[chrony-dev] [PATCH] sys_linux: allow _llseek in seccomp filter

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


Hi,

Enabling the seccomp filter prevents chronyd to start on i686 architectures (other 32-bit plateforms might be affected too) if logging {raw}measurements and statistics information has been set in chrony.conf. The attached patch fixes this.
From 3dd9fe12b0e6195e364767ad5503c3241ae1d8d0 Mon Sep 17 00:00:00 2001
From: Vincent Blut <vincent.debian@xxxxxxx>
Date: Thu, 28 Feb 2019 14:39:13 +0100
Subject: [PATCH] sys_linux: allow _llseek in seccomp filter

This is needed on various 32-bit platforms to reposition read/write file
offset on {raw}measurements and statistics log files.
---
 sys_linux.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/sys_linux.c b/sys_linux.c
index 7688d51..aee5a5e 100644
--- a/sys_linux.c
+++ b/sys_linux.c
@@ -498,10 +498,10 @@ SYS_Linux_EnableSystemCallFilter(int level)
     SCMP_SYS(brk), SCMP_SYS(madvise), SCMP_SYS(mmap), SCMP_SYS(mmap2),
     SCMP_SYS(mprotect), SCMP_SYS(mremap), SCMP_SYS(munmap), SCMP_SYS(shmdt),
     /* Filesystem */
-    SCMP_SYS(access), SCMP_SYS(chmod), SCMP_SYS(chown), SCMP_SYS(chown32),
-    SCMP_SYS(fstat), SCMP_SYS(fstat64), SCMP_SYS(getdents), SCMP_SYS(getdents64),
-    SCMP_SYS(lseek), SCMP_SYS(rename), SCMP_SYS(stat), SCMP_SYS(stat64),
-    SCMP_SYS(statfs), SCMP_SYS(statfs64), SCMP_SYS(unlink),
+    SCMP_SYS(_llseek), SCMP_SYS(access), SCMP_SYS(chmod), SCMP_SYS(chown),
+    SCMP_SYS(chown32), SCMP_SYS(fstat), SCMP_SYS(fstat64), SCMP_SYS(getdents),
+    SCMP_SYS(getdents64), SCMP_SYS(lseek), SCMP_SYS(rename), SCMP_SYS(stat),
+    SCMP_SYS(stat64), SCMP_SYS(statfs), SCMP_SYS(statfs64), SCMP_SYS(unlink),
     /* Socket */
     SCMP_SYS(bind), SCMP_SYS(connect), SCMP_SYS(getsockname), SCMP_SYS(getsockopt),
     SCMP_SYS(recvfrom), SCMP_SYS(recvmmsg), SCMP_SYS(recvmsg),
-- 
2.20.1

Attachment: signature.asc
Description: PGP signature



Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/