Re: [chrony-dev] [PATCH] Add support for OpenBSD |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
- To: chrony-dev@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [chrony-dev] [PATCH] Add support for OpenBSD
- From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
- Date: Mon, 3 Jan 2022 11:32:48 +0100
- Authentication-results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@xxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1641205972; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=BY46JwsKC5DWphQM4mz+rVF/NnyVuoLX9O48igjeRsE=; b=fkZ4J5aThjamP+AW882IZb73jT6xPA7ko1fG9czRdE+D8aN5suzVNKhLJy30GIG9fqSmeb pmXCHkJ8kXr0MNVjgaiVljPRb2/9M0Ozcb2DMtmifciqrvJz/AYCpx3sveo0dcsfJArkFp vivrgXSybU9Xmac2bx2am8yCa7LUp1o=
On Wed, Dec 22, 2021 at 07:04:16PM +0000, Shaun Ren wrote:
> 7 files changed, 283 insertions(+)
> create mode 100644 sys_openbsd.c
> create mode 100644 sys_openbsd.h
How many users do you estimate are interested in this? I don't
remember any requests here. If someone decided to run OpenBSD, I'd
expect them to strongly prefer openntpd, but maybe that's just my
impression.
If this is accepted, will you stay around and support it?
> void
> PRV_Initialise(void)
> {
> @@ -667,6 +732,12 @@ PRV_StartHelper(void)
> /* ignore signals, the process will exit on OP_QUIT request */
> UTI_SetQuitSignalsHandler(SIG_IGN, 1);
>
> +
> +#ifdef OPENBSD
> + if (pledge("stdio unix settime", NULL) == -1)
> + LOG_FATAL("pledge() failed");
> +#endif
Would it make sense to move this to sys_openbsd.c as a syscall filter
option?
> +#ifdef FEAT_PRIVDROP
> +void
> +SYS_OpenBSD_DropRoot(uid_t uid, gid_t gid, SYS_ProcessContext context, int clock_control)
> +{
> + if (context == SYS_MAIN_PROCESS)
> + PRV_StartHelper();
> +
> + UTI_DropRoot(uid, gid);
> +
> + if (pledge("stdio rpath wpath cpath unix inet dns settime", NULL) == -1)
> + LOG_FATAL("pledge() failed");
Same here?
--
Miroslav Lichvar
--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.