CAM_OpenUnixSocket();
if (scfilter_level)
- SYS_EnableSystemCallFilter(scfilter_level);
+ SYS_EnableSystemCallFilter(scfilter_level, SYS_MAIN_PROCESS);
if (ref_mode == REF_ModeNormal && CNF_GetInitSources() > 0) {
ref_mode = REF_ModeInitStepSlew;
/* ================================================== */
-void SYS_EnableSystemCallFilter(int level)
+void SYS_EnableSystemCallFilter(int level, SYS_SystemCallContext context)
{
#if defined(LINUX) && defined(FEAT_SCFILTER)
- SYS_Linux_EnableSystemCallFilter(level);
+ SYS_Linux_EnableSystemCallFilter(level, context);
#else
LOG_FATAL("system call filter not supported");
#endif
/* Drop root privileges to the specified user and group */
extern void SYS_DropRoot(uid_t uid, gid_t gid);
+typedef enum {
+ SYS_MAIN_PROCESS,
+} SYS_SystemCallContext;
+
/* Enable a system call filter to allow only system calls
which chronyd normally needs after initialization */
-extern void SYS_EnableSystemCallFilter(int level);
+extern void SYS_EnableSystemCallFilter(int level, SYS_SystemCallContext context);
extern void SYS_SetScheduler(int SchedPriority);
extern void SYS_LockMemory(void);
/* ================================================== */
void
-SYS_Linux_EnableSystemCallFilter(int level)
+SYS_Linux_EnableSystemCallFilter(int level, SYS_SystemCallContext context)
{
const int syscalls[] = {
/* Clock */
#ifndef GOT_SYS_LINUX_H
#define GOT_SYS_LINUX_H
+#include "sys.h"
+
extern void SYS_Linux_Initialise(void);
extern void SYS_Linux_Finalise(void);
extern void SYS_Linux_DropRoot(uid_t uid, gid_t gid, int clock_control);
-extern void SYS_Linux_EnableSystemCallFilter(int level);
+extern void SYS_Linux_EnableSystemCallFilter(int level, SYS_SystemCallContext context);
extern int SYS_Linux_CheckKernelVersion(int req_major, int req_minor);
projects / thirdparty / chrony.git / commitdiff
