Skip to content
Snippets Groups Projects
Commit 97330ced authored by Nick Mathewson's avatar Nick Mathewson :game_die:
Browse files

Fix sandbox use with systemd. bug 16212.

parent 8ca3773f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
changes/bug16212 0 → 100644
+ 5
0
View file @ 97330ced
o Minor bugfixes (sandbox, systemd):
- Allow systemd connections to work with the Linux seccomp2 sandbox
code. Fixes bug 16212; bugfix on 0.2.6.2-alpha.
Patch by Peter Palfrader.
src/common/sandbox.c
+ 10
0
View file @ 97330ced
......@@ -170,6 +170,7 @@ static int filter_nopar_gen[] = {
SCMP_SYS(read),
SCMP_SYS(rt_sigreturn),
SCMP_SYS(sched_getaffinity),
SCMP_SYS(sendmsg),
SCMP_SYS(set_robust_list),
#ifdef __NR_sigreturn
SCMP_SYS(sigreturn),
......@@ -547,6 +548,15 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX),
SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_STREAM),
SCMP_CMP(2, SCMP_CMP_EQ, 0));
if (rc)
return rc;
rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX),
SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_DGRAM),
SCMP_CMP(2, SCMP_CMP_EQ, 0));
if (rc)
return rc;
rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
SCMP_CMP(0, SCMP_CMP_EQ, PF_NETLINK),
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment