On Tue, 2015-01-27 at 21:17 +0800, Lemon Lam wrote: > ? 2015/1/27 ?? 09:10, Nikos Mavrogiannopoulos ??: > > On Tue, Jan 27, 2015 at 10:39 AM, Lemon Lam <alemonmk at gmail.com> wrote: > >> ? 2015/1/27 ?? 05:10, Nikos Mavrogiannopoulos ??: > >>> On Tue, Jan 27, 2015 at 10:01 AM, Lemon Lam <alemonmk at gmail.com> wrote: > >>>>> Do you use linux-namespaces or seccomp? If yes try disabling it. > >>>>> Otherwise please provide more information about your build. > >>>> I can confirm that disabling seccomp do get rid of the problem. > >>> Then, could you provide more information about your kernel version, > >>> the cpu architecture, and the output of "strace -f" of ocserv? > >> Kernel is Linode's customised 3.18.1-x86_64, but the OS is i386. > >> strace output is attached. > > > > As far as I understand the seccomp filter does prevent select() from > > being executed. Do you have the latest libseccomp in that platform? > Yes, libseccomp2 from Debian repo is 2.1.1, same with the one on > sourceforge, aptitude tells me that it's up to date too. Thanks to Paul Moore, the issue is found. In x86, glibc calls _newselect() instead of the select() system call. That was not shown by strace for some reason. I've committed a fix in master which should allow enabling seccomp in x86. http://git.infradead.org/ocserv.git/commitdiff/639514d1e10c0781eb43f6ca092b3099f53a2e37 regards, Nikos