I've tested chrony 3.3 in Linux/Fedora 28 and it seems seccomp filter (-F 1) is not updated accordingly regarding glibc 2.27 and kernel version 4.16.
I also briefly tested it with Rasbian stretch in Raspberry Pi 3 with libc6 2.24 and kernel version 4.9 (if I recall correctly).
Rasbian needs uses "send" to send syslogs instead of "sendto".
Fedora 28 uses:
- chmod -> fchmodat
- chown -> fchownat
- rename -> renameat
- statfs -> newfstatat
- unlink -> unlinkat
- pipe -> pipe2
- poll -> ppoll
- select -> pselect6
I can provide patch, but how should I format it? Sort by subsystem and then by alpha and keep multiple entries per line up to 99. Each call per patch and annoation where it is used? But as lines are formatted, it is not easy to use blame to see why one entry is added to seccomp filter (like 411f4697 about getdents/glob).
Is there a way to add test case for seccomp? I was not able to use seccomp with clknetsim and trace used syscalls with strace.
My "test case" was just to use OS defaults and add -F 1 as extra parameter and see what happens.