cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
nixpkgs/pkgs
History
Ambroz Bizjak 35e0eea053 ntpd: Allow additional syscalls in seccomp filter. 
Fixes issue #21136.

The problem is that the seccomp system call filter configured by ntpd did not
include some system calls that were apparently needed. For example the
program hanged in getpid just after the filter was installed:

prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)  = 0
seccomp(SECCOMP_SET_MODE_STRICT, 1, NULL) = -1 EINVAL (Invalid argument)
seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=41, filter=0x5620d7f0bd90}) = 0
getpid()                                = ?

I do not know exactly why this is a problem on NixOS only, perhaps we have getpid
caching disabled.

The fcntl and setsockopt system calls also had to be added.
2017-04-02 21:44:06 +02:00
..
applications surf: 0.7 -> 2.0 2017-04-02 20:11:44 +02:00
build-support buildRustPackage: Fix "warning: file ... may be generated" (#24471) 2017-03-30 15:15:49 +02:00
common-updater
data xorg-rgb: init at 1.0.6 2017-03-30 22:55:26 +02:00
desktops gworkspace: 0.9.3 -> 0.9.4 2017-03-30 14:41:14 -03:00
development kwallet: support GPG-encrypted wallets 2017-04-01 23:42:30 +00:00
games multimc: 5 -> 0.5.1 2017-03-31 18:37:32 -03:00
misc Merge branch 'master' into staging 2017-03-30 12:54:41 -04:00
os-specific Merge pull request #24488 from ndowens/hdparm 2017-04-01 13:50:37 -04:00
servers xorg xf86-input-libinput: 0.23.0 -> 0.25.0 2017-04-02 18:50:42 +02:00
shells oh-my-zsh: 2017-02-27 -> 2017-03-30 2017-03-31 09:22:00 -04:00
stdenv stdenv: aarch64: Update bootstrap tarballs 2017-03-15 19:17:52 +02:00
test
tools ntpd: Allow additional syscalls in seccomp filter. 2017-04-02 21:44:06 +02:00
top-level surf: 0.7 -> 2.0 2017-04-02 20:11:44 +02:00