--- /dev/null
+From 0cf506c92967c84f9ed83ba9e1be946a7fda6425 Mon Sep 17 00:00:00 2001
+From: Miroslav Lichvar <mlichvar@redhat.com>
+Date: Mon, 2 Dec 2019 12:47:13 +0100
+Subject: sys_linux: allow clock_adjtime in seccomp filter
+
+The adjtimex() function in glibc was switched to the clock_adjtime
+system call.
+
+diff --git a/sys_linux.c b/sys_linux.c
+index 63eb8f1..fcf89c2 100644
+--- a/sys_linux.c
++++ b/sys_linux.c
+@@ -478,8 +478,8 @@ SYS_Linux_EnableSystemCallFilter(int level)
+ {
+ const int syscalls[] = {
+ /* Clock */
+- SCMP_SYS(adjtimex), SCMP_SYS(clock_gettime), SCMP_SYS(gettimeofday),
+- SCMP_SYS(settimeofday), SCMP_SYS(time),
++ SCMP_SYS(adjtimex), SCMP_SYS(clock_adjtime), SCMP_SYS(clock_gettime),
++ SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday), SCMP_SYS(time),
+ /* Process */
+ SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid),
+ SCMP_SYS(getrlimit), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn),
+--
+cgit v0.10.2
+
Summary: An NTP client/server
Name: chrony
Version: 3.5
-Release: 1
+Release: 2
License: GPL v2
Group: Daemons
Source0: http://download.tuxfamily.org/chrony/%{name}-%{version}.tar.gz
Source3: %{name}d.sysconfig
Source4: %{name}d.init
Source5: %{name}.logrotate
+Patch0: allow-clock_adjtime.patch
+Patch1: fix-seccomp-build.patch
URL: http://chrony.tuxfamily.org/
BuildRequires: asciidoc
BuildRequires: bison
BuildRequires: libcap-devel
+BuildRequires: libseccomp-devel
BuildRequires: nettle-devel >= %{nettle_ver}
BuildRequires: nss-devel
BuildRequires: readline-devel
%prep
%setup -q
+%patch0 -p1
+%patch1 -p1
%build
# NOTE: It is not autoconf generated configre
CFLAGS="%{rpmcflags} -Wmissing-prototypes -Wall" \
CPPFLAGS="%{rpmcppflags}" \
./configure \
+ --enable-ntp-signd \
+ --enable-scfilter \
--prefix=%{_prefix} \
--sysconfdir=%{_sysconfdir} \
--docdir=%{_docdir} \
- --without-editline \
+ --with-ntp-era=$(date -d '1970-01-01 00:00:00+00:00' +'%s') \
+ --with-hwclockfile=%{_sysconfdir}/adjtime \
+ --with-sendmail=%{_sbindir}/sendmail \
+ --without-editline
%{__make} getdate all docs \
ADOC=asciidoc
--- /dev/null
+diff --git a/sys_linux.c b/sys_linux.c
+index 898dc7a7f75..fcd334ecf03 100644
+--- a/sys_linux.c
++++ b/sys_linux.c
+@@ -503,7 +503,7 @@ SYS_Linux_EnableSystemCallFilter(int level)
+ SCMP_SYS(socketcall),
+ /* General I/O */
+ SCMP_SYS(_newselect), SCMP_SYS(close), SCMP_SYS(open), SCMP_SYS(openat), SCMP_SYS(pipe),
+- SCMP_SYS(pipe2), SCMP_SYS(poll), SCMP_SYS(ppoll), SCMP_SYS(pselect6), SCMP_SYS(read),
++ SCMP_SYS(pipe2), SCMP_SYS(poll), SCMP_SYS(pselect6), SCMP_SYS(read),
+ SCMP_SYS(futex), SCMP_SYS(select), SCMP_SYS(set_robust_list), SCMP_SYS(write),
+ /* Miscellaneous */
+ SCMP_SYS(getrandom), SCMP_SYS(sysinfo), SCMP_SYS(uname),