Testing chrony seccomp support
Florian Weimer
fweimer at redhat.com
Tue Oct 6 08:15:38 UTC 2015
On 10/05/2015 05:27 PM, Miroslav Lichvar wrote:
> I guess glibc and getaddrinfo() will be the most problematic part in
> the chrony seccomp support. Is there a precedent in Fedora of a
> package using a seccomp filter and getaddrinfo() by default?
getaddrinfo uses NSS under the cover, which loads NSS modules and runs
their code to perform lookups. The system configuration may even use
modules which do not come with the distribution.
You need to run getaddrinfo from a separate process/thread which lacks a
seccomp filter.
Florian
More information about the devel
mailing list