----==_mimepart_58f4a8c135539_58583fa0b7b2fc2c1674a
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

  Branch: refs/heads/release-17.03
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 3069f721ece8156d0b41ac3b9b577f78e74b8eaa
      https://github.com/NixOS/nixpkgs/commit/3069f721ece8156d0b41ac3b9b577f78e74b8eaa
  Author: Ambroz Bizjak <ambrop7@gmail.com>
  Date:   2017-04-17 (Mon, 17 Apr 2017)

  Changed paths:
    M pkgs/tools/networking/ntp/default.nix
    A pkgs/tools/networking/ntp/seccomp.patch

  Log Message:
  -----------
  ntpd: Allow additional syscalls in seccomp filter.

Fixes issue #21136.

The problem is that the seccomp system call filter configured by ntpd did not
include some system calls that were apparently needed. For example the
program hanged in getpid just after the filter was installed:

prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)  = 0
seccomp(SECCOMP_SET_MODE_STRICT, 1, NULL) = -1 EINVAL (Invalid argument)
seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=41, filter=0x5620d7f0bd90}) = 0
getpid()                                = ?

I do not know exactly why this is a problem on NixOS only, perhaps we have getpid
caching disabled.

The fcntl and setsockopt system calls also had to be added.

(cherry picked from commit 35e0eea053d81f7aa933cd2747f43d3b4524c326)



----==_mimepart_58f4a8c135539_58583fa0b7b2fc2c1674a
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
nix-commits mailing list
nix-commits@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits

----==_mimepart_58f4a8c135539_58583fa0b7b2fc2c1674a--