Re: [chrony-dev] [PATCH v2] sys_linux: allow setsockopt(SOL_IP, IP_TOS) in seccomp

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


On Sun, Apr 04, 2021 at 03:12:17PM +0200, Foster Snowhill wrote:
> This system call is required by the DSCP marking feature introduced in commit
> 6a5665ca5877bad1ae77c906715414aac77d9f77.
> 
> Before this change, enabling seccomp filtering (chronyd -F 1) and specifying a
> custom DSCP value in the configuration (for example "dscp 46") caused the
> process to be killed by seccomp due to IP_TOS not being allowed by the filter.
> 
> Tested before and after the change on Ubuntu 21.04, kernel 5.11.0-13-generic.
> IP_TOS is available since Linux 1.0, so I didn't add any ifdefs for it.

Looks good. I'll push it in the next batch. Thanks!

-- 
Miroslav Lichvar


-- 
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/