From b04b61ad2aa42e8353a661b06441b8412d14124e Mon Sep 17 00:00:00 2001
From: Marcin Krol <hawk@tld-linux.org>
Date: Sat, 18 Sep 2021 13:26:40 +0200
Subject: [PATCH] - upstream fix for recent glibc

---
 chrony-seccomp.patch | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 chrony-seccomp.patch

diff --git a/chrony-seccomp.patch b/chrony-seccomp.patch
new file mode 100644
index 0000000..1cc432d
--- /dev/null
+++ b/chrony-seccomp.patch
@@ -0,0 +1,30 @@
+commit bbbd80bf03223f181d4abf5c8e5fe6136ab6129a
+Author: Miroslav Lichvar <mlichvar@redhat.com>
+Date:   Mon Aug 9 11:48:21 2021 +0200
+
+    sys_linux: allow clone3 and pread64 in seccomp filter
+    
+    These seem to be needed with the latest glibc.
+
+diff --git a/sys_linux.c b/sys_linux.c
+index 50c08431..2b53f722 100644
+--- a/sys_linux.c
++++ b/sys_linux.c
+@@ -503,6 +503,9 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
+ 
+     /* Process */
+     SCMP_SYS(clone),
++#ifdef __NR_clone3
++    SCMP_SYS(clone3),
++#endif
+     SCMP_SYS(exit),
+     SCMP_SYS(exit_group),
+     SCMP_SYS(getpid),
+@@ -595,6 +598,7 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
+ #ifdef __NR_ppoll_time64
+     SCMP_SYS(ppoll_time64),
+ #endif
++    SCMP_SYS(pread64),
+     SCMP_SYS(pselect6),
+ #ifdef __NR_pselect6_time64
+     SCMP_SYS(pselect6_time64),
-- 
2.44.0