# a time and the async resolver would block the main thread
priv_ops="NAME2IPADDRESS RELOADDNS"
EXTRA_LIBS="$EXTRA_LIBS -lseccomp"
+ EXTRA_OBJECTS="$EXTRA_OBJECTS sys_linux_scmp.o"
fi
if [ "x$priv_ops" != "x" ]; then
#ifdef FEAT_SCFILTER
#include <sys/prctl.h>
#include <seccomp.h>
-#include <linux/termios.h>
+#include <termios.h>
#ifdef FEAT_PPS
#include <linux/pps.h>
#endif
#endif
#include "sys_linux.h"
+#include "sys_linux_scmp.h"
#include "sys_timex.h"
#include "conf.h"
#include "local.h"
const static int fcntls[] = { F_GETFD, F_SETFD, F_GETFL, F_SETFL };
const static unsigned long ioctls[] = {
- FIONREAD, TCGETS, TCGETS2, TIOCGWINSZ,
+ FIONREAD, TCGETS, TIOCGWINSZ,
#if defined(FEAT_PHC) || defined(HAVE_LINUX_TIMESTAMPING)
PTP_EXTTS_REQUEST, PTP_SYS_OFFSET,
#ifdef PTP_PIN_SETFUNC
SCMP_A1(SCMP_CMP_EQ, ioctls[i])) < 0)
goto add_failed;
}
+
+ /* Allow selected ioctls that need to be specified in a separate
+ file to avoid conflicting headers (e.g. TCGETS2) */
+ for (i = 0; SYS_Linux_GetExtraScmpIoctl(i) != 0; i++) {
+ if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl), 1,
+ SCMP_A1(SCMP_CMP_EQ, SYS_Linux_GetExtraScmpIoctl(i))) < 0)
+ goto add_failed;
+ }
}
if (seccomp_load(ctx) < 0)
--- /dev/null
+/*
+ chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar 2025
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ **********************************************************************
+
+ =======================================================================
+
+ Lists of values that are needed in seccomp filters but need to
+ be compiled separately from sys_linux.c due to conflicting headers.
+ */
+
+#include <linux/termios.h>
+
+#include "sys_linux_scmp.h"
+
+unsigned long
+SYS_Linux_GetExtraScmpIoctl(int index)
+{
+ const unsigned long ioctls[] = {
+#ifdef TCGETS2
+ /* Conflict between <linux/termios.h> and <sys/ioctl.h> */
+ TCGETS2,
+#endif
+ 0
+ };
+
+ return ioctls[index];
+}
--- /dev/null
+/*
+ chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar 2025
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ **********************************************************************
+
+ =======================================================================
+
+ Header file for lists that are needed in seccomp filters but need to
+ be compiled separately from sys_linux.c due to conflicting headers.
+ */
+
+extern unsigned long SYS_Linux_GetExtraScmpIoctl(int index);
projects / thirdparty / chrony.git / commitdiff
