[Bug 2536] ntpd sandboxing support (libseccomp2) cleanup

bk: 53fd645608prlInT3b7w4PBng230fQ

diff --git a/ChangeLog b/ChangeLog
index 9a13dc786c09a77e9eeb94a7557c8436569c13e9..7655f3a0f3c14df82ba29016408997b37eeaefe0 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,4 @@
+* [Bug 2536] ntpd sandboxing support (libseccomp2) cleanup.
 (4.2.7p465) 2014/08/23 Released by Harlan Stenn <stenn@ntp.org>
 * [Bug 2538] NTP programs print exit code in help/usage text.
 * [Bug 2595] Man page quirks: ntpdate references in ntpd.

diff --git a/ntpd/ntpd.c b/ntpd/ntpd.c
index 25386146d25bedc12ab3818f01bb4660d20d5667..137e128797a7e56b29d2e15289ea4dbeca37f848 100644 (file)
--- a/ntpd/ntpd.c
+++ b/ntpd/ntpd.c
@@ -1008,8 +1008,12 @@ getgroup:
 /* libssecomp sandboxing */
 #if defined (LIBSECCOMP)
        scmp_filter_ctx ctx;
+
        if ((ctx = seccomp_init(SCMP_ACT_KILL)) < 0)
-               msyslog(LOG_ERR, "%s:libseccomp activation failed", __func__);
+               msyslog(LOG_ERR, "%s: seccomp_init(SCMP_ACT_KILL) failed: %m", __func__);
+       else {
+               DPRINTF(1, ("%s: seccomp_init(SCMP_ACT_KILL) succeeded\n", __func__));
+       }
 
 #ifdef __x86_64__
 int scmp_sc[] = {
@@ -1091,15 +1095,18 @@ int scmp_sc[] = {
                        if (seccomp_rule_add(ctx,
                            SCMP_ACT_ALLOW, scmp_sc[i], 0) < 0) {
                                msyslog(LOG_ERR,
-                                   "%s:libseccomp rule failed: %m",
+                                   "%s: seccomp_rule_add() failed: %m",
                                    __func__);
                        }
                }
        }
 
        if (seccomp_load(ctx) < 0)
-               msyslog(LOG_ERR, "%s:libseccomp unable to load filter: %m",
+               msyslog(LOG_ERR, "%s: seccomp_load() failed: %m",
                    __func__);  
+       else {
+               DPRINTF(1, ("%s: libseccomp filter loaded.\n", __func__));
+       }
 #endif /* LIBSECCOMP */
 
 # ifdef HAVE_IO_COMPLETION_PORT