Re: ✘Bad system call
James Browning
jamesb192 at jamesb192.com
Sun Oct 26 07:56:52 UTC 2025
On 10/25/2025 8:20 PM PDT Gary E. Miller via devel <devel at ntpsec.org> wrote:
>
>
> Yo All!
>
> My ntpd is broken. Seems to be seccomp related:
>
> I start ntpd this way:
>
> ~ # ntpd -gnN
>
> [...]
>
> 2025-10-25T20:05:04 ntpd[2035]: INIT: sandbox: seccomp enabled.
> 2025-10-25T20:05:04 ntpd[2035]: NTSs: loaded certificate (chain) from /etc/letsencrypt/live/kong.rellim.com/fullchain.pem
> 2025-10-25T20:05:04 ntpd[2035]: NTSs: loaded private key from /etc/letsencrypt/live/kong.rellim.com/privkey.pem
> 2025-10-25T20:05:04 ntpd[2035]: NTSs: Private Key OK
> Bad system call ntpd -gnN
That should have spat out three values that seem to be absent, a syscall number that is a pain to lookup by hand, its name looked up by seccomp and an arch number that makes manual look up less exhausting.
> When I disable building with seccomp, all works fine.
>
> How does one debug this?
>
> When I run ntpd this way:
>
> ~ # strace ntpd -gnN
:::snip:::
> Looks like clone3() is already an allowed system call.
>
> Ideas?
It might still be clone3 if the following does not generate the right hit or two.
`grep -w 435 /usr/include/asm*/unistd*.h`
Time to break out the trowel.
More information about the devel
mailing list