DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-06 23:35:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

sys_linux: add second scfilter level

Browse Source 
Add level "2" to enable a filter which blocks only specific system calls
like fork and exec* instead of blocking everything unknown. It should
be reliable with respect to changes in libraries, but it provides only a
very limited protection.
This commit is contained in:
Miroslav Lichvar
2021-05-05 11:21:39 +02:00
parent 9cdfc15e31
commit 97973b1833
4 changed files with 85 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test/system/099-scfilter
View File

@@ -6,7 +6,7 @@ check_chronyd_features SCFILTER || test_skip "SCFILTER support disabled"
test_start "system call filter in non-destructive tests"
for level in "-1" "1"; do
for level in "-1" "1" "-2" "2"; do
test_message 1 1 "level $level:"
for test in 0[0-8][0-9]-*[^_]; do
test_message 2 0 "$test"

2
test/system/199-scfilter
View File

@@ -6,7 +6,7 @@ check_chronyd_features SCFILTER || test_skip "SCFILTER support disabled"
test_start "system call filter in destructive tests"
for level in "-1" "1"; do
for level in "-1" "1" "-2" "2"; do
test_message 1 1 "level $level:"
for test in 1[0-8][0-9]-*[^_]; do
test_message 2 0 "$test"