From: Harlan Stenn <stenn@ntp.org>
Date: Tue, 8 Apr 2014 07:40:51 +0000 (+0000)
Subject: [Bug 2536] ntpd sandboxing support (libseccomp2) cleanup
X-Git-Tag: NTP_4_2_7P440~1^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=601ff0d1591b8a2705ce89f909ec9166f14a199f;p=thirdparty%2Fntp.git

[Bug 2536] ntpd sandboxing support (libseccomp2) cleanup

bk: 5343a803Yy7d7TnczMGumCa2KbD0OA
---

diff --git a/ChangeLog b/ChangeLog
index 9645f4d96..5bb13ae9f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,4 @@
+* [Bug 2536] ntpd sandboxing support (libseccomp2) cleanup.
 (4.2.7p439) 2014/04/03 Released by Harlan Stenn <stenn@ntp.org>
 * [Bug 2589] fix VS2009 compile problem.
 (4.2.7p438) 2014/04/01 Released by Harlan Stenn <stenn@ntp.org>
diff --git a/ntpd/ntpd.c b/ntpd/ntpd.c
index 8aedff479..25386146d 100644
--- a/ntpd/ntpd.c
+++ b/ntpd/ntpd.c
@@ -1013,74 +1013,75 @@ getgroup:
 
 #ifdef __x86_64__
 int scmp_sc[] = {
-	SCMP_SYS(open),
+	SCMP_SYS(adjtimex),
+	SCMP_SYS(bind),
+	SCMP_SYS(brk),
+	SCMP_SYS(chdir),
 	SCMP_SYS(clock_gettime),
-	SCMP_SYS(time),
-	SCMP_SYS(read),
-	SCMP_SYS(write),
+	SCMP_SYS(clock_settime),
 	SCMP_SYS(close),
-	SCMP_SYS(brk),
-	SCMP_SYS(poll),
-	SCMP_SYS(select),
-	SCMP_SYS(madvise),
-	SCMP_SYS(mmap),
-	SCMP_SYS(munmap),
+	SCMP_SYS(connect),
 	SCMP_SYS(exit_group),
-	SCMP_SYS(rt_sigprocmask),
-	SCMP_SYS(ioctl),
+	SCMP_SYS(fstat),
+	SCMP_SYS(fsync),
+	SCMP_SYS(futex),
+	SCMP_SYS(getitimer),
 	SCMP_SYS(getsockname),
+	SCMP_SYS(ioctl),
 	SCMP_SYS(lseek),
-	SCMP_SYS(fstat),
+	SCMP_SYS(madvise),
+	SCMP_SYS(mmap),
+	SCMP_SYS(munmap),
+	SCMP_SYS(open),
+	SCMP_SYS(poll),
+	SCMP_SYS(read),
 	SCMP_SYS(recvmsg),
-	SCMP_SYS(sendto),
-	SCMP_SYS(connect),
+	SCMP_SYS(rename),
 	SCMP_SYS(rt_sigaction),
-	SCMP_SYS(socket),
-	SCMP_SYS(fsync),
+	SCMP_SYS(rt_sigprocmask),
 	SCMP_SYS(rt_sigreturn),
+	SCMP_SYS(select),
+	SCMP_SYS(sendto),
+	SCMP_SYS(setitimer),
 	SCMP_SYS(setsid),
-	SCMP_SYS(chdir),
-	SCMP_SYS(futex),
+	SCMP_SYS(socket),
 	SCMP_SYS(stat),
-	SCMP_SYS(clock_settime),
-	SCMP_SYS(getitimer),
-	SCMP_SYS(adjtimex),
-	SCMP_SYS(setitimer),
-	SCMP_SYS(rename)
+	SCMP_SYS(time),
+	SCMP_SYS(write),
 };
 #endif
 #ifdef __i386__
 int scmp_sc[] = {
-	SCMP_SYS(open),
+	SCMP_SYS(_newselect),
+	SCMP_SYS(adjtimex),
+	SCMP_SYS(brk),
+	SCMP_SYS(chdir),
 	SCMP_SYS(clock_gettime),
-	SCMP_SYS(time),
-	SCMP_SYS(read),
-	SCMP_SYS(write),
+	SCMP_SYS(clock_settime),
 	SCMP_SYS(close),
-	SCMP_SYS(brk),
-	SCMP_SYS(poll),
-	SCMP_SYS(_newselect),
-	SCMP_SYS(select),
+	SCMP_SYS(exit_group),
+	SCMP_SYS(fsync),
+	SCMP_SYS(futex),
+	SCMP_SYS(getitimer),
 	SCMP_SYS(madvise),
-	SCMP_SYS(mmap2),
 	SCMP_SYS(mmap),
+	SCMP_SYS(mmap2),
 	SCMP_SYS(munmap),
-	SCMP_SYS(exit_group),
+	SCMP_SYS(open),
+	SCMP_SYS(poll),
+	SCMP_SYS(read),
+	SCMP_SYS(rename),
+	SCMP_SYS(rt_sigaction),
 	SCMP_SYS(rt_sigprocmask),
+	SCMP_SYS(select),
+	SCMP_SYS(setitimer),
+	SCMP_SYS(setsid),
 	SCMP_SYS(sigprocmask),
-	SCMP_SYS(rt_sigaction),
-	SCMP_SYS(socketcall),
-	SCMP_SYS(fsync),
 	SCMP_SYS(sigreturn),
-	SCMP_SYS(setsid),
-	SCMP_SYS(chdir),
-	SCMP_SYS(futex),
+	SCMP_SYS(socketcall),
 	SCMP_SYS(stat64),
-	SCMP_SYS(clock_settime),
-	SCMP_SYS(getitimer),
-	SCMP_SYS(adjtimex),
-	SCMP_SYS(setitimer),
-	SCMP_SYS(rename)
+	SCMP_SYS(time),
+	SCMP_SYS(write),
 };
 #endif
 	{