[Git][NTPsec/ntpsec][master] seccomp now crashes if it doesn't work
Hal Murray
gitlab at mg.gitlab.com
Tue May 16 06:43:04 UTC 2017
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
dd6bc0e6 by Hal Murray at 2017-05-15T23:32:17-07:00
seccomp now crashes if it doesn't work
Removed most of the progress logging.
There should now be only one message, either fatal and exit
or "seccomp enabled" to say it worked.
- - - - -
1 changed file:
- ntpd/ntp_sandbox.c
Changes:
=====================================
ntpd/ntp_sandbox.c
=====================================
--- a/ntpd/ntp_sandbox.c
+++ b/ntpd/ntp_sandbox.c
@@ -280,10 +280,8 @@ getgroup:
if (NULL == ctx) {
msyslog(LOG_ERR, "sandbox: seccomp_init() failed: %m");
- return nonroot;
+ exit (1);
}
- else
- msyslog(LOG_DEBUG, "sandbox: seccomp_init() succeeded");
int scmp_sc[] = {
SCMP_SYS(adjtimex),
@@ -406,14 +404,17 @@ int scmp_sc[] = {
SCMP_ACT_ALLOW, scmp_sc[i], 0) < 0) {
msyslog(LOG_ERR,
"sandbox: seccomp_rule_add() failed: %m");
+ exit(1);
}
}
}
- if (seccomp_load(ctx) < 0)
- msyslog(LOG_ERR, "sandbox: seccomp_load() failed: %m");
+ if (seccomp_load(ctx) < 0) {
+ msyslog(LOG_ERR, "sandbox: seccomp_load() failed: %m");
+ exit(1);
+ }
else {
- msyslog(LOG_DEBUG, "sandbox: seccomp_load() succeeded");
+ msyslog(LOG_NOTICE, "sandbox: seccomp enabled.");
}
#endif /* HAVE_SECCOMP_H */
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/dd6bc0e6d1c8687ec9588151d9e676720f95a3ac
---
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/dd6bc0e6d1c8687ec9588151d9e676720f95a3ac
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20170516/968dc47c/attachment.html>
More information about the vc
mailing list