[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] Allow clock_gettime64; return ENOSYS so libcs can engage fallbac
|
From: |
S. Gilles |
|
Subject: |
[PATCH] Allow clock_gettime64; return ENOSYS so libcs can engage fallbacks |
|
Date: |
Wed, 12 Aug 2020 16:40:07 -0400 |
libcs such as musl expect ENOSYS to be returned (not EPERM) in their
fallback code, so change the seccomp filter to be more agreeable to
them.
At the same time, clock_gettime is permitted in the filter, so permit
clock_gettime64 as well -- it will be needed by 2038 in any case.
---
This is motivated by my arm32 (musl) machine and discussion with Rich
Felker. Without these changes, man invokes xz which calls
clock_gettime64 in a loop, spinning endlessly.
Thanks!
lib/sandbox.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/sandbox.c b/lib/sandbox.c
index 21ec28aa..d934a0f9 100644
--- a/lib/sandbox.c
+++ b/lib/sandbox.c
@@ -232,7 +232,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive)
;
debug ("initialising seccomp filter (permissive: %d)\n", permissive);
- ctx = seccomp_init (SCMP_ACT_ERRNO (EPERM));
+ ctx = seccomp_init (SCMP_ACT_ERRNO (ENOSYS));
if (!ctx)
error (FATAL, errno, "can't initialise seccomp filter");
@@ -271,6 +271,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive)
/* systemd: SystemCallFilter=@default */
SC_ALLOW ("clock_getres");
SC_ALLOW ("clock_gettime");
+ SC_ALLOW ("clock_gettime64");
SC_ALLOW ("clock_nanosleep");
SC_ALLOW ("execve");
SC_ALLOW ("exit");
--
2.28.0
- [PATCH] Allow clock_gettime64; return ENOSYS so libcs can engage fallbacks,
S. Gilles <=