From f35e07aceb4a16121d83b47ee77990018bec98ea Mon Sep 17 00:00:00 2001 From: Joe Slater Date: Thu, 9 Mar 2017 10:58:06 -0800 Subject: [PATCH] chrony: fix build failure for arma9 Eliminate references to syscalls not available for ARM_EABI. Also add a dependency on libseccomp which is needed for scfilter to work. Set PACKAGECONFIG to not enable scfilter, since kernel CONFIG_SECCOMP is unlikely to be set. This aligns the usage of libseccomp with that of other packages. Upstream-Status: Pending Signed-off-by: Joe Slater Refresh patch for new upstream version. Signed-off-by: Robert Joslyn Refreshed for 4.0 Signed-off-by: Khem Raj --- sys_linux.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) --- a/sys_linux.c +++ b/sys_linux.c @@ -499,14 +499,12 @@ SYS_Linux_EnableSystemCallFilter(int lev #endif SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday), - SCMP_SYS(time), /* Process */ SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid), - SCMP_SYS(getrlimit), SCMP_SYS(getuid), SCMP_SYS(getuid32), SCMP_SYS(rt_sigaction), @@ -520,7 +518,6 @@ SYS_Linux_EnableSystemCallFilter(int lev /* Memory */ SCMP_SYS(brk), SCMP_SYS(madvise), - SCMP_SYS(mmap), SCMP_SYS(mmap2), SCMP_SYS(mprotect), SCMP_SYS(mremap), @@ -580,8 +577,6 @@ SYS_Linux_EnableSystemCallFilter(int lev SCMP_SYS(sendmsg), SCMP_SYS(sendto), SCMP_SYS(shutdown), - /* TODO: check socketcall arguments */ - SCMP_SYS(socketcall), /* General I/O */ SCMP_SYS(_newselect), @@ -604,7 +599,6 @@ SYS_Linux_EnableSystemCallFilter(int lev #ifdef __NR_futex_time64 SCMP_SYS(futex_time64), #endif - SCMP_SYS(select), SCMP_SYS(set_robust_list), SCMP_SYS(write), @@ -612,6 +606,15 @@ SYS_Linux_EnableSystemCallFilter(int lev SCMP_SYS(getrandom), SCMP_SYS(sysinfo), SCMP_SYS(uname), + /* not always available */ +#if ! defined(__ARM_EABI__) + SCMP_SYS(time), + SCMP_SYS(getrlimit), + SCMP_SYS(select), + SCMP_SYS(mmap), + /* TODO: check socketcall arguments */ + SCMP_SYS(socketcall), +#endif }; const int denied_any[] = {