Hi Arne,
interesting solution, but I am okay with it for the time being.
Hopefully upstream will fix this in the next release.
Best, -Michael
On 10 Apr 2020, at 20:46, Arne Fitzenreiter arne_f@ipfire.org wrote:
glibc calls clock_nanosleep_time64 syscall even if it not defined in the headers for this arch and the seccomp filter kills the process with because an unknown syscall.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
lfs/openssh | 1 + ...SH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch | 13 +++++++++++++ 2 files changed, 14 insertions(+) create mode 100644 src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch
diff --git a/lfs/openssh b/lfs/openssh index 68a7d63cd..2f3eda74f 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -71,6 +71,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && sed -i "s/lkrb5 -ldes/lkrb5/" configure
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch cd $(DIR_APP) && ./configure \ --prefix=/usr \ --sysconfdir=/etc/ssh \
diff --git a/src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch b/src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch new file mode 100644 index 000000000..5199872d9 --- /dev/null +++ b/src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch @@ -0,0 +1,13 @@ +diff -Naur openssh-8.2p1.org/sandbox-seccomp-filter.c openssh-8.2p1/sandbox-seccomp-filter.c +--- openssh-8.2p1.org/sandbox-seccomp-filter.c 2020-04-10 18:14:56.152309584 +0200 ++++ openssh-8.2p1/sandbox-seccomp-filter.c 2020-04-10 21:05:45.827921765 +0200 +@@ -253,6 +253,9 @@
- #endif
- #ifdef __NR_clock_nanosleep_time64
- SC_ALLOW(__NR_clock_nanosleep_time64),
++#else ++ /* on i586 glibc call syscall 407 which is not defined */ ++ SC_ALLOW(407),
- #endif
- #ifdef __NR_clock_gettime64
- SC_ALLOW(__NR_clock_gettime64),
-- 2.17.1