Merge remote-tracking branch 'public/bug20247_029' into maint-0.2.9

This commit is contained in:
Nick Mathewson 2017-07-27 08:23:34 -04:00
commit 24ddf5862e
2 changed files with 12 additions and 0 deletions

4
changes/bug20247 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes (linux seccomp2 sandbox):
- Avoid a sandbox failure when trying to re-bind to a socket and mark
it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.

View File

@ -728,6 +728,14 @@ sb_setsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
return rc;
#endif
#ifdef IPV6_V6ONLY
rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setsockopt),
SCMP_CMP(1, SCMP_CMP_EQ, IPPROTO_IPV6),
SCMP_CMP(2, SCMP_CMP_EQ, IPV6_V6ONLY));
if (rc)
return rc;
#endif
return 0;
}