On Mon, Jan 29, 2024 at 10:42:18PM +0000, Thorsten Glaser wrote:
> #define __NR_getrandom 355
> 
> Seems to be this one. Blocked by man-db’s policy, I suppose?

Yes, and see:

man-db 2.8.7 (26 August 2019)
=============================
...
 * Make `seccomp` sandbox allow `getrandom`, used by Hardened Malloc.

So I guess this is because your shell calls getrandom on startup, rather
than waiting until $RANDOM is evaluated, or something like that.  And
nroff is a shell script.

I don't have a problem with backporting that trivial change, though I'd
need to work out the LTS development workflow.  Added to my to-do list.
FYI, you can also use MAN_DISABLE_SECCOMP=1 to bypass the seccomp
sandbox for the time being.

-- 
Colin Watson (he/him)                              [[email protected]]

Reply via email to