procyberian/emacs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Seccomp: improve support for newer versions of glibc (Bug#51073)

Browse source 
* lib-src/seccomp-filter.c (main): Allow 'pread64' and 'faccessat2'
system calls.  Newer versions of glibc use these system call (starting
with commits 95c1056962a3f2297c94ce47f0eaf0c5b6563231 and
3d3ab573a5f3071992cbc4f57d50d1d29d55bde2, respectively).
This commit is contained in:
Philipp Stephani 2022-01-22 17:11:37 +01:00
parent e58ecd01d5
commit 6d3608be88
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib-src/seccomp-filter.c
View file

@ -228,6 +228,7 @@ main (int argc, char **argv)
capabilities, and operating on them shouldn't cause security
issues. */
RULE (SCMP_ACT_ALLOW, SCMP_SYS (read));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (pread64));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (write));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (close));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (lseek));
@ -239,6 +240,7 @@ main (int argc, char **argv)
should be further restricted using mount namespaces. */
RULE (SCMP_ACT_ALLOW, SCMP_SYS (access));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (faccessat));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (faccessat2));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (stat));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (stat64));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (lstat));