Loading changes/bug15003 0 → 100644 +3 −0 Original line number Diff line number Diff line o Major bugfixes (linux seccomp2 sandbox): - Allow AF_UNIX hidden services to be used with the seccomp2 sandbox. Fixes bug 15003; bugfix on 0.2.6.3-alpha. src/common/sandbox.c +5 −0 Original line number Diff line number Diff line Loading @@ -542,6 +542,11 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter) return rc; } rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX), SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_STREAM), SCMP_CMP(2, SCMP_CMP_EQ, 0)); rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), SCMP_CMP(0, SCMP_CMP_EQ, PF_NETLINK), SCMP_CMP(1, SCMP_CMP_EQ, SOCK_RAW), Loading Loading
changes/bug15003 0 → 100644 +3 −0 Original line number Diff line number Diff line o Major bugfixes (linux seccomp2 sandbox): - Allow AF_UNIX hidden services to be used with the seccomp2 sandbox. Fixes bug 15003; bugfix on 0.2.6.3-alpha.
src/common/sandbox.c +5 −0 Original line number Diff line number Diff line Loading @@ -542,6 +542,11 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter) return rc; } rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX), SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_STREAM), SCMP_CMP(2, SCMP_CMP_EQ, 0)); rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), SCMP_CMP(0, SCMP_CMP_EQ, PF_NETLINK), SCMP_CMP(1, SCMP_CMP_EQ, SOCK_RAW), Loading
