✘Bad system call

Sat, 25 Oct 2025 20:24:51 -0700 

Yo All!

My ntpd is broken.  Seems to be seccomp related:

I start ntpd this  way:

~ # ntpd -gnN

[...]

2025-10-25T20:05:04 ntpd[2035]: INIT: sandbox: seccomp enabled.
2025-10-25T20:05:04 ntpd[2035]: NTSs: loaded certificate (chain) from 
/etc/letsencrypt/live/kong.rellim.com/fullchain.pem
2025-10-25T20:05:04 ntpd[2035]: NTSs: loaded private key from 
/etc/letsencrypt/live/kong.rellim.com/privkey.pem
2025-10-25T20:05:04 ntpd[2035]: NTSs: Private Key OK
Bad system call            ntpd -gnN

When I disable building with seccomp, all works fine.

How does one debug this?

When I run ntpd this way:

~ # strace ntpd -gnN

[...]

write(4, "2025-10-25T20:06:56 ntpd[2064]: "..., 53) = 53
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f26b0e3cb50, sa_mask=[], 
sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, 
sa_restorer=0x7f26b0de8a20}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
mmap(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, 
-1, 0) = 0x7f26b0521000
madvise(0x7f26b0521000, 4096, MADV_GUARD_INSTALL) = -1 EINVAL (Invalid argument)
mprotect(0x7f26b0521000, 4096, PROT_NONE) = 0
rt_sigprocmask(SIG_BLOCK, ~[], ~[KILL STOP RTMIN RT_1], 8) = 0
clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID,
 child_tid=0x7f26b0d21990, parent_tid=0x7f26b0d21990, exit_signal=0, 
stack=0x7f26b0521000, stack_size=0x7fff80, tls=0x7f26b0d216c0} <unfinished 
...>) = ?
+++ killed by SIGSYS +++
Bad system call            strace ntpd -gnN

Looks like clone3() is already an allowed system call.

Ideas?

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
        [email protected]  Tel:+1 541 382 8588

            Veritas liberabit vos. -- Quid est veritas?
    "If you can't measure it, you can't improve it." - Lord Kelvin

Attachment: pgp0CDz0YUtsD.pgp
Description: OpenPGP digital signature

_______________________________________________
devel mailing list
[email protected]
https://lists.ntpsec.org/mailman/listinfo/devel

Reply via email to