summaryrefslogtreecommitdiff
path: root/net-misc/chrony/files/chrony-4.2-seccomp-rseq.patch
diff options
context:
space:
mode:
Diffstat (limited to 'net-misc/chrony/files/chrony-4.2-seccomp-rseq.patch')
-rw-r--r--net-misc/chrony/files/chrony-4.2-seccomp-rseq.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/net-misc/chrony/files/chrony-4.2-seccomp-rseq.patch b/net-misc/chrony/files/chrony-4.2-seccomp-rseq.patch
new file mode 100644
index 000000000000..e36a7b33186a
--- /dev/null
+++ b/net-misc/chrony/files/chrony-4.2-seccomp-rseq.patch
@@ -0,0 +1,30 @@
+https://git.tuxfamily.org/chrony/chrony.git/patch/?id=8bb8f15a7d049ed26c69d95087065b381f76ec4d
+
+From: Michael Hudson-Doyle <michael.hudson@canonical.com>
+Date: Wed, 9 Feb 2022 09:06:13 +0100
+Subject: sys_linux: allow rseq in seccomp filter
+
+Libc 2.35 will use rseq syscalls [1][2] by default and thereby
+break chrony in seccomp isolation.
+
+[1]: https://www.efficios.com/blog/2019/02/08/linux-restartable-sequences/
+[2]: https://sourceware.org/pipermail/libc-alpha/2022-February/136040.html
+
+Tested-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
+Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
+Signed-off-by: Michael Hudson-Doyle <michael.hudson@canonical.com>
+Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
+
+--- a/sys_linux.c
++++ b/sys_linux.c
+@@ -497,6 +497,9 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
+ SCMP_SYS(getrlimit),
+ SCMP_SYS(getuid),
+ SCMP_SYS(getuid32),
++#ifdef __NR_rseq
++ SCMP_SYS(rseq),
++#endif
+ SCMP_SYS(rt_sigaction),
+ SCMP_SYS(rt_sigreturn),
+ SCMP_SYS(rt_sigprocmask),
+cgit v0.10.2
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 15:02:33 +0000