Re: [chrony-dev] [PATCH v2] sys_linux: allow setsockopt(SOL_IP, IP_TOS) in seccomp |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
- To: chrony-dev@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [chrony-dev] [PATCH v2] sys_linux: allow setsockopt(SOL_IP, IP_TOS) in seccomp
- From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
- Date: Tue, 6 Apr 2021 10:17:35 +0200
- Authentication-results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@xxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1617697060; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=G26Qtp/zzftwRK+lPGazqZzqlY8xDTyLOYa6aYoKXok=; b=W78HpWuzlZU8Z5fT0+4p4FLXz5Mf7JML1UJH+sGp2YJce0YRbTsFc13vd+npxQ/hC4Zbk9 TmThtfiV38E5z4KqxyyH6Sn1W4Pdy7grmNZdmWfb4y3mmyWmdGuOCBRgSS1JbcK3lghzUE sUwMcU5FADWmH9fpJeIVJXPFw15at8Y=
On Sun, Apr 04, 2021 at 03:12:17PM +0200, Foster Snowhill wrote:
> This system call is required by the DSCP marking feature introduced in commit
> 6a5665ca5877bad1ae77c906715414aac77d9f77.
>
> Before this change, enabling seccomp filtering (chronyd -F 1) and specifying a
> custom DSCP value in the configuration (for example "dscp 46") caused the
> process to be killed by seccomp due to IP_TOS not being allowed by the filter.
>
> Tested before and after the change on Ubuntu 21.04, kernel 5.11.0-13-generic.
> IP_TOS is available since Linux 1.0, so I didn't add any ifdefs for it.
Looks good. I'll push it in the next batch. Thanks!
--
Miroslav Lichvar
--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.