Re: [chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.0-pre3-5-g7d3798d

[Vincent Blut <vincent.debian@xxxxxxx>]

Hi Miroslav,

On 2020-09-01T12:11+0200, git@xxxxxxxxxxxxx wrote:
> commit 9ca250755f139c2383ada58198ecfcd7a22954a1
> Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
> Date:   Mon Aug 31 15:13:39 2020 +0200
>
>    sys_linux: allow lstat and readlink in seccomp filter
>
>    These syscalls seem to be needed when gnutls is loading system trusted
>    certificates due to p11-kit >= 0.23.21 getting the program name from
>    /proc/self/exe.

readlinkat() should be added for arm64 and riscv64, then. Patch 
attached.

Cheers,
Vincent

From 9917844fb0ac2a588ca77f3b0c36b371125e012e Mon Sep 17 00:00:00 2001
From: Vincent Blut <vincent.debian@xxxxxxx>
Date: Tue, 1 Sep 2020 14:01:10 +0200
Subject: [PATCH] sys_linux: allow readlinkat in seccomp filter

---
 sys_linux.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys_linux.c b/sys_linux.c
index 2555e8b..af45066 100644
--- a/sys_linux.c
+++ b/sys_linux.c
@@ -537,6 +537,7 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_SystemCallContext context)
     SCMP_SYS(lstat64),
     SCMP_SYS(newfstatat),
     SCMP_SYS(readlink),
+    SCMP_SYS(readlinkat),
     SCMP_SYS(rename),
     SCMP_SYS(renameat),
     SCMP_SYS(renameat2),
-- 
2.28.0

Attachment: signature.asc
Description: PGP signature