privops: enable system call filter

In preparation of OpenBSD support, add SYS_EnableSystemCallFilter() call to PRV_StartHelper(). In OpenBSD the privops helper will use a system call filter (pledge(2)), whereas in Linux the privops helper doesn't use any system call filter at the moment. Modify Unit test ntp_sources call to PRV_Initialise() with parameter scfilter_level set to 0.
2026-03-11 00:59:38 -04:00 · 2026-02-11 07:53:41 +01:00
parent cda67351ae
commit fd60dabde7
6 changed files with 15 additions and 5 deletions
--- a/main.c
+++ b/main.c
@@ -650,7 +650,7 @@ int main
  /* Write our pidfile to prevent other instances from running */
  write_pidfile();

-  PRV_Initialise();
+  PRV_Initialise(scfilter_level);
  LCL_Initialise();
  SCH_Initialise();
  SCK_Initialise(address_family);