DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-03 16:35:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

sys: specify process context for dropping root

Browse Source 
Similarly to enabling the syscall filter, specify what kind of chronyd
process is dropping the root privileges.
This commit is contained in:
Miroslav Lichvar
2020-10-05 18:10:35 +02:00
parent 545d2563ef
commit a96d288027
12 changed files with 29 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
sys.h
View File

@@ -35,17 +35,17 @@ extern void SYS_Initialise(int clock_control);
/* Called at the end of the run to do final clean-up */
extern void SYS_Finalise(void);
/* Drop root privileges to the specified user and group */
extern void SYS_DropRoot(uid_t uid, gid_t gid);
typedef enum {
SYS_MAIN_PROCESS,
SYS_NTSKE_HELPER,
} SYS_SystemCallContext;
} SYS_ProcessContext;
/* Switch to the specified user and group in given context */
extern void SYS_DropRoot(uid_t uid, gid_t gid, SYS_ProcessContext context);
/* Enable a system call filter to allow only system calls
which chronyd normally needs after initialization */
extern void SYS_EnableSystemCallFilter(int level, SYS_SystemCallContext context);
extern void SYS_EnableSystemCallFilter(int level, SYS_ProcessContext context);
extern void SYS_SetScheduler(int SchedPriority);
extern void SYS_LockMemory(void);