On Wed, Apr 26, 2017 at 03:43:58PM +0200, Miroslav Lichvar wrote:
On Wed, Apr 26, 2017 at 03:29:03PM +0200, Vincent Blut wrote:> sys_linux: allow sysinfo in seccomp filter > > It may be used by glob() in latest glibc.Do you have an idea about which commit in glibc justifies this patch?No, sorry. I saw it on Fedora 26, which has glibc-2.24.
Same version here.
If you add the dumpdir and dumponexit options to chrony.conf and run chronyd with -F 1 at least two times to have some files in dumpdir, you should see a crash if glibc is using that syscall.
Ok, it seems that the Fedora glibc maintainers have backported more stuff than we did as I can’t reproduce the crash.
The cleanup of old dump files on start is the only thing in chronyd using glob() after seccomp filter was loaded.
Good to know. Thanks a lot Miroslav!
Description: PGP signature