commit
4e57249fc3
@ -1,26 +0,0 @@
|
||||
From 0cf506c92967c84f9ed83ba9e1be946a7fda6425 Mon Sep 17 00:00:00 2001
|
||||
From: Miroslav Lichvar <mlichvar@redhat.com>
|
||||
Date: Mon, 2 Dec 2019 12:47:13 +0100
|
||||
Subject: sys_linux: allow clock_adjtime in seccomp filter
|
||||
|
||||
The adjtimex() function in glibc was switched to the clock_adjtime
|
||||
system call.
|
||||
|
||||
diff --git a/sys_linux.c b/sys_linux.c
|
||||
index 63eb8f1..fcf89c2 100644
|
||||
--- a/sys_linux.c
|
||||
+++ b/sys_linux.c
|
||||
@@ -478,8 +478,8 @@ SYS_Linux_EnableSystemCallFilter(int level)
|
||||
{
|
||||
const int syscalls[] = {
|
||||
/* Clock */
|
||||
- SCMP_SYS(adjtimex), SCMP_SYS(clock_gettime), SCMP_SYS(gettimeofday),
|
||||
- SCMP_SYS(settimeofday), SCMP_SYS(time),
|
||||
+ SCMP_SYS(adjtimex), SCMP_SYS(clock_adjtime), SCMP_SYS(clock_gettime),
|
||||
+ SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday), SCMP_SYS(time),
|
||||
/* Process */
|
||||
SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid),
|
||||
SCMP_SYS(getrlimit), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn),
|
||||
--
|
||||
cgit v0.10.2
|
||||
|
@ -1,27 +1,22 @@
|
||||
{ stdenv, fetchurl, pkgconfig, libcap, readline, texinfo, nss, nspr
|
||||
, libseccomp, pps-tools }:
|
||||
, libseccomp, pps-tools, gnutls }:
|
||||
|
||||
assert stdenv.isLinux -> libcap != null;
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "chrony";
|
||||
version = "3.5.1";
|
||||
version = "4.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://download.tuxfamily.org/chrony/${pname}-${version}.tar.gz";
|
||||
sha256 = "19ywl8a3lb2id7lcna5hp2g4pjnfwdc9ihr0fk6i9m45vdq2za0v";
|
||||
sha256 = "09f6w2x5h5kamb4rhcbaz911q1f730qdalgsn8s48yjyqlafl9xy";
|
||||
};
|
||||
|
||||
patches = [
|
||||
./allow-clock_adjtime.patch
|
||||
./fix-seccomp-build.patch
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
patchShebangs test
|
||||
'';
|
||||
|
||||
buildInputs = [ readline texinfo nss nspr ]
|
||||
buildInputs = [ readline texinfo nss nspr gnutls ]
|
||||
++ stdenv.lib.optionals stdenv.isLinux [ libcap libseccomp pps-tools ];
|
||||
nativeBuildInputs = [ pkgconfig ];
|
||||
|
||||
|
@ -1,13 +0,0 @@
|
||||
diff --git a/sys_linux.c b/sys_linux.c
|
||||
index 898dc7a7f75..fcd334ecf03 100644
|
||||
--- a/sys_linux.c
|
||||
+++ b/sys_linux.c
|
||||
@@ -503,7 +503,7 @@ SYS_Linux_EnableSystemCallFilter(int level)
|
||||
SCMP_SYS(socketcall),
|
||||
/* General I/O */
|
||||
SCMP_SYS(_newselect), SCMP_SYS(close), SCMP_SYS(open), SCMP_SYS(openat), SCMP_SYS(pipe),
|
||||
- SCMP_SYS(pipe2), SCMP_SYS(poll), SCMP_SYS(ppoll), SCMP_SYS(pselect6), SCMP_SYS(read),
|
||||
+ SCMP_SYS(pipe2), SCMP_SYS(poll), SCMP_SYS(pselect6), SCMP_SYS(read),
|
||||
SCMP_SYS(futex), SCMP_SYS(select), SCMP_SYS(set_robust_list), SCMP_SYS(write),
|
||||
/* Miscellaneous */
|
||||
SCMP_SYS(getrandom), SCMP_SYS(sysinfo), SCMP_SYS(uname),
|
Loading…
Reference in New Issue
Block a user