rpms / chrony

Clone
Source Code
GIT

Blame SOURCES/chrony-seccomp.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   f775765bc345de31c956ec964236026dac513d51
  2.   SOURCES
  3.   chrony-seccomp.patch
Blob History Raw
f77576 
commit 8bb8f15a7d049ed26c69d95087065b381f76ec4d
f77576 
Author: Michael Hudson-Doyle <michael.hudson@canonical.com>
f77576 
Date:   Wed Feb 9 09:06:13 2022 +0100
d45484
f77576 
    sys_linux: allow rseq in seccomp filter
d45484
f77576 
    Libc 2.35 will use rseq syscalls [1][2] by default and thereby
f77576 
    break chrony in seccomp isolation.
f77576
f77576 
    [1]: https://www.efficios.com/blog/2019/02/08/linux-restartable-sequences/
f77576 
    [2]: https://sourceware.org/pipermail/libc-alpha/2022-February/136040.html
f77576
f77576 
    Tested-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
f77576 
    Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
f77576 
    Signed-off-by: Michael Hudson-Doyle <michael.hudson@canonical.com>
f77576 
    Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
d45484
d45484 
diff --git a/sys_linux.c b/sys_linux.c
f77576 
index 9cab2efa..cc3c9311 100644
d45484 
--- a/sys_linux.c
d45484 
+++ b/sys_linux.c
f77576 
@@ -497,6 +497,9 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
f77576 
     SCMP_SYS(getrlimit),
f77576 
     SCMP_SYS(getuid),
f77576 
     SCMP_SYS(getuid32),
f77576 
+#ifdef __NR_rseq
f77576 
+    SCMP_SYS(rseq),
d45484 
+#endif
f77576 
     SCMP_SYS(rt_sigaction),
f77576 
     SCMP_SYS(rt_sigreturn),
f77576 
     SCMP_SYS(rt_sigprocmask),

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation