Re: [chrony-dev] [PATCH] sys_linux: allow clock_gettime64 in seccomp filter

[Vincent Blut <vincent.debian@xxxxxxx>]

On 2020-05-14T11:15+0200, Miroslav Lichvar wrote:
> On Thu, May 14, 2020 at 09:15:31AM +0200, Miroslav Lichvar wrote:
> > On Wed, May 13, 2020 at 09:40:07PM +0200, Vincent Blut wrote:
> > > Hi Miroslav,
> > >
> > > We got a bug report¹ showing that chronyd might not start correctly, notably
> > > on Raspberry Pi 2/3, when the system call filter is enabled due to the
> > > clock_gettime64() syscall not being whitelisted. Patch attached!
> >
> > Thanks, Vincent. I'll push the patch with few others later today.
>
> Actually, it seems the patch breaks compilation on some of my
> machines. The clock_gettime64 syscall is new and supported only in the
> latest two libseccomp versions, so I'd prefer if there was an ifdef
> for __NR_clock_gettime64.

Indeed, I guess having:

#ifdef __NR_clock_gettime64
    SCMP_SYS(clock_gettime64),
#endif

would fly for you‽

By the way, shouldn’t we add *time64 variants to some of our already 
whistelisted syscalls?

Attachment: signature.asc
Description: PGP signature