On 01/06/2023 14:54, Miroslav Lichvar wrote:
> On Thu, Jun 01, 2023 at 02:20:13PM +0200, jvoisin wrote:
>> alpine:/home/jvoisin/chrony/test/system# grep -i ioctl tmp/chronyd.out
>> [pid 11833] ioctl(3, TIOCGWINSZ, 0x7fffa01bec58) = -1 ENOTTY (Not a tty)
>> [pid 11833] ioctl(5, TIOCGWINSZ,
On Thu, Jun 01, 2023 at 02:20:13PM +0200, jvoisin wrote:
> alpine:/home/jvoisin/chrony/test/system# grep -i ioctl tmp/chronyd.out
> [pid 11833] ioctl(3, TIOCGWINSZ, 0x7fffa01bec58) = -1 ENOTTY (Not a tty)
> [pid 11833] ioctl(5, TIOCGWINSZ, 0x7fffa01bec68) = -1 ENOTTY (Not a tty)
> [pid 11833]
On 01/06/2023 14:17, Miroslav Lichvar wrote:
> On Thu, Jun 01, 2023 at 02:14:40PM +0200, jvoisin wrote:
>> alpine:/home/jvoisin/chrony/test/system# CHRONYD_WRAPPER="strace -f"
>> TEST_SCFILTER=1 ./002-extended
>
> Try removing TEST_SCFILTER=1. It might be interfering with strace.
>
>> Testing
On Thu, Jun 01, 2023 at 02:14:40PM +0200, jvoisin wrote:
> alpine:/home/jvoisin/chrony/test/system# CHRONYD_WRAPPER="strace -f"
> TEST_SCFILTER=1 ./002-extended
Try removing TEST_SCFILTER=1. It might be interfering with strace.
> Testing extended configuration:
> non-default settings:
>
On 01/06/2023 13:59, Miroslav Lichvar wrote:
> On Thu, Jun 01, 2023 at 01:51:27PM +0200, jvoisin wrote:
>> On 01/06/2023 13:31, Miroslav Lichvar wrote:
>>> On Thu, Jun 01, 2023 at 01:16:17PM +0200, jvoisin wrote:
is there a way to tell the strace wrapper to follow children?
>>>
>>> Try
On Thu, Jun 01, 2023 at 01:51:27PM +0200, jvoisin wrote:
> On 01/06/2023 13:31, Miroslav Lichvar wrote:
> > On Thu, Jun 01, 2023 at 01:16:17PM +0200, jvoisin wrote:
> >> is there a way to tell the strace wrapper to follow children?
> >
> > Try CHRONYD_WRAPPER="strace -f" ./002-extended
> >
> >
On 01/06/2023 13:31, Miroslav Lichvar wrote:
> On Thu, Jun 01, 2023 at 01:16:17PM +0200, jvoisin wrote:
>> is there a way to tell the strace wrapper to follow children?
>
> Try CHRONYD_WRAPPER="strace -f" ./002-extended
>
> but you will need to terminate it manually (e.g. ctrl-c).
>
```
On Thu, Jun 01, 2023 at 01:16:17PM +0200, jvoisin wrote:
> is there a way to tell the strace wrapper to follow children?
Try CHRONYD_WRAPPER="strace -f" ./002-extended
but you will need to terminate it manually (e.g. ctrl-c).
--
Miroslav Lichvar
--
To unsubscribe email
On 01/06/2023 13:10, Miroslav Lichvar wrote:
> On Thu, Jun 01, 2023 at 01:04:43PM +0200, jvoisin wrote:
>> Albeit we might want to restrict the parameters passed to ioctl, instead
>> of allowing it unconditionally.
>
> Can you please run it under strace and see what ioctl it needs?
>
> #
On Thu, Jun 01, 2023 at 01:04:43PM +0200, jvoisin wrote:
> Albeit we might want to restrict the parameters passed to ioctl, instead
> of allowing it unconditionally.
Can you please run it under strace and see what ioctl it needs?
