Re: [chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-pre3-5-g7d3798d |
[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]
Hi Miroslav, On 2020-09-01T12:11+0200, git@xxxxxxxxxxxxx wrote:
commit 9ca250755f139c2383ada58198ecfcd7a22954a1 Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx> Date: Mon Aug 31 15:13:39 2020 +0200 sys_linux: allow lstat and readlink in seccomp filter These syscalls seem to be needed when gnutls is loading system trusted certificates due to p11-kit >= 0.23.21 getting the program name from /proc/self/exe.
readlinkat() should be added for arm64 and riscv64, then. Patch attached.
Cheers, Vincent
From 9917844fb0ac2a588ca77f3b0c36b371125e012e Mon Sep 17 00:00:00 2001 From: Vincent Blut <vincent.debian@xxxxxxx> Date: Tue, 1 Sep 2020 14:01:10 +0200 Subject: [PATCH] sys_linux: allow readlinkat in seccomp filter --- sys_linux.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys_linux.c b/sys_linux.c index 2555e8b..af45066 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -537,6 +537,7 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_SystemCallContext context) SCMP_SYS(lstat64), SCMP_SYS(newfstatat), SCMP_SYS(readlink), + SCMP_SYS(readlinkat), SCMP_SYS(rename), SCMP_SYS(renameat), SCMP_SYS(renameat2), -- 2.28.0
Attachment:
signature.asc
Description: PGP signature
Mail converted by MHonArc 2.6.19+ | http://listengine.tuxfamily.org/ |