[Git][NTPsec/ntpsec][master] 2 commits: ntpd/ntp_sandbox.c: allow newfstatat on all archs for glibc-2.34 in seccomp filter

Matt Selsky (@selsky) gitlab at mg.gitlab.com
Fri Dec 31 21:44:13 UTC 2021 


Matt Selsky pushed to branch master at NTPsec / ntpsec


Commits:
a6c08475 by Alex Kiernan at 2021-12-31T18:53:06+00:00
ntpd/ntp_sandbox.c: allow newfstatat on all archs for glibc-2.34 in seccomp filter

On Yocto Poky, newfstatat is used on (at least) arm64, x86_64 and
riscv64:

  2021-12-30T09:32:04 ntpd[341]: ERR: SIGSYS: got a trap.
  2021-12-30T09:32:04 ntpd[341]: ERR: SIGSYS/seccomp bad syscall 262/0xc000003e

Signed-off-by: Alex Kiernan <alex.kiernan at gmail.com>
Signed-off-by: Alex Kiernan <alexk at zuma.ai>

- - - - -
0f94870b by Alex Kiernan at 2021-12-31T18:53:06+00:00
ntpd/ntp_sandbox.c: match riscv to aarch in seccomp filter

On Yocto Poky, faccessat (et al) are also used on riscv64:

  2018-03-09T12:35:32 ntpd[341]: ERR: SIGSYS: got a trap.
  2018-03-09T12:35:32 ntpd[341]: ERR: SIGSYS/seccomp bad syscall 48/0xc00000f3

Signed-off-by: Alex Kiernan <alex.kiernan at gmail.com>
Signed-off-by: Alex Kiernan <alexk at zuma.ai>

- - - - -


1 changed file:

- ntpd/ntp_sandbox.c


Changes:

=====================================
ntpd/ntp_sandbox.c
=====================================
@@ -349,6 +349,7 @@ int scmp_sc[] = {
 	SCMP_SYS(lseek),
 	SCMP_SYS(membarrier),	/* Needed on Alpine 3.11.3 */
 	SCMP_SYS(munmap),
+	SCMP_SYS(newfstatat),
 	SCMP_SYS(open),
 #ifdef __NR_openat
 	SCMP_SYS(openat),	/* SUSE */
@@ -450,9 +451,8 @@ int scmp_sc[] = {
 	/* gentoo 64-bit and 32-bit, Intel and Arm use mmap */
 	SCMP_SYS(mmap),
 #endif
-#if defined(__aarch64__)
+#if defined(__aarch64__) || defined(__riscv)
 	SCMP_SYS(faccessat),
-	SCMP_SYS(newfstatat),
 	SCMP_SYS(renameat),
 	SCMP_SYS(linkat),
 	SCMP_SYS(unlinkat),



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/0bea0bef36ff9cfa3ff52de25a839c283cf46cf7...0f94870b84e68448f16b1304058bde4628dafde5

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/0bea0bef36ff9cfa3ff52de25a839c283cf46cf7...0f94870b84e68448f16b1304058bde4628dafde5
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20211231/e195fdab/attachment.htm>

More information about the vc mailing list