net-misc/chrony: allow clone3 for glibc-2.34 (seccomp filter fix)

Bug: https://bugs.gentoo.org/823692
Signed-off-by: Sam James <sam@gentoo.org>

2 files changed, 31 insertions, 0 deletions

diff --git a/net-misc/chrony/chrony-4.1-r1.ebuild b/net-misc/chrony/chrony-4.1-r2.ebuild
index 600250a5169f..1f5c3e41f685 100644
--- a/net-misc/chrony/chrony-4.1-r1.ebuild
+++ b/net-misc/chrony/chrony-4.1-r2.ebuild
@@ -76,6 +76,7 @@ fi
 PATCHES=(
 	"${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch
 	"${FILESDIR}"/${PN}-4.1-systemd-gentoo.patch
+	"${FILESDIR}"/${P}-seccomp-glibc-2-3-4.patch
 )
 
 src_prepare() {
diff --git a/net-misc/chrony/files/chrony-4.1-seccomp-glibc-2-3-4.patch b/net-misc/chrony/files/chrony-4.1-seccomp-glibc-2-3-4.patch
new file mode 100644
index 000000000000..56dd89b3ffdc
--- /dev/null
+++ b/net-misc/chrony/files/chrony-4.1-seccomp-glibc-2-3-4.patch
@@ -0,0 +1,30 @@
+https://git.tuxfamily.org/chrony/chrony.git/patch/?id=bbbd80bf03223f181d4abf5c8e5fe6136ab6129a
+
+From bbbd80bf03223f181d4abf5c8e5fe6136ab6129a Mon Sep 17 00:00:00 2001
+From: Miroslav Lichvar <mlichvar@redhat.com>
+Date: Mon, 9 Aug 2021 11:48:21 +0200
+Subject: sys_linux: allow clone3 and pread64 in seccomp filter
+
+These seem to be needed with the latest glibc.
+
+--- a/sys_linux.c
++++ b/sys_linux.c
+@@ -503,6 +503,9 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
+ 
+     /* Process */
+     SCMP_SYS(clone),
++#ifdef __NR_clone3
++    SCMP_SYS(clone3),
++#endif
+     SCMP_SYS(exit),
+     SCMP_SYS(exit_group),
+     SCMP_SYS(getpid),
+@@ -595,6 +598,7 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
+ #ifdef __NR_ppoll_time64
+     SCMP_SYS(ppoll_time64),
+ #endif
++    SCMP_SYS(pread64),
+     SCMP_SYS(pselect6),
+ #ifdef __NR_pselect6_time64
+     SCMP_SYS(pselect6_time64),
+cgit v0.10.2