[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
emacs-28 6d3608be88: Seccomp: improve support for newer versions of glib
|
From: |
Philipp Stephani |
|
Subject: |
emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073) |
|
Date: |
Sat, 22 Jan 2022 11:19:45 -0500 (EST) |
branch: emacs-28
commit 6d3608be88e1b30d2d10ee81f14dd485275c20ff
Author: Philipp Stephani <phst@google.com>
Commit: Philipp Stephani <phst@google.com>
Seccomp: improve support for newer versions of glibc (Bug#51073)
* lib-src/seccomp-filter.c (main): Allow 'pread64' and 'faccessat2'
system calls. Newer versions of glibc use these system call (starting
with commits 95c1056962a3f2297c94ce47f0eaf0c5b6563231 and
3d3ab573a5f3071992cbc4f57d50d1d29d55bde2, respectively).
---
lib-src/seccomp-filter.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib-src/seccomp-filter.c b/lib-src/seccomp-filter.c
index 552a986239..d368cbb46c 100644
--- a/lib-src/seccomp-filter.c
+++ b/lib-src/seccomp-filter.c
@@ -228,6 +228,7 @@ main (int argc, char **argv)
capabilities, and operating on them shouldn't cause security
issues. */
RULE (SCMP_ACT_ALLOW, SCMP_SYS (read));
+ RULE (SCMP_ACT_ALLOW, SCMP_SYS (pread64));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (write));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (close));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (lseek));
@@ -239,6 +240,7 @@ main (int argc, char **argv)
should be further restricted using mount namespaces. */
RULE (SCMP_ACT_ALLOW, SCMP_SYS (access));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (faccessat));
+ RULE (SCMP_ACT_ALLOW, SCMP_SYS (faccessat2));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (stat));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (stat64));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (lstat));
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073),
Philipp Stephani <=