On Mon, 2 Jan 2017, Aurelien Jarno wrote: > Looking at the issue, it actually appears in __vdso_clock_gettime, which > is provided by the kernel. This code handle the simple cases (REALTIME, > MONOTONIC, REALTIME_COARSE and _MONOTONIC_COARSE) and fallbacks to > the syscall in otherwise, CLOCK_BOOTTIME in the case of sshd.
Ouch – and the kernel probably thinks it’s getting away with this as the kernel architecture is amd64… Can you please forward this to someone at the kernel side (either Debian or upstream) who can have a look? In the meantime, I’ll point this issue out in #debian-x32 on IRC, so the other porters can also look. > On 2017-01-02 17:49, Colin Watson wrote: > > sshd's seccomp sandbox is denying a clock_gettime call. But it's more Probably a stupid idea, but a short-term stopgap: can we disable seccomp on x32 for now? That needs: • in debian/rules: +confflags += --host=${DEB_HOST_GNU_TYPE} This sets $host to x86_64-pc-linux-gnux32 instead of the auto-detected x86_64-pc-linux-gnu (which is amd64) • in configure.ac: AC_MSG_CHECKING([for seccomp architecture]) seccomp_audit_arch= case "$host" in +x86_64-*-gnux32) + # disabled for now, see Debian #849923 + ;; x86_64-*) seccomp_audit_arch=AUDIT_ARCH_X86_64 ;; With this, we can then also later fix the architecture, should the kernel be fixed. Thanks, //mirabilos -- tarent solutions GmbH Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/ Tel: +49 228 54881-393 • Fax: +49 228 54881-235 HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941 Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg