chrony-4.2-seccomp-rseq.patch (1111B)
- https://git.tuxfamily.org/chrony/chrony.git/patch/?id=8bb8f15a7d049ed26c69d95087065b381f76ec4d
- From: Michael Hudson-Doyle <michael.hudson@canonical.com>
- Date: Wed, 9 Feb 2022 09:06:13 +0100
- Subject: sys_linux: allow rseq in seccomp filter
- Libc 2.35 will use rseq syscalls [1][2] by default and thereby
- break chrony in seccomp isolation.
- [1]: https://www.efficios.com/blog/2019/02/08/linux-restartable-sequences/
- [2]: https://sourceware.org/pipermail/libc-alpha/2022-February/136040.html
- Tested-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
- Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
- Signed-off-by: Michael Hudson-Doyle <michael.hudson@canonical.com>
- Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
- --- a/sys_linux.c
- +++ b/sys_linux.c
- @@ -497,6 +497,9 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
- SCMP_SYS(getrlimit),
- SCMP_SYS(getuid),
- SCMP_SYS(getuid32),
- +#ifdef __NR_rseq
- + SCMP_SYS(rseq),
- +#endif
- SCMP_SYS(rt_sigaction),
- SCMP_SYS(rt_sigreturn),
- SCMP_SYS(rt_sigprocmask),
- cgit v0.10.2