sbbs binary: Debian Linux - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  sbbs binary: Debian Linux
De:       Deuc¨
Data:     Fri, 27 Feb 2026 06:33:00 -0800
-----------------------------------------------------------
https://gitlab.synchro.net/main/sbbs/-/issues/685#note_8455

AI tells me this:

**1. Seccomp Permission**  
The default Docker Seccomp Profile returns EPERM (Operation not permitted) for personality() unless it is called with specific, safe flags (like those used for uname emulation). ADDR_COMPAT_LAYOUT is generally not in this "safe" allowlist.  
_Recommendation:_ Use --security-opt seccomp=unconfined to verify if this is the only blocker.  
_Production Fix:_ Create a Custom Seccomp Profile that adds personality to the syscalls allowlist without restrictions on the arguments. 

**2. Capabilities**  
While some personality() flags are unprivileged, modifying the memory layout of a process can sometimes be gated by CAP_SYS_ADMIN depending on the specific kernel version and architecture-specific security patches.  
_Requirement:_ Add the capability using --cap-add=SYS_ADMIN.
n
---
  mSynchronetn  hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]