6759b7900e
After a series of amendments the seccomp.patch made ntpd work properly but only on 32-bit systems. This commit replaces that patch with the one submitted upstream by cleverca22 and that fixes the issue also on 64-bit systems. Close #38627, #45885
57 lines
1.4 KiB
Diff
57 lines
1.4 KiB
Diff
From 881e427f3236046466bdb8235edf86e6dfa34391 Mon Sep 17 00:00:00 2001
|
|
From: Michael Bishop <cleverca22@gmail.com>
|
|
Date: Mon, 11 Jun 2018 08:30:48 -0300
|
|
Subject: [PATCH] fix the seccomp filter to include a few previously missed
|
|
syscalls
|
|
|
|
---
|
|
ntpd/ntpd.c | 8 ++++++++
|
|
1 file changed, 8 insertions(+)
|
|
|
|
diff --git a/ntpd/ntpd.c b/ntpd/ntpd.c
|
|
index 2c7f02ec5..4c59dc2ba 100644
|
|
--- a/ntpd/ntpd.c
|
|
+++ b/ntpd/ntpd.c
|
|
@@ -1140,10 +1140,12 @@ int scmp_sc[] = {
|
|
SCMP_SYS(close),
|
|
SCMP_SYS(connect),
|
|
SCMP_SYS(exit_group),
|
|
+ SCMP_SYS(fcntl),
|
|
SCMP_SYS(fstat),
|
|
SCMP_SYS(fsync),
|
|
SCMP_SYS(futex),
|
|
SCMP_SYS(getitimer),
|
|
+ SCMP_SYS(getpid),
|
|
SCMP_SYS(getsockname),
|
|
SCMP_SYS(ioctl),
|
|
SCMP_SYS(lseek),
|
|
@@ -1162,6 +1164,8 @@ int scmp_sc[] = {
|
|
SCMP_SYS(sendto),
|
|
SCMP_SYS(setitimer),
|
|
SCMP_SYS(setsid),
|
|
+ SCMP_SYS(setsockopt),
|
|
+ SCMP_SYS(openat),
|
|
SCMP_SYS(socket),
|
|
SCMP_SYS(stat),
|
|
SCMP_SYS(time),
|
|
@@ -1178,9 +1182,11 @@ int scmp_sc[] = {
|
|
SCMP_SYS(clock_settime),
|
|
SCMP_SYS(close),
|
|
SCMP_SYS(exit_group),
|
|
+ SCMP_SYS(fcntl),
|
|
SCMP_SYS(fsync),
|
|
SCMP_SYS(futex),
|
|
SCMP_SYS(getitimer),
|
|
+ SCMP_SYS(getpid),
|
|
SCMP_SYS(madvise),
|
|
SCMP_SYS(mmap),
|
|
SCMP_SYS(mmap2),
|
|
@@ -1194,6 +1200,8 @@ int scmp_sc[] = {
|
|
SCMP_SYS(select),
|
|
SCMP_SYS(setitimer),
|
|
SCMP_SYS(setsid),
|
|
+ SCMP_SYS(setsockopt),
|
|
+ SCMP_SYS(openat),
|
|
SCMP_SYS(sigprocmask),
|
|
SCMP_SYS(sigreturn),
|
|
SCMP_SYS(socketcall),
|