Blame SOURCES/chrony-seccomp.patch
|
 |
d45484 |
commit bbbd80bf03223f181d4abf5c8e5fe6136ab6129a
|
|
|
d45484 |
Author: Miroslav Lichvar <mlichvar@redhat.com>
|
|
|
d45484 |
Date: Mon Aug 9 11:48:21 2021 +0200
|
|
|
d45484 |
|
|
|
d45484 |
sys_linux: allow clone3 and pread64 in seccomp filter
|
|
|
d45484 |
|
|
|
d45484 |
These seem to be needed with the latest glibc.
|
|
|
d45484 |
|
|
|
d45484 |
diff --git a/sys_linux.c b/sys_linux.c
|
|
|
d45484 |
index 50c08431..2b53f722 100644
|
|
|
d45484 |
--- a/sys_linux.c
|
|
|
d45484 |
+++ b/sys_linux.c
|
|
|
d45484 |
@@ -503,6 +503,9 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
|
|
|
d45484 |
|
|
|
d45484 |
/* Process */
|
|
|
d45484 |
SCMP_SYS(clone),
|
|
|
d45484 |
+#ifdef __NR_clone3
|
|
|
d45484 |
+ SCMP_SYS(clone3),
|
|
|
d45484 |
+#endif
|
|
|
d45484 |
SCMP_SYS(exit),
|
|
|
d45484 |
SCMP_SYS(exit_group),
|
|
|
d45484 |
SCMP_SYS(getpid),
|
|
|
d45484 |
@@ -595,6 +598,7 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
|
|
|
d45484 |
#ifdef __NR_ppoll_time64
|
|
|
d45484 |
SCMP_SYS(ppoll_time64),
|
|
|
d45484 |
#endif
|
|
|
d45484 |
+ SCMP_SYS(pread64),
|
|
|
d45484 |
SCMP_SYS(pselect6),
|
|
|
d45484 |
#ifdef __NR_pselect6_time64
|
|
|
d45484 |
SCMP_SYS(pselect6_time64),
|