Seccomp kills child process after clock_gettime syscall
| Task Info (Flyspray) | |
|---|---|
| Opened By | Szunti (Szunti) |
| Task ID | 63129 |
| Type | Bug Report |
| Project | Community Packages |
| Category | Packages |
| Version | None |
| OS | All |
| Opened | 2019-07-08 17:31:52 UTC |
| Status | Assigned |
| Assignee | Levente Polyak (anthraxx) |
Details
Description: Maybe should go upstream, but I saw that other syscalls were whitelisted with a patch recently. gettimeofday is already whitelisted, but it's never called. Its in the vdso and if the tsc clocksource is used by the kernel a syscall is not made at all, if the clocksource is not tsc (kernel deemed it unreliable in my case) then it falls back on the clock_gettime syscall.
Then every attempt to connect to the server is closed immediately with 500 OOPS: child died
Patching seccompsandbox.c:
allow_nr(__NR_gettimeofday); /* Used by logging. */ +allow_nr(__NR_clock_gettime);
fixes it.
Additional info:
- package version(s) vsftpd 3.0.3-6
Steps to reproduce:
- Set clocksource to hpet (echo hpet > /sys/devices/system/clocksource/clocksource0/current_clocksource)
- Run vsftpd
- Get 500 OOPS: children died error in client