diff options
| author | Joachim F <joachifm@users.noreply.github.com> | 2017-04-06 11:06:13 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-04-06 11:06:13 +0100 |
| commit | bb771e040556e5c78a864e4ff059fdc11dbe4151 (patch) | |
| tree | 207947494e64ded5ec1dab755a82feab62aefe9d /pkgs/tools/networking/ntp | |
| parent | 0f9fd51b20c9d38a5f85851d41f08aa27486b09e (diff) | |
| parent | 35e0eea053d81f7aa933cd2747f43d3b4524c326 (diff) | |
| download | nixlib-bb771e040556e5c78a864e4ff059fdc11dbe4151.tar nixlib-bb771e040556e5c78a864e4ff059fdc11dbe4151.tar.gz nixlib-bb771e040556e5c78a864e4ff059fdc11dbe4151.tar.bz2 nixlib-bb771e040556e5c78a864e4ff059fdc11dbe4151.tar.lz nixlib-bb771e040556e5c78a864e4ff059fdc11dbe4151.tar.xz nixlib-bb771e040556e5c78a864e4ff059fdc11dbe4151.tar.zst nixlib-bb771e040556e5c78a864e4ff059fdc11dbe4151.zip | |
Merge pull request #24573 from ambrop72/ntpd-fix
ntpd: Add patch to allow getpid syscall in seccomp filter.
Diffstat (limited to 'pkgs/tools/networking/ntp')
| -rw-r--r-- | pkgs/tools/networking/ntp/default.nix | 4 | ||||
| -rw-r--r-- | pkgs/tools/networking/ntp/seccomp.patch | 44 |
2 files changed, 48 insertions, 0 deletions
diff --git a/pkgs/tools/networking/ntp/default.nix b/pkgs/tools/networking/ntp/default.nix index b4053c7a956c..29f8e1ae2570 100644 --- a/pkgs/tools/networking/ntp/default.nix +++ b/pkgs/tools/networking/ntp/default.nix @@ -15,6 +15,10 @@ stdenv.mkDerivation rec { sha256 = "17xrk7gxrl3hgg0i73n8qm53knyh01lf0f3l1zx9x6r1cip3dlnx"; }; + # The hardcoded list of allowed system calls for seccomp is + # insufficient for NixOS, add more to make it work (issue #21136). + patches = [ ./seccomp.patch ]; + configureFlags = [ "--sysconfdir=/etc" "--localstatedir=/var" diff --git a/pkgs/tools/networking/ntp/seccomp.patch b/pkgs/tools/networking/ntp/seccomp.patch new file mode 100644 index 000000000000..28de2f01d073 --- /dev/null +++ b/pkgs/tools/networking/ntp/seccomp.patch @@ -0,0 +1,44 @@ +diff -urN ntp-4.2.8p10.orig/ntpd/ntpd.c ntp-4.2.8p10/ntpd/ntpd.c +--- ntp-4.2.8p10.orig/ntpd/ntpd.c 2017-04-02 20:21:17.371319663 +0200 ++++ ntp-4.2.8p10/ntpd/ntpd.c 2017-04-02 21:26:02.766178723 +0200 +@@ -1157,10 +1157,12 @@ + SCMP_SYS(close), + SCMP_SYS(connect), + SCMP_SYS(exit_group), ++ SCMP_SYS(fcntl), + SCMP_SYS(fstat), + SCMP_SYS(fsync), + SCMP_SYS(futex), + SCMP_SYS(getitimer), ++ SCMP_SYS(getpid), + SCMP_SYS(getsockname), + SCMP_SYS(ioctl), + SCMP_SYS(lseek), +@@ -1179,6 +1181,7 @@ + SCMP_SYS(sendto), + SCMP_SYS(setitimer), + SCMP_SYS(setsid), ++ SCMP_SYS(setsockopt), + SCMP_SYS(socket), + SCMP_SYS(stat), + SCMP_SYS(time), +@@ -1195,9 +1198,11 @@ + SCMP_SYS(clock_settime), + SCMP_SYS(close), + SCMP_SYS(exit_group), ++ SCMP_SYS(fcntl), + SCMP_SYS(fsync), + SCMP_SYS(futex), + SCMP_SYS(getitimer), ++ SCMP_SYS(getpid), + SCMP_SYS(madvise), + SCMP_SYS(mmap), + SCMP_SYS(mmap2), +@@ -1211,6 +1216,7 @@ + SCMP_SYS(select), + SCMP_SYS(setitimer), + SCMP_SYS(setsid), ++ SCMP_SYS(setsockopt), + SCMP_SYS(sigprocmask), + SCMP_SYS(sigreturn), + SCMP_SYS(socketcall), |