privops: enable system call filter

In preparation of OpenBSD support, add SYS_EnableSystemCallFilter() call
to PRV_StartHelper().

In OpenBSD the privops helper will use a system call filter (pledge(2)),
whereas in Linux the privops helper doesn't use any system call filter
at the moment.

Modify Unit test ntp_sources call to PRV_Initialise() with parameter
scfilter_level set to 0.

main.c

@@ -650,7 +650,7 @@ int main
   /* Write our pidfile to prevent other instances from running */
   write_pidfile();
 
-  PRV_Initialise();
+  PRV_Initialise(scfilter_level);
   LCL_Initialise();
   SCH_Initialise();
   SCK_Initialise(address_family);

privops.c

@@ -34,6 +34,7 @@
 #include "logging.h"
 #include "privops.h"
 #include "socket.h"
+#include "sys.h"
 #include "util.h"
 
 #define OP_ADJUSTTIME     1024
@@ -131,6 +132,7 @@ typedef struct {
 
 static int helper_fd;
 static pid_t helper_pid;
+static int scfilter_level;
 
 static int
 have_helper(void)
@@ -624,9 +626,10 @@ PRV_ReloadDNS(void)
 /* ======================================================================= */
 
 void
-PRV_Initialise(void)
+PRV_Initialise(int level)
 {
   helper_fd = -1;
+  scfilter_level = level;
 }
 
 /* ======================================================================= */
@@ -667,6 +670,9 @@ PRV_StartHelper(void)
     /* ignore signals, the process will exit on OP_QUIT request */
     UTI_SetQuitSignalsHandler(SIG_IGN, 1);
 
+    if (scfilter_level != 0)
+      SYS_EnableSystemCallFilter(scfilter_level, SYS_PRIVOPS_HELPER);
+
     helper_main(sock_fd2);
 
   } else {

privops.h

@@ -65,11 +65,11 @@ void PRV_ReloadDNS(void);
 #endif
 
 #ifdef PRIVOPS_HELPER
-void PRV_Initialise(void);
+void PRV_Initialise(int scfilter_level);
 void PRV_StartHelper(void);
 void PRV_Finalise(void);
 #else
-#define PRV_Initialise()
+#define PRV_Initialise(scfilter_level)
 #define PRV_StartHelper()
 #define PRV_Finalise()
 #endif

sys.h

@@ -38,6 +38,7 @@ extern void SYS_Finalise(void);
 typedef enum {
   SYS_MAIN_PROCESS,
   SYS_NTSKE_HELPER,
+  SYS_PRIVOPS_HELPER,
 } SYS_ProcessContext;
 
 /* Switch to the specified user and group in given context */

sys_linux.c

@@ -658,6 +658,9 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
        modules are installed and enabled on the system). */
     if (default_action != SCMP_ACT_ALLOW)
       PRV_StartHelper();
+  } else if (context == SYS_PRIVOPS_HELPER) {
+    /* The privops helper on Linux doesn't have any filter loaded */
+    return;
   }
 
   ctx = seccomp_init(default_action);

test/unit/ntp_sources.c

@@ -137,7 +137,7 @@ test_unit(void)
   CNF_Initialise(0, 0);
   CNF_ParseLine(NULL, 1, conf);
 
-  PRV_Initialise();
+  PRV_Initialise(0);
   LCL_Initialise();
   TST_RegisterDummyDrivers();
   SCH_Initialise();