Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ntpd: Allow additional syscalls in seccomp filter.
Fixes issue #21136. The problem is that the seccomp system call filter configured by ntpd did not include some system calls that were apparently needed. For example the program hanged in getpid just after the filter was installed: prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) = 0 seccomp(SECCOMP_SET_MODE_STRICT, 1, NULL) = -1 EINVAL (Invalid argument) seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=41, filter=0x5620d7f0bd90}) = 0 getpid() = ? I do not know exactly why this is a problem on NixOS only, perhaps we have getpid caching disabled. The fcntl and setsockopt system calls also had to be added. (cherry picked from commit 35e0eea)
- Loading branch information