rpms/chrony
7
0
Fork 0
Code Issues Pull Requests Releases Activity

enable seccomp filter by default

Browse Source 
Add -F 2 to default /etc/sysconfig/chronyd to enable a filter blocking a
small number of specific system calls. The filter is incompatible with
the mailonchange directive.
This commit is contained in:
Miroslav Lichvar 2021-05-13 16:39:42 +02:00
parent c6a8172473
commit eeffcafda9
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
chrony.spec
View File

@ -138,7 +138,7 @@ install -m 644 -p examples/chrony-wait.service \
cat > $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/chronyd <<EOF cat > $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/chronyd <<EOF
# Command-line options for chronyd # Command-line options for chronyd
OPTIONS="" OPTIONS="%{?with_seccomp:-F 2}"
EOF EOF
touch $RPM_BUILD_ROOT%{_localstatedir}/lib/chrony/{drift,rtc} touch $RPM_BUILD_ROOT%{_localstatedir}/lib/chrony/{drift,rtc}