There is some sad news here: https://roy.marples.name/archives/dhcpcd-discuss/0003457.html > On 16 Feb 2021, at 15:04, Arne Fitzenreiter wrote: > > Hi, we have to revert this patches back to 9.1.4 because it still not work > with the kernel-4.14.x headers. On i686 it always crash with "Bad System Call". > Looks like not all Systemcalls are defined in the headers. > > This version build with kernel-5.10 works but i have an other problem: > On x86_64 i often got no IP at boot but if i rerun via connscheduler > reconnect it works. > > I think this need intensive testing on all platforms. > > Arne > > > Am 2020-12-29 13:36, schrieb Matthias Fischer: >> For details see: >> https://roy.marples.name/archives/dhcpcd-discuss/0003420.html >> Former patch for Bug #12552 is now included. >> Signed-off-by: Matthias Fischer >> --- >> lfs/dhcpcd | 7 ++-- >> ...r_SECCOMP_as_it_just_uses_socketcall.patch | 36 ------------------- >> 2 files changed, 2 insertions(+), 41 deletions(-) >> delete mode 100644 >> src/patches/dhcpcd/01_Fix_Linux_i386_for_SECCOMP_as_it_just_uses_socketcall.patch >> diff --git a/lfs/dhcpcd b/lfs/dhcpcd >> index 4e34e19d5..352308692 100644 >> --- a/lfs/dhcpcd >> +++ b/lfs/dhcpcd >> @@ -24,7 +24,7 @@ >> include Config >> -VER = 9.3.4 >> +VER = 9.4.0 >> THISAPP = dhcpcd-$(VER) >> DL_FILE = $(THISAPP).tar.xz >> @@ -40,7 +40,7 @@ objects = $(DL_FILE) >> $(DL_FILE) = $(DL_FROM)/$(DL_FILE) >> -$(DL_FILE)_MD5 = badb02dfc69fe9bbeec35a02efcdb4db >> +$(DL_FILE)_MD5 = c36715fc629bc40aa94aae06fa1724c2 >> install : $(TARGET) >> @@ -70,9 +70,6 @@ $(subst %,%_MD5,$(objects)) : >> $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >> @$(PREBUILD) >> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) >> - >> - cd $(DIR_APP) && patch -Np1 -i >> $(DIR_SRC)/src/patches/dhcpcd/01_Fix_Linux_i386_for_SECCOMP_as_it_just_uses_socketcall.patch >> - >> cd $(DIR_APP) && ./configure --prefix="" --sysconfdir=/var/ipfire/dhcpc \ >> --dbdir=/var/ipfire/dhcpc \ >> --libexecdir=/var/ipfire/dhcpc \ >> diff --git >> a/src/patches/dhcpcd/01_Fix_Linux_i386_for_SECCOMP_as_it_just_uses_socketcall.patch >> b/src/patches/dhcpcd/01_Fix_Linux_i386_for_SECCOMP_as_it_just_uses_socketcall.patch >> deleted file mode 100644 >> index 9efcde219..000000000 >> --- >> a/src/patches/dhcpcd/01_Fix_Linux_i386_for_SECCOMP_as_it_just_uses_socketcall.patch >> +++ /dev/null >> @@ -1,36 +0,0 @@ >> -diff --git a/src/privsep-linux.c b/src/privsep-linux.c >> -index 050a30cf..d31d720d 100644 >> ---- a/src/privsep-linux.c >> -+++ b/src/privsep-linux.c >> -@@ -32,6 +32,7 @@ >> - >> - #include >> - #include >> -+#include >> - #include >> - #include >> - >> -@@ -304,6 +305,23 @@ static struct sock_filter ps_seccomp_filter[] = { >> - #ifdef __NR_sendto >> - SECCOMP_ALLOW(__NR_sendto), >> - #endif >> -+#ifdef __NR_socketcall >> -+ /* i386 needs this and demonstrates why SECCOMP >> -+ * is poor compared to OpenBSD pledge(2) and FreeBSD capsicum(4) >> -+ * as this is soooo tied to the kernel API which changes per arch >> -+ * and likely libc as well. */ >> -+ SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_ACCEPT), >> -+ SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_ACCEPT4), >> -+ SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_LISTEN), >> -+ SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_GETSOCKOPT), /* overflow */ >> -+ SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_RECV), >> -+ SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_RECVFROM), >> -+ SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_RECVMSG), >> -+ SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_SEND), >> -+ SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_SENDMSG), >> -+ SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_SENDTO), >> -+ SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_SHUTDOWN), >> -+#endif >> - #ifdef __NR_shutdown >> - SECCOMP_ALLOW(__NR_shutdown), >> - #endif