| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| allow-IP_TOS-socket-option-in-seccomp-filter.patch | sys_linux: allow setsockopt(SOL_IP, IP_TOS) in seccomp This system call is required by the DSCP marking feature introduced in commit 6a5665ca5877 ("conf: add dscp directive"). Before this change, enabling seccomp filtering (chronyd -F 1) and specifying a custom DSCP value in the configuration (for example "dscp 46") caused the process to be killed by seccomp due to IP_TOS not being allowed by the filter. Tested before and after the change on Ubuntu 21.04, kernel 5.11.0-13-generic. IP_TOS is available since Linux 1.0, so I didn't add any ifdefs for it. =================================================================== |
Foster Snowhill <forst@forstwoof.ru> | yes | upstream | 2021-04-08 | |
| nm-dispatcher-dhcp_Move-server_dir-to-run.patch | Move server_dir path to /run | Vincent Blut <vincent.debian@free.fr> | no | 2020-09-16 | ||
| allow-BINDTODEVICE-option-in-seccomp-filter.patch | sys_linux: allow BINDTODEVICE option in seccomp filter =================================================================== |
Miroslav Lichvar <mlichvar@redhat.com> | no | 2021-05-13 | ||
| allow-getuid32-in-seccomp-filter.patch | sys_linux: allow getuid32 in seccomp filter This was triggered on x86 in an NTS test. diff --git a/sys_linux.c b/sys_linux.c index be5d44d..57b4e0f 100644 |
Miroslav Lichvar <mlichvar@redhat.com> | no | 2021-05-13 | ||
| fix-seccomp-filter-for-BINDTODEVICE-socket-option.patch | sys_linux: fix seccomp filter for BINDTODEVICE option The BINDTODEVICE socket option is the first option in the seccomp filter setting a string instead of int. Remove the length check from the setsockopt rules to allow a device name longer than 3 characters. This was reported in Debian bug #995207. =================================================================== |
Miroslav Lichvar <mlichvar@redhat.com> | no | debian | upstream, https://git.tuxfamily.org/chrony/chrony.git/commit/?id=29d7d3176d9d1b208039a9d2ca3f26bc3cc5a387 | 2021-10-06 |