On 10/25/2025 8:20 PM PDT Gary E. Miller via devel <[email protected]> wrote: > > > Yo All! > > My ntpd is broken. Seems to be seccomp related: > > I start ntpd this way: > > ~ # ntpd -gnN > > [...] > > 2025-10-25T20:05:04 ntpd[2035]: INIT: sandbox: seccomp enabled. > 2025-10-25T20:05:04 ntpd[2035]: NTSs: loaded certificate (chain) from > /etc/letsencrypt/live/kong.rellim.com/fullchain.pem > 2025-10-25T20:05:04 ntpd[2035]: NTSs: loaded private key from > /etc/letsencrypt/live/kong.rellim.com/privkey.pem > 2025-10-25T20:05:04 ntpd[2035]: NTSs: Private Key OK > Bad system call ntpd -gnN
That should have spat out three values that seem to be absent, a syscall number that is a pain to lookup by hand, its name looked up by seccomp and an arch number that makes manual look up less exhausting. > When I disable building with seccomp, all works fine. > > How does one debug this? > > When I run ntpd this way: > > ~ # strace ntpd -gnN :::snip::: > Looks like clone3() is already an allowed system call. > > Ideas? It might still be clone3 if the following does not generate the right hit or two. `grep -w 435 /usr/include/asm*/unistd*.h` Time to break out the trowel. _______________________________________________ devel mailing list [email protected] https://lists.ntpsec.org/mailman/listinfo/devel
