On Mon, Jan 29, 2024 at 10:42:18PM +0000, Thorsten Glaser wrote: > #define __NR_getrandom 355 > > Seems to be this one. Blocked by man-db’s policy, I suppose?
Yes, and see: man-db 2.8.7 (26 August 2019) ============================= ... * Make `seccomp` sandbox allow `getrandom`, used by Hardened Malloc. So I guess this is because your shell calls getrandom on startup, rather than waiting until $RANDOM is evaluated, or something like that. And nroff is a shell script. I don't have a problem with backporting that trivial change, though I'd need to work out the LTS development workflow. Added to my to-do list. FYI, you can also use MAN_DISABLE_SECCOMP=1 to bypass the seccomp sandbox for the time being. -- Colin Watson (he/him) [[email protected]]