# CHRONYD_WRAPPER=strace ./002-extended
# grep ioctl
On 01/06/2023 08:37, Miroslav Lichvar wrote:
> On Wed, May 31, 2023 at 04:54:09PM +0200, jvoisin wrote:
>> alpine:/home/jvoisin/chrony/test/system# cat tmp/chronyd.log
>> 2023-05-31T14:51:14Z chronyd version DEVELOPMENT starting (+CMDMON +NTP
>> +REFCLOCK +RTC -PRIVDROP +SCFILTER +SIGND +ASYNCDNS
On Wed, May 31, 2023 at 04:54:09PM +0200, jvoisin wrote:
> alpine:/home/jvoisin/chrony/test/system# cat tmp/chronyd.log
> 2023-05-31T14:51:14Z chronyd version DEVELOPMENT starting (+CMDMON +NTP
> +REFCLOCK +RTC -PRIVDROP +SCFILTER +SIGND +ASYNCDNS -NTS -SECHASH +IPV6
> -DEBUG)
>
On 31/05/2023 16:42, Miroslav Lichvar wrote:
> On Wed, May 31, 2023 at 04:28:51PM +0200, jvoisin wrote:
>> alpine:/home/jvoisin/chrony/test/system# cat tmp/chronyd.log
>> 2023-05-31T14:28:33Z chronyd version DEVELOPMENT starting (+CMDMON +NTP
>> +REFCLOCK +RTC -PRIVDROP +SCFILTER +SIGND +ASYNCDNS
On Wed, May 31, 2023 at 04:28:51PM +0200, jvoisin wrote:
> alpine:/home/jvoisin/chrony/test/system# cat tmp/chronyd.log
> 2023-05-31T14:28:33Z chronyd version DEVELOPMENT starting (+CMDMON +NTP
> +REFCLOCK +RTC -PRIVDROP +SCFILTER +SIGND +ASYNCDNS -NTS -SECHASH +IPV6
> -DEBUG)
>
On 31/05/2023 16:26, Miroslav Lichvar wrote:
> On Wed, May 31, 2023 at 04:22:09PM +0200, jvoisin wrote:
>> alpine:/home/jvoisin/chrony/test/system# TEST_SCFILTER=1 ./001-minimal
>> Testing minimal configuration:
>> non-default settings:
>> minimal_config=1
>> starting chronyd
On Wed, May 31, 2023 at 04:22:09PM +0200, jvoisin wrote:
> alpine:/home/jvoisin/chrony/test/system# TEST_SCFILTER=1 ./001-minimal
> Testing minimal configuration:
> non-default settings:
> minimal_config=1
> starting chronydOK
> stopping
> Try running the failing test as "TEST_SCFILTER=1 ./001-minimal" and see the
> failing syscall number in the system or audit log.
Unfortunately, Alpine uses busybox' ps:
```
alpine:/home/jvoisin/chrony/test/system# TEST_SCFILTER=1 ./001-minimal
Testing minimal configuration:
non-default
On Mon, May 29, 2023 at 04:07:37PM +0200, jvoisin wrote:
> alpine:/home/jvoisin/chrony/test/system# ./099-scfilter
> Testing system call filter in non-destructive tests:
> level -1:
> 001-minimal BAD
> FAIL
>
On 29/05/2023 09:16, Miroslav Lichvar wrote:
> On Sun, May 28, 2023 at 07:32:12PM +0200, jvoisin wrote:
>>> If you have extracted source code, can you please run these two tests
>>> to confirm there are no other seccomp failures on musl?
>>>
>>> # cd test/system
>>> # ./099-scfilter
>>> #
On Sun, May 28, 2023 at 07:32:12PM +0200, jvoisin wrote:
> > If you have extracted source code, can you please run these two tests
> > to confirm there are no other seccomp failures on musl?
> >
> > # cd test/system
> > # ./099-scfilter
> > # ./199-scfilter
> >
>
> I'd love to, but the latest
> If you have extracted source code, can you please run these two tests
> to confirm there are no other seccomp failures on musl?
>
> # cd test/system
> # ./099-scfilter
> # ./199-scfilter
>
I'd love to, but the latest master doesn't compile here:
```
$ make
[…]
gcc -O2 -g -D_FORTIFY_SOURCE=2
On Sun, May 21, 2023 at 10:41:30PM +0200, jvoisin wrote:
> Hello,
>
> it seems that chrony's seccomp policy doesn't play nice with Alpine
> Linux, likely due to the fact that there is a call to `membarrier`
> somewhere that the latter does and that the former doesn't like.
>
> See
Hello,
it seems that chrony's seccomp policy doesn't play nice with Alpine
Linux, likely due to the fact that there is a call to `membarrier`
somewhere that the latter does and that the former doesn't like.
See https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/47087
for details.
--
23 matches
Mail list logo
