summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeroen Roovers <jer@gentoo.org>2020-08-31 10:35:47 +0200
committerJeroen Roovers <jer@gentoo.org>2020-08-31 10:39:58 +0200
commit6fbce4846282a2d77a9a8094e3d2fcd7176afcd6 (patch)
tree7f5b3c7e50f443aa02646adcddbee49794fe3505
parentsys-libs/glibc: Add rv32 backport (diff)
downloadgentoo-6fbce4846282a2d77a9a8094e3d2fcd7176afcd6.tar.gz
gentoo-6fbce4846282a2d77a9a8094e3d2fcd7176afcd6.tar.bz2
gentoo-6fbce4846282a2d77a9a8094e3d2fcd7176afcd6.zip
net-misc/chrony: Disable non-default seccomp filter option
With `-F 1' chronyd sets up a syscall filter and has itself killed when a "forbidden" syscall is made. Since we cannot control that (as explained in the chronyd(8) manual) we should disable the filter by default. Package-Manager: Portage-3.0.4, Repoman-3.0.1 Bug: https://bugs.gentoo.org/739714 Signed-off-by: Jeroen Roovers <jer@gentoo.org>
-rw-r--r--net-misc/chrony/chrony-3.5.1-r1.ebuild11
-rw-r--r--net-misc/chrony/chrony-4.0_pre3.ebuild11
-rw-r--r--net-misc/chrony/chrony-9999.ebuild11
-rw-r--r--net-misc/chrony/files/chronyd.conf-r12
4 files changed, 19 insertions, 16 deletions
diff --git a/net-misc/chrony/chrony-3.5.1-r1.ebuild b/net-misc/chrony/chrony-3.5.1-r1.ebuild
index f112b3307064..f0c66705c223 100644
--- a/net-misc/chrony/chrony-3.5.1-r1.ebuild
+++ b/net-misc/chrony/chrony-3.5.1-r1.ebuild
@@ -67,13 +67,14 @@ src_prepare() {
-e 's|pkg-config|${PKG_CONFIG}|g' \
configure || die
- # Copy for potential user fixup
- cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf
- cp examples/chronyd.service "${T}"/chronyd.service
+ sed \
+ -e 's/-F 1/-F 0/' \
+ examples/chronyd.service > "${T}"/chronyd.service || die
+
+ cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf || die
}
src_configure() {
- # Set config for privdrop
if ! use caps; then
sed -i \
-e 's/-u ntp//' \
@@ -82,7 +83,7 @@ src_configure() {
if ! use seccomp; then
sed -i \
- -e 's/-F 1//' \
+ -e 's/-F 0//' \
"${T}"/chronyd.conf "${T}"/chronyd.service || die
fi
diff --git a/net-misc/chrony/chrony-4.0_pre3.ebuild b/net-misc/chrony/chrony-4.0_pre3.ebuild
index f08fcf89f2e4..e8f5a46d753f 100644
--- a/net-misc/chrony/chrony-4.0_pre3.ebuild
+++ b/net-misc/chrony/chrony-4.0_pre3.ebuild
@@ -67,13 +67,14 @@ src_prepare() {
-e 's|pkg-config|${PKG_CONFIG}|g' \
configure || die
- # Copy for potential user fixup
- cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf
- cp examples/chronyd.service "${T}"/chronyd.service
+ sed \
+ -e 's/-F 1/-F 0/' \
+ examples/chronyd.service > "${T}"/chronyd.service || die
+
+ cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf || die
}
src_configure() {
- # Set config for privdrop
if ! use caps; then
sed -i \
-e 's/-u ntp//' \
@@ -82,7 +83,7 @@ src_configure() {
if ! use seccomp; then
sed -i \
- -e 's/-F 1//' \
+ -e 's/-F 0//' \
"${T}"/chronyd.conf "${T}"/chronyd.service || die
fi
diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-9999.ebuild
index f08fcf89f2e4..e8f5a46d753f 100644
--- a/net-misc/chrony/chrony-9999.ebuild
+++ b/net-misc/chrony/chrony-9999.ebuild
@@ -67,13 +67,14 @@ src_prepare() {
-e 's|pkg-config|${PKG_CONFIG}|g' \
configure || die
- # Copy for potential user fixup
- cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf
- cp examples/chronyd.service "${T}"/chronyd.service
+ sed \
+ -e 's/-F 1/-F 0/' \
+ examples/chronyd.service > "${T}"/chronyd.service || die
+
+ cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf || die
}
src_configure() {
- # Set config for privdrop
if ! use caps; then
sed -i \
-e 's/-u ntp//' \
@@ -82,7 +83,7 @@ src_configure() {
if ! use seccomp; then
sed -i \
- -e 's/-F 1//' \
+ -e 's/-F 0//' \
"${T}"/chronyd.conf "${T}"/chronyd.service || die
fi
diff --git a/net-misc/chrony/files/chronyd.conf-r1 b/net-misc/chrony/files/chronyd.conf-r1
index c04f3525f0b7..2783f29e6844 100644
--- a/net-misc/chrony/files/chronyd.conf-r1
+++ b/net-misc/chrony/files/chronyd.conf-r1
@@ -9,4 +9,4 @@ CFGFILE="/etc/chrony/chrony.conf"
# The combination of "-s -r" allows chronyd to perform long term averaging of
# the gain or loss rate across system reboots and shutdowns.
-ARGS="-u ntp -F 1"
+ARGS="-u ntp -F 0"