[Git][NTPsec/ntpsec][master] Update seccomp for arm64, amd64, and i386

[Hal Murray (@hal.murray)]

Hal Murray pushed to branch master at NTPsec / ntpsec


Commits:
c3c1b64a by James Browning at 2025-06-28T02:48:32-07:00
Update seccomp for arm64, amd64, and i386

- - - - -


1 changed file:

- ntpd/ntp_sandbox.c


Changes:

=====================================
ntpd/ntp_sandbox.c
=====================================
@@ -460,14 +460,38 @@ int scmp_sc[] = {
 	SCMP_SYS(renameat),
 	SCMP_SYS(linkat),
 	SCMP_SYS(unlinkat),
-#endif
+#endif // __aarch64__ or __riscv
 #if defined(__i386__) || defined(__arm__) || defined(__powerpc__)
 	SCMP_SYS(_newselect),
 	SCMP_SYS(_llseek),
 	SCMP_SYS(mmap2),
 	SCMP_SYS(send),
 	SCMP_SYS(stat64),
-#endif
+#endif // __i386__, __arm__, or__powerpc__
+#if defined(__i386__)
+	SCMP_SYS(timer_settime64),
+	SCMP_SYS(clock_gettime64),
+	SCMP_SYS(stat64),
+	SCMP_SYS(statx),
+	SCMP_SYS(clock_settime64),
+	SCMP_SYS(timer_gettime64),
+	SCMP_SYS(clock_adjtime64),
+	SCMP_SYS(clock_getres_time64),
+#endif  // __i386__
+#if defined(HAVE_DNS_SD_H)
+	#if defined(__aarch64__) || defined(__amd64__)
+		SCMP_SYS(readlinkat),
+		SCMP_SYS(pipe2),
+		SCMP_SYS(getresuid),
+		SCMP_SYS(getresgid),
+	#endif // __amd64__ or __aarch64__
+	#if defined(__i386__)
+		SCMP_SYS(readlink),
+		SCMP_SYS(pipe2),
+		SCMP_SYS(getresuid32),
+		SCMP_SYS(getresgid32),
+	#endif // __i386__
+#endif // HAVE_DNS_SD_H
 };
 	{
 		for (unsigned int i = 0; i < COUNTOF(scmp_sc); i++) {



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/commit/c3c1b64a6e3d740f24338680a0621bb53d0a9d4f

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/commit/c3c1b64a6e3d740f24338680a0621bb53d0a9d4f
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20250628/3c89c884/attachment-0001.htm>