[chrony-dev] [PATCH] sys_linux: allow renameat2 in seccomp filter

[Vincent Blut <vincent.debian@xxxxxxx>]

Hi Miroslav,

Linux 5.5 will provide seccomp support for the RISC-V architecture.
libseccomp support should follow soon after that kernel is released.

On chrony’s side, renameat2() needs to be whitelisted since the RISC-V 
linux maintainer did not add support for rename() and renameat().

Cheers,
Vincent

From a92cd18bd025add6ff99c0f8dd719d2ee5b7d922 Mon Sep 17 00:00:00 2001
From: Vincent Blut <vincent.debian@xxxxxxx>
Date: Thu, 16 Jan 2020 17:04:35 +0100
Subject: [PATCH] sys_linux: allow renameat2 in seccomp filter

This is needed for architectures that support neither rename() nor
renameat() (e.g. riscv64)
---
 sys_linux.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys_linux.c b/sys_linux.c
index fcf89c2..d2dc908 100644
--- a/sys_linux.c
+++ b/sys_linux.c
@@ -493,8 +493,8 @@ SYS_Linux_EnableSystemCallFilter(int level)
     SCMP_SYS(chown32), SCMP_SYS(faccessat), SCMP_SYS(fchmodat), SCMP_SYS(fchownat),
     SCMP_SYS(fstat), SCMP_SYS(fstat64), SCMP_SYS(getdents), SCMP_SYS(getdents64),
     SCMP_SYS(lseek), SCMP_SYS(newfstatat), SCMP_SYS(rename), SCMP_SYS(renameat),
-    SCMP_SYS(stat), SCMP_SYS(stat64), SCMP_SYS(statfs), SCMP_SYS(statfs64),
-    SCMP_SYS(unlink), SCMP_SYS(unlinkat),
+    SCMP_SYS(renameat2), SCMP_SYS(stat), SCMP_SYS(stat64), SCMP_SYS(statfs),
+    SCMP_SYS(statfs64), SCMP_SYS(unlink), SCMP_SYS(unlinkat),
     /* Socket */
     SCMP_SYS(accept), SCMP_SYS(bind), SCMP_SYS(connect), SCMP_SYS(getsockname),
     SCMP_SYS(getsockopt), SCMP_SYS(recv), SCMP_SYS(recvfrom),
-- 
2.24.1

Attachment: signature.asc
Description: PGP signature