On 10/05/2015 05:27 PM, Miroslav Lichvar wrote: > I guess glibc and getaddrinfo() will be the most problematic part in > the chrony seccomp support. Is there a precedent in Fedora of a > package using a seccomp filter and getaddrinfo() by default? getaddrinfo uses NSS under the cover, which loads NSS modules and runs their code to perform lookups. The system configuration may even use modules which do not come with the distribution. You need to run getaddrinfo from a separate process/thread which lacks a seccomp filter. Florian -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
