_x86_64.h" #elif defined(__i386__) // awk '/__NR_/ { print "{ \"" gensub("__NR_", "", "g", $2) "\", " $3 " },"; }' < /usr/include/x86_64-linux-gnu/asm/unistd_32.h #include "../include/syscall_i386.h" #elif defined(__arm__) #include "../include/syscall_armeabi.h" #else #warning "Please submit a syscall table for your architecture" #endif };_**_ And there are only syscall table files about x86-64, i386 and arm32 provided in src/include/ as src/include/syscall_armeabi.h src/include/syscall_i386.h src/include/syscall_x86_64.h. So my question is why firejail didn't provide syscall table for arch ARM64? Is there any risk when provide syscall table for arch arm64 in firejail? When will firejail provide syscall table for arch ARM64? If I provide the syscall table for arm64 arch privately, will it cause any potential risk for firejail? My current firejail version is 0.9.72, but it looks there should be same issue in lasted version.

gitea-mirror

2026-05-05 09:44:25 -06:00

closed this issue
added the
enhancement
label

gitea-mirror commented

2026-05-05 09:44:28 -06:00

Author

Owner

@kmk3 commented on GitHub (May 8, 2023):

(Offtopic)

Please see the following links for how to format code blocks in markdown:

@kmk3 commented on GitHub (May 8, 2023): (Offtopic) Please see the following links for how to format code blocks in markdown: * <https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks> * <https://github.github.com/gfm/#fenced-code-blocks>

gitea-mirror commented

2026-05-05 09:44:29 -06:00

Author

Owner

@kmk3 commented on GitHub (May 8, 2023):

When will firejail provide syscall table for arch ARM64?

When someone opens a pull request for it and it is merged.

If I provide the syscall table for arm64 arch privately, will it cause any
potential risk for firejail?

I don't think so.

@kmk3 commented on GitHub (May 8, 2023): > When will firejail provide syscall table for arch ARM64? When someone opens a pull request for it and it is merged. > If I provide the syscall table for arm64 arch privately, will it cause any > potential risk for firejail? I don't think so.

gitea-mirror commented

2026-05-05 09:44:30 -06:00

Author

Owner

@dehuo0 commented on GitHub (May 10, 2023):

(Offtopic)

Please see the following links for how to format code blocks in markdown:

https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks

https://github.github.com/gfm/#fenced-code-blocks

Thank you for reminding me.

@dehuo0 commented on GitHub (May 10, 2023): > (Offtopic) > > Please see the following links for how to format code blocks in markdown: > > * https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks > * https://github.github.com/gfm/#fenced-code-blocks Thank you for reminding me.

gitea-mirror commented

2026-05-05 09:44:31 -06:00

Author

Owner

@dehuo0 commented on GitHub (May 10, 2023):

When will firejail provide syscall table for arch ARM64?

When someone opens a pull request for it and it is merged.

If I provide the syscall table for arm64 arch privately, will it cause any
potential risk for firejail?

I don't think so.

Thank you for your quick reply.

@dehuo0 commented on GitHub (May 10, 2023): > > When will firejail provide syscall table for arch ARM64? > > When someone opens a pull request for it and it is merged. > > > If I provide the syscall table for arm64 arch privately, will it cause any > > potential risk for firejail? > > I don't think so. Thank you for your quick reply.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3105

No description provided.

Rows
Columns