From 6fbce4846282a2d77a9a8094e3d2fcd7176afcd6 Mon Sep 17 00:00:00 2001 From: Jeroen Roovers Date: Mon, 31 Aug 2020 10:35:47 +0200 Subject: net-misc/chrony: Disable non-default seccomp filter option With `-F 1' chronyd sets up a syscall filter and has itself killed when a "forbidden" syscall is made. Since we cannot control that (as explained in the chronyd(8) manual) we should disable the filter by default. Package-Manager: Portage-3.0.4, Repoman-3.0.1 Bug: https://bugs.gentoo.org/739714 Signed-off-by: Jeroen Roovers --- net-misc/chrony/chrony-3.5.1-r1.ebuild | 11 ++++++----- net-misc/chrony/chrony-4.0_pre3.ebuild | 11 ++++++----- net-misc/chrony/chrony-9999.ebuild | 11 ++++++----- net-misc/chrony/files/chronyd.conf-r1 | 2 +- 4 files changed, 19 insertions(+), 16 deletions(-) (limited to 'net-misc') diff --git a/net-misc/chrony/chrony-3.5.1-r1.ebuild b/net-misc/chrony/chrony-3.5.1-r1.ebuild index f112b3307064..f0c66705c223 100644 --- a/net-misc/chrony/chrony-3.5.1-r1.ebuild +++ b/net-misc/chrony/chrony-3.5.1-r1.ebuild @@ -67,13 +67,14 @@ src_prepare() { -e 's|pkg-config|${PKG_CONFIG}|g' \ configure || die - # Copy for potential user fixup - cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf - cp examples/chronyd.service "${T}"/chronyd.service + sed \ + -e 's/-F 1/-F 0/' \ + examples/chronyd.service > "${T}"/chronyd.service || die + + cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf || die } src_configure() { - # Set config for privdrop if ! use caps; then sed -i \ -e 's/-u ntp//' \ @@ -82,7 +83,7 @@ src_configure() { if ! use seccomp; then sed -i \ - -e 's/-F 1//' \ + -e 's/-F 0//' \ "${T}"/chronyd.conf "${T}"/chronyd.service || die fi diff --git a/net-misc/chrony/chrony-4.0_pre3.ebuild b/net-misc/chrony/chrony-4.0_pre3.ebuild index f08fcf89f2e4..e8f5a46d753f 100644 --- a/net-misc/chrony/chrony-4.0_pre3.ebuild +++ b/net-misc/chrony/chrony-4.0_pre3.ebuild @@ -67,13 +67,14 @@ src_prepare() { -e 's|pkg-config|${PKG_CONFIG}|g' \ configure || die - # Copy for potential user fixup - cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf - cp examples/chronyd.service "${T}"/chronyd.service + sed \ + -e 's/-F 1/-F 0/' \ + examples/chronyd.service > "${T}"/chronyd.service || die + + cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf || die } src_configure() { - # Set config for privdrop if ! use caps; then sed -i \ -e 's/-u ntp//' \ @@ -82,7 +83,7 @@ src_configure() { if ! use seccomp; then sed -i \ - -e 's/-F 1//' \ + -e 's/-F 0//' \ "${T}"/chronyd.conf "${T}"/chronyd.service || die fi diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-9999.ebuild index f08fcf89f2e4..e8f5a46d753f 100644 --- a/net-misc/chrony/chrony-9999.ebuild +++ b/net-misc/chrony/chrony-9999.ebuild @@ -67,13 +67,14 @@ src_prepare() { -e 's|pkg-config|${PKG_CONFIG}|g' \ configure || die - # Copy for potential user fixup - cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf - cp examples/chronyd.service "${T}"/chronyd.service + sed \ + -e 's/-F 1/-F 0/' \ + examples/chronyd.service > "${T}"/chronyd.service || die + + cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf || die } src_configure() { - # Set config for privdrop if ! use caps; then sed -i \ -e 's/-u ntp//' \ @@ -82,7 +83,7 @@ src_configure() { if ! use seccomp; then sed -i \ - -e 's/-F 1//' \ + -e 's/-F 0//' \ "${T}"/chronyd.conf "${T}"/chronyd.service || die fi diff --git a/net-misc/chrony/files/chronyd.conf-r1 b/net-misc/chrony/files/chronyd.conf-r1 index c04f3525f0b7..2783f29e6844 100644 --- a/net-misc/chrony/files/chronyd.conf-r1 +++ b/net-misc/chrony/files/chronyd.conf-r1 @@ -9,4 +9,4 @@ CFGFILE="/etc/chrony/chrony.conf" # The combination of "-s -r" allows chronyd to perform long term averaging of # the gain or loss rate across system reboots and shutdowns. -ARGS="-u ntp -F 1" +ARGS="-u ntp -F 0" -- cgit v1.2.3-65-gdbad