[Git][NTPsec/ntpsec][master] Unconditionally enable futex in seccomp list
Hal Murray
gitlab at mg.gitlab.com
Wed Dec 26 05:15:42 UTC 2018
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
6838c8e8 by Hal Murray at 2018-12-26T05:14:37Z
Unconditionally enable futex in seccomp list
We don't use threads at all when not using DNS,
but several libraries call pthread_once just in case.
- - - - -
1 changed file:
- ntpd/ntp_sandbox.c
Changes:
=====================================
ntpd/ntp_sandbox.c
=====================================
@@ -303,6 +303,7 @@ int scmp_sc[] = {
#endif
#endif /* ENABLE_EARLY_DROPROOT */
+ SCMP_SYS(access),
SCMP_SYS(adjtimex),
SCMP_SYS(bind),
SCMP_SYS(brk),
@@ -387,7 +388,6 @@ int scmp_sc[] = {
* rather than generate a trap.
*/
SCMP_SYS(clone), /* threads */
- SCMP_SYS(futex), /* sem_xxx, used by threads */
SCMP_SYS(kill), /* generate signal */
SCMP_SYS(madvise),
SCMP_SYS(mprotect),
@@ -397,8 +397,11 @@ int scmp_sc[] = {
SCMP_SYS(statfs),
SCMP_SYS(uname),
#endif
+/* This shouldn't be needed if we don't use DNS, but
+ * several libraries call pthread_once, just in case.
+ */
+ SCMP_SYS(futex), /* sem_xxx, used by threads */
- SCMP_SYS(access),
#ifdef REFCLOCK
SCMP_SYS(nanosleep),
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/6838c8e87e3e6e5914e8a8afd2f47672745bc2de
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/6838c8e87e3e6e5914e8a8afd2f47672745bc2de
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20181226/fbeb4e78/attachment-0001.html>
More information about the vc
mailing list