Re: Requiring Linux 3.2, again

[Carlos O'Donell <carlos at redhat dot com>]

On 05/04/2017 01:00 PM, Joseph Myers wrote:
> On Thu, 4 May 2017, Carlos O'Donell wrote:
> 
>> Now that the minimum kernel version is moving forward smoothly and we all
>> like the cleanups. Perhaps it's time to question the "FATAL: too old" warning
>> and remove it?
> 
> I think that would be a reasonable approach (so --enable-kernel affects 
> the notes in binaries indicating the required kernel version, and disables 
> runtime fallback code, but doesn't stop programs running).  There might be 
> a risk of security issues from code that doesn't expect or allow for 
> affected interfaces to fail, however.
 
Correct, the NT_GNU_ABI_TAG would clearly specify that the application has
a compatibility requirement with the newer kernel, even if this is a loose
bound.

Then, rather than being prescriptive, the dynamic loader allows the 
application to run, and the user is responsible for ensuring they only use
those interfaces present in the kernel they are running on.

>From a security perspective I think we can have __glibc_unlikely paths
that abort if critical syscalls fail, and those paths will be on cold
branches, optimized far away from the hot path. We would still obviously
have a check on the hot path for failure.

Making this decision to remove the fatal abort will change some of our 
day-to-day practice in this regard, but I think it's a change we need
to make to better support the more flexible interaction between container 
guests and the host kernel.

I'll do some testing and propose the change.

-- 
Cheers,
Carlos.