Commit b2c4d4e7 authored by Nick Mathewson's avatar Nick Mathewson 🤹
Browse files

Merge branch 'maint-0.2.9' into maint-0.3.1

parents 8939eaf4 84c13336

changes/bug24198

0 → 100644
+4 −0
Original line number Diff line number Diff line 
  o Minor bugfixes (controller, linux seccomp2 sandbox):

    - Avoid a crash when attempting to use the seccomp2 sandbox

      together with the OwningControllerProcess feature.

      Fixes bug 24198; bugfix on 0.2.5.1-alpha.

src/common/sandbox.c

+15 −1
Original line number Diff line number Diff line
@@ -1118,6 +1118,19 @@ sb_stat64(scmp_filter_ctx ctx, sandbox_cfg_t *filter) 
}

#endif



static int

sb_kill(scmp_filter_ctx ctx, sandbox_cfg_t *filter)

{

  (void) filter;

#ifdef __NR_kill

  /* Allow killing anything with signal 0 -- it isn't really a kill. */

  return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(kill),

       SCMP_CMP(1, SCMP_CMP_EQ, 0));

#else

  return 0;

#endif

}



/**

 * Array of function pointers responsible for filtering different syscalls at

 * a parameter level.
@@ -1156,7 +1169,8 @@ static sandbox_filter_func_t filter_func[] = { 
    sb_socket,

    sb_setsockopt,

    sb_getsockopt,

    sb_socketpair

    sb_socketpair,

    sb_kill

};



const char *