d/patches/: Add allow-waitpid-in-seccomp-filter.patch

2 files changed, 23 insertions, 0 deletions

diff --git a/debian/patches/allow-waitpid-in-seccomp-filter.patch b/debian/patches/allow-waitpid-in-seccomp-filter.patch
new file mode 100644
index 0000000..a4a01b6
--- /dev/null
+++ b/debian/patches/allow-waitpid-in-seccomp-filter.patch
@@ -0,0 +1,22 @@
+From 2ebba7fbaaf7c86d1840cacb7aa78b62d0166d5a Mon Sep 17 00:00:00 2001
+From: Vincent Blut <vincent.debian@free.fr>
+Date: Thu, 28 Feb 2019 16:43:56 +0100
+Subject: sys_linux: allow waitpid in seccomp filter
+
+Forwarded: https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-dev/2019/02/msg00001.html
+Applied-Upstream: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=2ebba7fbaaf7c86d1840cacb7aa78b62d0166d5a
+---
+ sys_linux.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sys_linux.c
++++ b/sys_linux.c
+@@ -493,7 +493,7 @@ SYS_Linux_EnableSystemCallFilter(int lev
+     SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid),
+     SCMP_SYS(getrlimit), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn),
+     SCMP_SYS(rt_sigprocmask), SCMP_SYS(set_tid_address), SCMP_SYS(sigreturn),
+-    SCMP_SYS(wait4),
++    SCMP_SYS(wait4), SCMP_SYS(waitpid),
+     /* Memory */
+     SCMP_SYS(brk), SCMP_SYS(madvise), SCMP_SYS(mmap), SCMP_SYS(mmap2),
+     SCMP_SYS(mprotect), SCMP_SYS(mremap), SCMP_SYS(munmap), SCMP_SYS(shmdt),
diff --git a/debian/patches/series b/debian/patches/series
index 2a354e0..12715d9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 allow-_llseek-in-seccomp-filter.patch
+allow-waitpid-in-seccomp-filter.patch