From: Michael Hudson-Doyle <michael.hud...@canonical.com> Libc 2.35 will use rseq syscalls [[2][1] by default and thereby break chrony in seccomp isolation.
[1]: https://www.efficios.com/blog/2019/02/08/linux-restartable-sequences/ [2]: https://sourceware.org/pipermail/libc-alpha/2022-February/136040.html Tested-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Reviewed-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Michael Hudson-Doyle <michael.hud...@canonical.com> --- sys_linux.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sys_linux.c b/sys_linux.c index 9cab2efa..1b9ba5f8 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -601,6 +601,9 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) SCMP_SYS(getrandom), SCMP_SYS(sysinfo), SCMP_SYS(uname), +#ifdef __NR_rseq + SCMP_SYS(rseq), +#endif }; const int denied_any[] = { -- 2.35.0 -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.