Merge branch 'maint-0.3.3'

This commit is contained in:
Nick Mathewson 2018-03-26 10:29:29 -04:00
commit c68bfc556c
2 changed files with 6 additions and 21 deletions

4
changes/feature25313 Normal file
View File

@ -0,0 +1,4 @@
o Minor features (sandbox):
- Explicitly permit the poll() system call when the Linux seccomp2-based
sandbox is enabled: apparently, some versions of libc use poll() when
calling getpwnam(). Closes ticket 25313.

View File

@ -259,7 +259,8 @@ static int filter_nopar_gen[] = {
SCMP_SYS(recvmsg), SCMP_SYS(recvmsg),
SCMP_SYS(recvfrom), SCMP_SYS(recvfrom),
SCMP_SYS(sendto), SCMP_SYS(sendto),
SCMP_SYS(unlink) SCMP_SYS(unlink),
SCMP_SYS(poll)
}; };
/* These macros help avoid the error where the number of filters we add on a /* These macros help avoid the error where the number of filters we add on a
@ -1071,25 +1072,6 @@ sb_mremap(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
return 0; return 0;
} }
/**
* Function responsible for setting up the poll syscall for
* the seccomp filter sandbox.
*/
static int
sb_poll(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
{
int rc = 0;
(void) filter;
rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(poll),
SCMP_CMP(1, SCMP_CMP_EQ, 1),
SCMP_CMP(2, SCMP_CMP_EQ, 10));
if (rc)
return rc;
return 0;
}
#ifdef __NR_stat64 #ifdef __NR_stat64
/** /**
* Function responsible for setting up the stat64 syscall for * Function responsible for setting up the stat64 syscall for
@ -1161,7 +1143,6 @@ static sandbox_filter_func_t filter_func[] = {
sb_flock, sb_flock,
sb_futex, sb_futex,
sb_mremap, sb_mremap,
sb_poll,
#ifdef __NR_stat64 #ifdef __NR_stat64
sb_stat64, sb_stat64,
#endif #endif