From dfd67f83ea7b274a3df95328b8517d5d4fb01205 Mon Sep 17 00:00:00 2001 From: Harlan Stenn Date: Wed, 27 Aug 2014 04:53:42 +0000 Subject: [PATCH] [Bug 2536] ntpd sandboxing support (libseccomp2) cleanup bk: 53fd645608prlInT3b7w4PBng230fQ --- ChangeLog | 1 + ntpd/ntpd.c | 13 ++++++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9a13dc786..7655f3a0f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,4 @@ +* [Bug 2536] ntpd sandboxing support (libseccomp2) cleanup. (4.2.7p465) 2014/08/23 Released by Harlan Stenn * [Bug 2538] NTP programs print exit code in help/usage text. * [Bug 2595] Man page quirks: ntpdate references in ntpd. diff --git a/ntpd/ntpd.c b/ntpd/ntpd.c index 25386146d..137e12879 100644 --- a/ntpd/ntpd.c +++ b/ntpd/ntpd.c @@ -1008,8 +1008,12 @@ getgroup: /* libssecomp sandboxing */ #if defined (LIBSECCOMP) scmp_filter_ctx ctx; + if ((ctx = seccomp_init(SCMP_ACT_KILL)) < 0) - msyslog(LOG_ERR, "%s:libseccomp activation failed", __func__); + msyslog(LOG_ERR, "%s: seccomp_init(SCMP_ACT_KILL) failed: %m", __func__); + else { + DPRINTF(1, ("%s: seccomp_init(SCMP_ACT_KILL) succeeded\n", __func__)); + } #ifdef __x86_64__ int scmp_sc[] = { @@ -1091,15 +1095,18 @@ int scmp_sc[] = { if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, scmp_sc[i], 0) < 0) { msyslog(LOG_ERR, - "%s:libseccomp rule failed: %m", + "%s: seccomp_rule_add() failed: %m", __func__); } } } if (seccomp_load(ctx) < 0) - msyslog(LOG_ERR, "%s:libseccomp unable to load filter: %m", + msyslog(LOG_ERR, "%s: seccomp_load() failed: %m", __func__); + else { + DPRINTF(1, ("%s: libseccomp filter loaded.\n", __func__)); + } #endif /* LIBSECCOMP */ # ifdef HAVE_IO_COMPLETION_PORT -- 2.47.3