From: "Jeroen Roovers" <jer@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/
Date: Mon, 31 Aug 2020 08:40:00 +0000 (UTC) [thread overview]
Message-ID: <1598863198.6fbce4846282a2d77a9a8094e3d2fcd7176afcd6.jer@gentoo> (raw)
commit: 6fbce4846282a2d77a9a8094e3d2fcd7176afcd6
Author: Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 31 08:35:47 2020 +0000
Commit: Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Mon Aug 31 08:39:58 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6fbce484
net-misc/chrony: Disable non-default seccomp filter option
With `-F 1' chronyd sets up a syscall filter and has itself killed when
a "forbidden" syscall is made. Since we cannot control that (as
explained in the chronyd(8) manual) we should disable the filter by
default.
Package-Manager: Portage-3.0.4, Repoman-3.0.1
Bug: https://bugs.gentoo.org/739714
Signed-off-by: Jeroen Roovers <jer <AT> gentoo.org>
net-misc/chrony/chrony-3.5.1-r1.ebuild | 11 ++++++-----
net-misc/chrony/chrony-4.0_pre3.ebuild | 11 ++++++-----
net-misc/chrony/chrony-9999.ebuild | 11 ++++++-----
net-misc/chrony/files/chronyd.conf-r1 | 2 +-
4 files changed, 19 insertions(+), 16 deletions(-)
diff --git a/net-misc/chrony/chrony-3.5.1-r1.ebuild b/net-misc/chrony/chrony-3.5.1-r1.ebuild
index f112b330706..f0c66705c22 100644
--- a/net-misc/chrony/chrony-3.5.1-r1.ebuild
+++ b/net-misc/chrony/chrony-3.5.1-r1.ebuild
@@ -67,13 +67,14 @@ src_prepare() {
-e 's|pkg-config|${PKG_CONFIG}|g' \
configure || die
- # Copy for potential user fixup
- cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf
- cp examples/chronyd.service "${T}"/chronyd.service
+ sed \
+ -e 's/-F 1/-F 0/' \
+ examples/chronyd.service > "${T}"/chronyd.service || die
+
+ cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf || die
}
src_configure() {
- # Set config for privdrop
if ! use caps; then
sed -i \
-e 's/-u ntp//' \
@@ -82,7 +83,7 @@ src_configure() {
if ! use seccomp; then
sed -i \
- -e 's/-F 1//' \
+ -e 's/-F 0//' \
"${T}"/chronyd.conf "${T}"/chronyd.service || die
fi
diff --git a/net-misc/chrony/chrony-4.0_pre3.ebuild b/net-misc/chrony/chrony-4.0_pre3.ebuild
index f08fcf89f2e..e8f5a46d753 100644
--- a/net-misc/chrony/chrony-4.0_pre3.ebuild
+++ b/net-misc/chrony/chrony-4.0_pre3.ebuild
@@ -67,13 +67,14 @@ src_prepare() {
-e 's|pkg-config|${PKG_CONFIG}|g' \
configure || die
- # Copy for potential user fixup
- cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf
- cp examples/chronyd.service "${T}"/chronyd.service
+ sed \
+ -e 's/-F 1/-F 0/' \
+ examples/chronyd.service > "${T}"/chronyd.service || die
+
+ cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf || die
}
src_configure() {
- # Set config for privdrop
if ! use caps; then
sed -i \
-e 's/-u ntp//' \
@@ -82,7 +83,7 @@ src_configure() {
if ! use seccomp; then
sed -i \
- -e 's/-F 1//' \
+ -e 's/-F 0//' \
"${T}"/chronyd.conf "${T}"/chronyd.service || die
fi
diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-9999.ebuild
index f08fcf89f2e..e8f5a46d753 100644
--- a/net-misc/chrony/chrony-9999.ebuild
+++ b/net-misc/chrony/chrony-9999.ebuild
@@ -67,13 +67,14 @@ src_prepare() {
-e 's|pkg-config|${PKG_CONFIG}|g' \
configure || die
- # Copy for potential user fixup
- cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf
- cp examples/chronyd.service "${T}"/chronyd.service
+ sed \
+ -e 's/-F 1/-F 0/' \
+ examples/chronyd.service > "${T}"/chronyd.service || die
+
+ cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf || die
}
src_configure() {
- # Set config for privdrop
if ! use caps; then
sed -i \
-e 's/-u ntp//' \
@@ -82,7 +83,7 @@ src_configure() {
if ! use seccomp; then
sed -i \
- -e 's/-F 1//' \
+ -e 's/-F 0//' \
"${T}"/chronyd.conf "${T}"/chronyd.service || die
fi
diff --git a/net-misc/chrony/files/chronyd.conf-r1 b/net-misc/chrony/files/chronyd.conf-r1
index c04f3525f0b..2783f29e684 100644
--- a/net-misc/chrony/files/chronyd.conf-r1
+++ b/net-misc/chrony/files/chronyd.conf-r1
@@ -9,4 +9,4 @@ CFGFILE="/etc/chrony/chrony.conf"
# The combination of "-s -r" allows chronyd to perform long term averaging of
# the gain or loss rate across system reboots and shutdowns.
-ARGS="-u ntp -F 1"
+ARGS="-u ntp -F 0"
next reply other threads:[~2020-08-31 8:40 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-31 8:40 Jeroen Roovers [this message]
-- strict thread matches above, loose matches on Subject: below --
2023-11-25 6:36 [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/ Sam James
2022-04-17 16:44 Sam James
2022-02-18 0:47 Sam James
2021-11-14 8:49 Sam James
2021-09-04 17:35 David Seifert
2021-05-13 16:15 Sam James
2020-12-20 6:29 Sam James
2020-09-02 15:51 Jeroen Roovers
2020-09-02 15:51 Jeroen Roovers
2020-05-02 10:43 Thomas Deutschmann
2020-03-30 18:36 Thomas Deutschmann
2019-05-15 10:07 Jeroen Roovers
2019-05-15 10:07 Jeroen Roovers
2018-09-04 9:32 Jeroen Roovers
2018-03-31 10:55 Jeroen Roovers
2016-06-06 7:25 Tobias Klausmann
2016-05-29 16:25 Tobias Klausmann
2016-01-22 4:44 Jeroen Roovers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1598863198.6fbce4846282a2d77a9a8094e3d2fcd7176afcd6.jer@gentoo \
--to=jer@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox