[chrony-dev] [PATCH] sys_linux: allow clock_gettime64 in seccomp filter

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


Hi Miroslav,

We got a bug report¹ showing that chronyd might not start correctly, notably on Raspberry Pi 2/3, when the system call filter is enabled due to the clock_gettime64() syscall not being whitelisted. Patch attached!

Cheers,
Vincent

¹ https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1878005
From db84a945381da6f32b3e8046f269c868f0750ede Mon Sep 17 00:00:00 2001
From: Vincent Blut <vincent.debian@xxxxxxx>
Date: Wed, 13 May 2020 21:13:43 +0200
Subject: [PATCH] sys_linux: allow clock_gettime64 in seccomp filter

Seems to be needed notably on ARM hard float powered systems.
---
 sys_linux.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sys_linux.c b/sys_linux.c
index 1f08e64..b9f7335 100644
--- a/sys_linux.c
+++ b/sys_linux.c
@@ -479,7 +479,8 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_SystemCallContext context)
   const int syscalls[] = {
     /* Clock */
     SCMP_SYS(adjtimex), SCMP_SYS(clock_adjtime), SCMP_SYS(clock_gettime),
-    SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday), SCMP_SYS(time),
+    SCMP_SYS(clock_gettime64), SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday),
+    SCMP_SYS(time),
     /* Process */
     SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid),
     SCMP_SYS(getrlimit), SCMP_SYS(getuid), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn),
-- 
2.26.2

Attachment: signature.asc
Description: PGP signature



Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/