commit: 6fbce4846282a2d77a9a8094e3d2fcd7176afcd6 Author: Jeroen Roovers <jer <AT> gentoo <DOT> org> AuthorDate: Mon Aug 31 08:35:47 2020 +0000 Commit: Jeroen Roovers <jer <AT> gentoo <DOT> org> CommitDate: Mon Aug 31 08:39:58 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6fbce484
net-misc/chrony: Disable non-default seccomp filter option With `-F 1' chronyd sets up a syscall filter and has itself killed when a "forbidden" syscall is made. Since we cannot control that (as explained in the chronyd(8) manual) we should disable the filter by default. Package-Manager: Portage-3.0.4, Repoman-3.0.1 Bug: https://bugs.gentoo.org/739714 Signed-off-by: Jeroen Roovers <jer <AT> gentoo.org> net-misc/chrony/chrony-3.5.1-r1.ebuild | 11 ++++++----- net-misc/chrony/chrony-4.0_pre3.ebuild | 11 ++++++----- net-misc/chrony/chrony-9999.ebuild | 11 ++++++----- net-misc/chrony/files/chronyd.conf-r1 | 2 +- 4 files changed, 19 insertions(+), 16 deletions(-) diff --git a/net-misc/chrony/chrony-3.5.1-r1.ebuild b/net-misc/chrony/chrony-3.5.1-r1.ebuild index f112b330706..f0c66705c22 100644 --- a/net-misc/chrony/chrony-3.5.1-r1.ebuild +++ b/net-misc/chrony/chrony-3.5.1-r1.ebuild @@ -67,13 +67,14 @@ src_prepare() { -e 's|pkg-config|${PKG_CONFIG}|g' \ configure || die - # Copy for potential user fixup - cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf - cp examples/chronyd.service "${T}"/chronyd.service + sed \ + -e 's/-F 1/-F 0/' \ + examples/chronyd.service > "${T}"/chronyd.service || die + + cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf || die } src_configure() { - # Set config for privdrop if ! use caps; then sed -i \ -e 's/-u ntp//' \ @@ -82,7 +83,7 @@ src_configure() { if ! use seccomp; then sed -i \ - -e 's/-F 1//' \ + -e 's/-F 0//' \ "${T}"/chronyd.conf "${T}"/chronyd.service || die fi diff --git a/net-misc/chrony/chrony-4.0_pre3.ebuild b/net-misc/chrony/chrony-4.0_pre3.ebuild index f08fcf89f2e..e8f5a46d753 100644 --- a/net-misc/chrony/chrony-4.0_pre3.ebuild +++ b/net-misc/chrony/chrony-4.0_pre3.ebuild @@ -67,13 +67,14 @@ src_prepare() { -e 's|pkg-config|${PKG_CONFIG}|g' \ configure || die - # Copy for potential user fixup - cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf - cp examples/chronyd.service "${T}"/chronyd.service + sed \ + -e 's/-F 1/-F 0/' \ + examples/chronyd.service > "${T}"/chronyd.service || die + + cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf || die } src_configure() { - # Set config for privdrop if ! use caps; then sed -i \ -e 's/-u ntp//' \ @@ -82,7 +83,7 @@ src_configure() { if ! use seccomp; then sed -i \ - -e 's/-F 1//' \ + -e 's/-F 0//' \ "${T}"/chronyd.conf "${T}"/chronyd.service || die fi diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-9999.ebuild index f08fcf89f2e..e8f5a46d753 100644 --- a/net-misc/chrony/chrony-9999.ebuild +++ b/net-misc/chrony/chrony-9999.ebuild @@ -67,13 +67,14 @@ src_prepare() { -e 's|pkg-config|${PKG_CONFIG}|g' \ configure || die - # Copy for potential user fixup - cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf - cp examples/chronyd.service "${T}"/chronyd.service + sed \ + -e 's/-F 1/-F 0/' \ + examples/chronyd.service > "${T}"/chronyd.service || die + + cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf || die } src_configure() { - # Set config for privdrop if ! use caps; then sed -i \ -e 's/-u ntp//' \ @@ -82,7 +83,7 @@ src_configure() { if ! use seccomp; then sed -i \ - -e 's/-F 1//' \ + -e 's/-F 0//' \ "${T}"/chronyd.conf "${T}"/chronyd.service || die fi diff --git a/net-misc/chrony/files/chronyd.conf-r1 b/net-misc/chrony/files/chronyd.conf-r1 index c04f3525f0b..2783f29e684 100644 --- a/net-misc/chrony/files/chronyd.conf-r1 +++ b/net-misc/chrony/files/chronyd.conf-r1 @@ -9,4 +9,4 @@ CFGFILE="/etc/chrony/chrony.conf" # The combination of "-s -r" allows chronyd to perform long term averaging of # the gain or loss rate across system reboots and shutdowns. -ARGS="-u ntp -F 1" +ARGS="-u ntp -F 0"
