You need to sign in or sign up before continuing.
ntpd built with seccomp gets a SIGSYS shortly after startup
When ntpsec is build with seccomp support, ntpd crashes shortly after startup. The steps to reproduce are
-
/usr/sbin/ntpd -g -u ntp:ntp -l /var/log/ntpd.log
-
The log file shows:
02-24T09:07:18 ntpd[9549]: INIT: ntpd ntpsec-1.0.0+1 2017-10-09T23:52:12-0400: Starting
02-24T09:07:18 ntpd[9549]: INIT: Command line: /usr/sbin/ntpd -g -u ntp:ntp -l /var/log/ntpd.log
02-24T09:07:18 ntpd[9554]: PROTO: precision = 0.122 usec (-23)
02-24T09:07:18 ntpd[9554]: INIT: successfully locked into RAM
02-24T09:07:18 ntpd[9554]: INIT: sandbox: seccomp enabled.
02-24T09:07:18 ntpd[9554]: CONFIG: readconfig: parsing file: /etc/ntp.conf
02-24T09:07:18 ntpd[9554]: ERR: SIGSYS: got a trap.
02-24T09:07:18 ntpd[9554]: ERR: SIGSYS/seccomp bad syscall 78/0xc000003e
According to <asm/unistd_64.h>, syscall 78 is getdents(). This is confirmed by and strace.
-
strace -f /usr/sbin/ntpd -g -u ntp:ntp -l /var/log/ntpd.log
ends with:
open("/etc/ntp.conf", O_RDONLY) = 4
getpid() = 9554
write(3, "02-24T09:07:18 ntpd[9554]: CONFI"..., 75) = 75
fstat(4, {st_mode=S_IFREG|0644, st_size=259, ...}) = 0
read(4, "server ntp.orchardos.com\n\nrestri"..., 4096) = 259
read(4, "", 4096) = 0
stat("/etc/ntp.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/etc/ntp.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/etc/ntp.d", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 5
fstat(5, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
getdents(5, /* d_reclen < sizeof(struct dirent) */ /* 1 entries */, 32768) = 78
--- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP, si_call_addr=0x797fe0af2d5a, si_syscall=__NR_getdents, si_arch=AUDIT_ARCH_X86_64} ---
getpid() = 9554
write(3, "02-24T09:07:18 ntpd[9554]: ERR: "..., 52) = 52
getpid() = 9554
write(3, "02-24T09:07:18 ntpd[9554]: ERR: "..., 73) = 73
exit_group(1) = ?
+++ exited with 1 +++
I suspect getdents() is being called to read the contents of /etc/ntp.d shortly after reading /etc/ntp.conf.