Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 620936 - net-misc/chrony - Add USE=seccomp
Summary: net-misc/chrony - Add USE=seccomp
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Jeroen Roovers (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-06-05 16:25 UTC by Mira Ressel
Modified: 2017-06-05 18:46 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
net-misc/chrony-3.1.ebuild: Add "seccomp" USE flag (0001-net-misc-chrony-Add-seccomp-USE-flag.patch,1.07 KB, patch)
2017-06-05 16:25 UTC, Mira Ressel 		Details | Diff
net-misc/chrony-3.1.ebuild: Add "seccomp" USE flag, v2 (0001-net-misc-chrony-Add-seccomp-USE-flag.patch,1.26 KB, patch)
2017-06-05 18:46 UTC, Mira Ressel 		Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mira Ressel 2017-06-05 16:25:06 UTC 
Created attachment 475274 [details, diff]
net-misc/chrony-3.1.ebuild: Add "seccomp" USE flag

The attached patch adds a "seccomp" USE flag to the chrony ebuild; if it's enabled, "--enable-scfilter" is passed to configure.

The seccomp sandbox only becomes active if chronyd is started with the flag "-F 1", so this change is safe for existing systems.
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2017-06-05 18:32:26 UTC 
Comment on attachment 475274 [details, diff]
net-misc/chrony-3.1.ebuild: Add "seccomp" USE flag

That's not enough. It needs sys-libs/libseccomp to pass the configure test and compile.
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2017-06-05 18:43:25 UTC 
Added in 3.1-r1. Thanks.
Comment 3 Mira Ressel 2017-06-05 18:46:57 UTC 
Created attachment 475292 [details, diff]
net-misc/chrony-3.1.ebuild: Add "seccomp" USE flag, v2

> That's not enough. It needs sys-libs/libseccomp to pass the configure test
> and compile.

Oh, of course. Thanks for the catch, and sorry for the sloppiness.