[Git][NTPsec/ntpsec][master] Unconditionally enable futex in seccomp list

Hal Murray gitlab at mg.gitlab.com
Wed Dec 26 05:15:42 UTC 2018


Hal Murray pushed to branch master at NTPsec / ntpsec


Commits:
6838c8e8 by Hal Murray at 2018-12-26T05:14:37Z
Unconditionally enable futex in seccomp list

We don't use threads at all when not using DNS,
but several libraries call pthread_once just in case.

- - - - -


1 changed file:

- ntpd/ntp_sandbox.c


Changes:

=====================================
ntpd/ntp_sandbox.c
=====================================
@@ -303,6 +303,7 @@ int scmp_sc[] = {
 #endif
 #endif  /* ENABLE_EARLY_DROPROOT */
 
+        SCMP_SYS(access),
 	SCMP_SYS(adjtimex),
 	SCMP_SYS(bind),
 	SCMP_SYS(brk),
@@ -387,7 +388,6 @@ int scmp_sc[] = {
  * rather than generate a trap.
  */
 	SCMP_SYS(clone),	/* threads */
-	SCMP_SYS(futex),	/* sem_xxx, used by threads */
 	SCMP_SYS(kill),		/* generate signal */
 	SCMP_SYS(madvise),
 	SCMP_SYS(mprotect),
@@ -397,8 +397,11 @@ int scmp_sc[] = {
 	SCMP_SYS(statfs),
 	SCMP_SYS(uname),
 #endif
+/* This shouldn't be needed if we don't use DNS, but
+ * several libraries call pthread_once, just in case.
+ */
+	SCMP_SYS(futex),	/* sem_xxx, used by threads */
 
-        SCMP_SYS(access),
 
 #ifdef REFCLOCK
 	SCMP_SYS(nanosleep),



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/6838c8e87e3e6e5914e8a8afd2f47672745bc2de

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/6838c8e87e3e6e5914e8a8afd2f47672745bc2de
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20181226/fbeb4e78/attachment-0001.html>


More information about the vc mailing list