diff options
author | Bruno Thomsen <bruno.thomsen@gmail.com> | 2020-07-31 18:14:20 +0200 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2020-08-02 10:03:09 +0200 |
commit | 96db4ea70594b4213770929907262de503c32725 (patch) | |
tree | c2135a472f89a415b2ff6518c9d27b08662f208c /rules/chrony.in | |
parent | 65cf88b8d62d632c658336836ed091a6e22fc272 (diff) | |
download | ptxdist-96db4ea70594b4213770929907262de503c32725.tar.gz ptxdist-96db4ea70594b4213770929907262de503c32725.tar.xz |
chrony: add seccomp sandbox option
This adds a little extra security by using seccomp.
Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
Message-Id: <20200731161420.6568-1-bruno.thomsen@gmail.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Diffstat (limited to 'rules/chrony.in')
-rw-r--r-- | rules/chrony.in | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/rules/chrony.in b/rules/chrony.in index 2f906d2ce..f50b86442 100644 --- a/rules/chrony.in +++ b/rules/chrony.in @@ -6,6 +6,7 @@ menuconfig CHRONY prompt "chrony " select LIBC_M select LIBCAP + select LIBSECCOMP if CHRONY_SECCOMP select NETTLE if CHRONY_USE_NETTLE help This will install the Chrony NTPD Daemon (chronyd) @@ -29,6 +30,13 @@ config CHRONY_USE_NETTLE Use nettle crypto library for stronger keys than MD5 in NTP authentication. +config CHRONY_SECCOMP + bool + default y + prompt "Enable seccomp sandboxing" + help + Enables seccomp sandboxing to reduce the attack surface. + config CHRONY_ADVANCED_COMMAND bool prompt "Enable advanced monitoring command" |