[Bug 2536] ntpd sandboxing support (libseccomp2) cleanup

bk: 5343a803Yy7d7TnczMGumCa2KbD0OA

diff --git a/ChangeLog b/ChangeLog
index 9645f4d9671f06847c9a14048a57c5abb79e4b80..5bb13ae9f369cd8a902934cec3e05a1384282613 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,4 @@
+* [Bug 2536] ntpd sandboxing support (libseccomp2) cleanup.
 (4.2.7p439) 2014/04/03 Released by Harlan Stenn <stenn@ntp.org>
 * [Bug 2589] fix VS2009 compile problem.
 (4.2.7p438) 2014/04/01 Released by Harlan Stenn <stenn@ntp.org>

diff --git a/ntpd/ntpd.c b/ntpd/ntpd.c
index 8aedff47974162ae6a17ed2e6ec80aad67d2678c..25386146d25bedc12ab3818f01bb4660d20d5667 100644 (file)
--- a/ntpd/ntpd.c
+++ b/ntpd/ntpd.c
@@ -1013,74 +1013,75 @@ getgroup:
 
 #ifdef __x86_64__
 int scmp_sc[] = {
-       SCMP_SYS(open),
+       SCMP_SYS(adjtimex),
+       SCMP_SYS(bind),
+       SCMP_SYS(brk),
+       SCMP_SYS(chdir),
        SCMP_SYS(clock_gettime),
-       SCMP_SYS(time),
-       SCMP_SYS(read),
-       SCMP_SYS(write),
+       SCMP_SYS(clock_settime),
        SCMP_SYS(close),
-       SCMP_SYS(brk),
-       SCMP_SYS(poll),
-       SCMP_SYS(select),
-       SCMP_SYS(madvise),
-       SCMP_SYS(mmap),
-       SCMP_SYS(munmap),
+       SCMP_SYS(connect),
        SCMP_SYS(exit_group),
-       SCMP_SYS(rt_sigprocmask),
-       SCMP_SYS(ioctl),
+       SCMP_SYS(fstat),
+       SCMP_SYS(fsync),
+       SCMP_SYS(futex),
+       SCMP_SYS(getitimer),
        SCMP_SYS(getsockname),
+       SCMP_SYS(ioctl),
        SCMP_SYS(lseek),
-       SCMP_SYS(fstat),
+       SCMP_SYS(madvise),
+       SCMP_SYS(mmap),
+       SCMP_SYS(munmap),
+       SCMP_SYS(open),
+       SCMP_SYS(poll),
+       SCMP_SYS(read),
        SCMP_SYS(recvmsg),
-       SCMP_SYS(sendto),
-       SCMP_SYS(connect),
+       SCMP_SYS(rename),
        SCMP_SYS(rt_sigaction),
-       SCMP_SYS(socket),
-       SCMP_SYS(fsync),
+       SCMP_SYS(rt_sigprocmask),
        SCMP_SYS(rt_sigreturn),
+       SCMP_SYS(select),
+       SCMP_SYS(sendto),
+       SCMP_SYS(setitimer),
        SCMP_SYS(setsid),
-       SCMP_SYS(chdir),
-       SCMP_SYS(futex),
+       SCMP_SYS(socket),
        SCMP_SYS(stat),
-       SCMP_SYS(clock_settime),
-       SCMP_SYS(getitimer),
-       SCMP_SYS(adjtimex),
-       SCMP_SYS(setitimer),
-       SCMP_SYS(rename)
+       SCMP_SYS(time),
+       SCMP_SYS(write),
 };
 #endif
 #ifdef __i386__
 int scmp_sc[] = {
-       SCMP_SYS(open),
+       SCMP_SYS(_newselect),
+       SCMP_SYS(adjtimex),
+       SCMP_SYS(brk),
+       SCMP_SYS(chdir),
        SCMP_SYS(clock_gettime),
-       SCMP_SYS(time),
-       SCMP_SYS(read),
-       SCMP_SYS(write),
+       SCMP_SYS(clock_settime),
        SCMP_SYS(close),
-       SCMP_SYS(brk),
-       SCMP_SYS(poll),
-       SCMP_SYS(_newselect),
-       SCMP_SYS(select),
+       SCMP_SYS(exit_group),
+       SCMP_SYS(fsync),
+       SCMP_SYS(futex),
+       SCMP_SYS(getitimer),
        SCMP_SYS(madvise),
-       SCMP_SYS(mmap2),
        SCMP_SYS(mmap),
+       SCMP_SYS(mmap2),
        SCMP_SYS(munmap),
-       SCMP_SYS(exit_group),
+       SCMP_SYS(open),
+       SCMP_SYS(poll),
+       SCMP_SYS(read),
+       SCMP_SYS(rename),
+       SCMP_SYS(rt_sigaction),
        SCMP_SYS(rt_sigprocmask),
+       SCMP_SYS(select),
+       SCMP_SYS(setitimer),
+       SCMP_SYS(setsid),
        SCMP_SYS(sigprocmask),
-       SCMP_SYS(rt_sigaction),
-       SCMP_SYS(socketcall),
-       SCMP_SYS(fsync),
        SCMP_SYS(sigreturn),
-       SCMP_SYS(setsid),
-       SCMP_SYS(chdir),
-       SCMP_SYS(futex),
+       SCMP_SYS(socketcall),
        SCMP_SYS(stat64),
-       SCMP_SYS(clock_settime),
-       SCMP_SYS(getitimer),
-       SCMP_SYS(adjtimex),
-       SCMP_SYS(setitimer),
-       SCMP_SYS(rename)
+       SCMP_SYS(time),
+       SCMP_SYS(write),
 };
 #endif
        {