forked from mirrors/nixpkgs
5d8bd748f3
03be1adb
bumped libseccomp to 2.4.2, which has this note in the
changelog:
"Stop defining __NR_x values for syscalls that don't exist,
libseccomp now uses __SNR_x internally"
This change means that invalid syscalls for Linux that aren't defined in
glibc will no longer work. In this unlucky case, 'chrony' was trying to
reference the syscall number for 'ppoll', which doesn't exist. Fixing
this is easy with a simple patch.
This also includes another patch from upstream, which allows
clock_adjtime in the seccomp filter list. This is a robustness measure
for future glibc versions that use clock_adjutime inside adjtimex().
Signed-off-by: Austin Seipp <aseipp@pobox.com>
14 lines
657 B
Diff
14 lines
657 B
Diff
diff --git a/sys_linux.c b/sys_linux.c
|
|
index 898dc7a7f75..fcd334ecf03 100644
|
|
--- a/sys_linux.c
|
|
+++ b/sys_linux.c
|
|
@@ -503,7 +503,7 @@ SYS_Linux_EnableSystemCallFilter(int level)
|
|
SCMP_SYS(socketcall),
|
|
/* General I/O */
|
|
SCMP_SYS(_newselect), SCMP_SYS(close), SCMP_SYS(open), SCMP_SYS(openat), SCMP_SYS(pipe),
|
|
- SCMP_SYS(pipe2), SCMP_SYS(poll), SCMP_SYS(ppoll), SCMP_SYS(pselect6), SCMP_SYS(read),
|
|
+ SCMP_SYS(pipe2), SCMP_SYS(poll), SCMP_SYS(pselect6), SCMP_SYS(read),
|
|
SCMP_SYS(futex), SCMP_SYS(select), SCMP_SYS(set_robust_list), SCMP_SYS(write),
|
|
/* Miscellaneous */
|
|
SCMP_SYS(getrandom), SCMP_SYS(sysinfo), SCMP_SYS(uname),
|