✘Bad system call

Gary E. Miller gem at rellim.com
Sun Oct 26 23:49:12 UTC 2025 

Yo James!

On Sun, 26 Oct 2025 00:56:52 -0700 (PDT)
James Browning via devel <devel at ntpsec.org> wrote:

> > 2025-10-25T20:05:04 ntpd[2035]: INIT: sandbox: seccomp enabled.
> > 2025-10-25T20:05:04 ntpd[2035]: NTSs: loaded certificate (chain)
> > from /etc/letsencrypt/live/kong.rellim.com/fullchain.pem
> > 2025-10-25T20:05:04 ntpd[2035]: NTSs: loaded private key from
> > /etc/letsencrypt/live/kong.rellim.com/privkey.pem
> > 2025-10-25T20:05:04 ntpd[2035]: NTSs: Private Key OK Bad system
> > call            ntpd -gnN  
> 
> That should have spat out three values that seem to be absent, a
> syscall number that is a pain to lookup by hand, its name looked up
> by seccomp and an arch number that makes manual look up less
> exhausting.  

Yeah,  Should have...

> > When I disable building with seccomp, all works fine.
> > 
> > How does one debug this?
> > 
> > When I run ntpd this way:
> > 
> > ~ # strace ntpd -gnN  
> 
> :::snip:::
> 
> > Looks like clone3() is already an allowed system call.
> > 
> > Ideas?  
> 
> It might still be clone3 if the following does not generate the right
> hit or two.
> 
> `grep -w 435 /usr/include/asm*/unistd*.h`

kong ~ # grep -w 435 /usr/include/asm*/unistd*.h
/usr/include/asm-generic/unistd.h:#define __NR_clone3 435
/usr/include/asm/unistd_32.h:#define __NR_clone3 435
/usr/include/asm/unistd_64.h:#define __NR_clone3 435

> Time to break out the trowel.

I hate seccomp.  I'll leave it commented out, and let those that care
about seccomp deal with it.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can't measure it, you can't improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20251026/f2b11964/attachment.bin>

More information about the devel mailing list