Testing chrony seccomp support

Florian Weimer fweimer at redhat.com
Tue Oct 6 08:15:38 UTC 2015

On 10/05/2015 05:27 PM, Miroslav Lichvar wrote:
> I guess glibc and getaddrinfo() will be the most problematic part in
> the chrony seccomp support. Is there a precedent in Fedora of a
> package using a seccomp filter and getaddrinfo() by default?

getaddrinfo uses NSS under the cover, which loads NSS modules and runs
their code to perform lookups.  The system configuration may even use
modules which do not come with the distribution.

You need to run getaddrinfo from a separate process/thread which lacks a
seccomp filter.


More information about the devel mailing list