diff options
| author |   Sam James <sam@gentoo.org> | 2021-02-08 14:10:07 +0000 |
|---|---|---|
| committer | Sam James <sam@gentoo.org> | 2021-02-08 14:54:02 +0000 |
| commit | 9a5c393d884d5e20f95097feca7f98a3499639e6 (patch) | |
| tree | 8b8e6a17c2aa44fc083ab8af2a592acbb6519515 /net-misc/chrony | |
| parent | net-misc/chrony: restore git HOMEPAGE (diff) | |
| download | gentoo-9a5c393d884d5e20f95097feca7f98a3499639e6.tar.gz gentoo-9a5c393d884d5e20f95097feca7f98a3499639e6.tar.bz2 gentoo-9a5c393d884d5e20f95097feca7f98a3499639e6.zip | |
net-misc/chrony: add note re changes on USE=seccomp install
Users must enable seccomp manually for now at runtime.
Package-Manager: Portage-3.0.14, Repoman-3.0.2
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'net-misc/chrony')
| -rw-r--r-- | net-misc/chrony/chrony-4.0-r1.ebuild | 15 | ||||
| -rw-r--r-- | net-misc/chrony/chrony-9999.ebuild | 15 |
2 files changed, 28 insertions, 2 deletions
diff --git a/net-misc/chrony/chrony-4.0-r1.ebuild b/net-misc/chrony/chrony-4.0-r1.ebuild index e0333b6483ff..d663e9cb680e 100644 --- a/net-misc/chrony/chrony-4.0-r1.ebuild +++ b/net-misc/chrony/chrony-4.0-r1.ebuild @@ -173,10 +173,16 @@ src_install() { pkg_preinst() { HAD_CAPS=false + HAD_SECCOMP=false - if has_version 'net-misc/chrony[caps]'; then + if has_version 'net-misc/chrony[caps]' ; then HAD_CAPS=true fi + + if has_version 'net-misc/chrony[seccomp]' ; then + HAD_SECCOMP=true + fi + } pkg_postinst() { @@ -187,4 +193,11 @@ pkg_postinst() { ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony" ewarn "This is necessary for chrony to drop privileges" fi + + if [[ ! ${HAD_SECCOMP} ]] && use seccomp ; then + elog "To enable seccomp in enforcing mode, please modify:" + elog "- /etc/conf.d/chronyd for OpenRC" + elog "- systemctl edit chronyd for systemd" + elog "to use -F 1 or -F -1 instead of -F 0 (see man chronyd)" + fi } diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-9999.ebuild index e0333b6483ff..d663e9cb680e 100644 --- a/net-misc/chrony/chrony-9999.ebuild +++ b/net-misc/chrony/chrony-9999.ebuild @@ -173,10 +173,16 @@ src_install() { pkg_preinst() { HAD_CAPS=false + HAD_SECCOMP=false - if has_version 'net-misc/chrony[caps]'; then + if has_version 'net-misc/chrony[caps]' ; then HAD_CAPS=true fi + + if has_version 'net-misc/chrony[seccomp]' ; then + HAD_SECCOMP=true + fi + } pkg_postinst() { @@ -187,4 +193,11 @@ pkg_postinst() { ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony" ewarn "This is necessary for chrony to drop privileges" fi + + if [[ ! ${HAD_SECCOMP} ]] && use seccomp ; then + elog "To enable seccomp in enforcing mode, please modify:" + elog "- /etc/conf.d/chronyd for OpenRC" + elog "- systemctl edit chronyd for systemd" + elog "to use -F 1 or -F -1 instead of -F 0 (see man chronyd)" + fi } |