On Fri, Feb 25, 2022 at 02:14:58PM +0000, Paul Brook wrote: > After accepting an ssh connection, the sshd process is killed and I see > the following in dmesg: > > audit: type=1326 audit(1645794361.669:40): auid=0 uid=100 gid=65534 ses=1 > subj==unconfined pid=8338 comm="sshd" exe="/usr/sbin/sshd" sig=31 > arch=40000003 syscall=414 compat=0 ip=0xb7ee3559 code=0x0 > > Sysycall 414 is ppoll_time64, so I'm guessing this is fallout from > ongoing 2038 fixes.
More likely fallout from the move from select()/pselect() to poll()/ppoll() in 8.9. I suspect this affects most 32-bit Linux architectures. > The attached patch fixes this by adding ppoll_time64 the seccomp sanbox > filters, > which seems reasonable as ppoll is already allowed. Yeah, this looks reasonable to me too, though for tidiness I'd suggest moving __NR_ppoll_time64 below __NR_ppoll to match the ordering of __NR_pselect6 and __NR_pselect6_time64. Would you mind sending this upstream to https://bugzilla.mindrot.org/ ? I can do it for you if you can't, but it's usually best to have fewer people in the middle of the discussion. -- Colin Watson (he/him) [cjwat...@debian.org]
