| [chrony-dev] [PATCH] sys_linux: allow clock_gettime64 in seccomp filter |
[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]
Hi Miroslav,We got a bug report¹ showing that chronyd might not start correctly, notably on Raspberry Pi 2/3, when the system call filter is enabled due to the clock_gettime64() syscall not being whitelisted. Patch attached!
Cheers, Vincent ¹ https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1878005
From db84a945381da6f32b3e8046f269c868f0750ede Mon Sep 17 00:00:00 2001
From: Vincent Blut <vincent.debian@xxxxxxx>
Date: Wed, 13 May 2020 21:13:43 +0200
Subject: [PATCH] sys_linux: allow clock_gettime64 in seccomp filter
Seems to be needed notably on ARM hard float powered systems.
---
sys_linux.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sys_linux.c b/sys_linux.c
index 1f08e64..b9f7335 100644
--- a/sys_linux.c
+++ b/sys_linux.c
@@ -479,7 +479,8 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_SystemCallContext context)
const int syscalls[] = {
/* Clock */
SCMP_SYS(adjtimex), SCMP_SYS(clock_adjtime), SCMP_SYS(clock_gettime),
- SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday), SCMP_SYS(time),
+ SCMP_SYS(clock_gettime64), SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday),
+ SCMP_SYS(time),
/* Process */
SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid),
SCMP_SYS(getrlimit), SCMP_SYS(getuid), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn),
--
2.26.2
Attachment:
signature.asc
Description: PGP signature
| Mail converted by MHonArc 2.6.19+ | http://listengine.tuxfamily.org/ |