chrony: add seccomp sandbox option

This adds a little extra security by using seccomp. Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com> Message-Id: <20200731161420.6568-1-bruno.thomsen@gmail.com> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
author: Bruno Thomsen <bruno.thomsen@gmail.com> 2020-07-31 18:14:20 +0200
committer: Michael Olbrich <m.olbrich@pengutronix.de> 2020-08-02 10:03:09 +0200
commit: 96db4ea70594b4213770929907262de503c32725 (patch)
tree: c2135a472f89a415b2ff6518c9d27b08662f208c /rules/chrony.in
parent: 65cf88b8d62d632c658336836ed091a6e22fc272 (diff)
download: ptxdist-96db4ea70594b4213770929907262de503c32725.tar.gz
ptxdist-96db4ea70594b4213770929907262de503c32725.tar.xz
1 files changed, 8 insertions, 0 deletions
diff --git a/rules/chrony.in b/rules/chrony.in
index 2f906d2ce..f50b86442 100644
--- a/rules/chrony.in
+++ b/rules/chrony.in
@@ -6,6 +6,7 @@ menuconfig CHRONY
 	prompt "chrony                        "
 	select LIBC_M
 	select LIBCAP
+	select LIBSECCOMP	if CHRONY_SECCOMP
 	select NETTLE		if CHRONY_USE_NETTLE
 	help
 	  This will install the Chrony NTPD Daemon (chronyd)
@@ -29,6 +30,13 @@ config CHRONY_USE_NETTLE
 	  Use nettle crypto library for stronger keys than MD5 in
 	  NTP authentication.
 
+config CHRONY_SECCOMP
+	bool
+	default y
+	prompt "Enable seccomp sandboxing"
+	help
+	  Enables seccomp sandboxing to reduce the attack surface.
+
 config CHRONY_ADVANCED_COMMAND
 	bool
 	prompt "Enable advanced monitoring command"
author	Bruno Thomsen <bruno.thomsen@gmail.com>	2020-07-31 18:14:20 +0200
committer	Michael Olbrich <m.olbrich@pengutronix.de>	2020-08-02 10:03:09 +0200
commit	96db4ea70594b4213770929907262de503c32725 (patch)
tree	c2135a472f89a415b2ff6518c9d27b08662f208c /rules/chrony.in
parent	65cf88b8d62d632c658336836ed091a6e22fc272 (diff)
download	ptxdist-96db4ea70594b4213770929907262de503c32725.tar.gz ptxdist-96db4ea70594b4213770929907262de503c32725.tar.xz