[chrony-dev] [PATCH] sys_linux: allow clock_gettime64 in seccomp filter |
[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]
Hi Miroslav,We got a bug report¹ showing that chronyd might not start correctly, notably on Raspberry Pi 2/3, when the system call filter is enabled due to the clock_gettime64() syscall not being whitelisted. Patch attached!
Cheers, Vincent ¹ https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1878005
From db84a945381da6f32b3e8046f269c868f0750ede Mon Sep 17 00:00:00 2001 From: Vincent Blut <vincent.debian@xxxxxxx> Date: Wed, 13 May 2020 21:13:43 +0200 Subject: [PATCH] sys_linux: allow clock_gettime64 in seccomp filter Seems to be needed notably on ARM hard float powered systems. --- sys_linux.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys_linux.c b/sys_linux.c index 1f08e64..b9f7335 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -479,7 +479,8 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_SystemCallContext context) const int syscalls[] = { /* Clock */ SCMP_SYS(adjtimex), SCMP_SYS(clock_adjtime), SCMP_SYS(clock_gettime), - SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday), SCMP_SYS(time), + SCMP_SYS(clock_gettime64), SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday), + SCMP_SYS(time), /* Process */ SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid), SCMP_SYS(getrlimit), SCMP_SYS(getuid), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn), -- 2.26.2
Attachment:
signature.asc
Description: PGP signature
Mail converted by MHonArc 2.6.19+ | http://listengine.tuxfamily.org/ |