SECCOMP will need rseq
Hal Murray
halmurray at sonic.net
Wed Feb 9 10:17:57 UTC 2022
>From the chrony list
Subject: [chrony-dev] [PATCH] sys_linux: allow rseq in seccomp filter
From: christian.ehrhardt at canonical.com
Date: Wed, 9 Feb 2022 08:16:16 +0100 (Tue 23:16 PST)
To: chrony-dev at chrony.tuxfamily.org
Cc: Vincent Blut <vincent.debian at free.fr>,
Miroslav Lichvar
<mlichvar at redhat.com>,
Michael Hudson-Doyle <michael.hudson at canonical.com>,
Christian Ehrhardt <christian.ehrhardt at canonical.com>
From: Michael Hudson-Doyle <michael.hudson at canonical.com>
Libc 2.35 will use rseq syscalls [[2][1] by default and thereby
break chrony in seccomp isolation.
[1]: https://www.efficios.com/blog/2019/02/08/linux-restartable-sequences/
[2]: https://sourceware.org/pipermail/libc-alpha/2022-February/136040.html
Tested-by: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Reviewed-by: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Signed-off-by: Michael Hudson-Doyle <michael.hudson at canonical.com>
---
sys_linux.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sys_linux.c b/sys_linux.c
index 9cab2efa..1b9ba5f8 100644
--- a/sys_linux.c
+++ b/sys_linux.c
@@ -601,6 +601,9 @@ SYS_Linux_EnableSystemCallFilter(int level,
SYS_ProcessContext context)
SCMP_SYS(getrandom),
SCMP_SYS(sysinfo),
SCMP_SYS(uname),
+#ifdef __NR_rseq
+ SCMP_SYS(rseq),
+#endif
};
const int denied_any[] = {
--
2.35.0
--
These are my opinions. I hate spam.
More information about the devel
mailing list