Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
systemd-mini.15662
0003-seccomp-shm-get-at-dt-now-have-their-own-n...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0003-seccomp-shm-get-at-dt-now-have-their-own-numbers-eve.patch of Package systemd-mini.15662
From 029d0cc0864bda8228b0c193fae89fd720826b2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> Date: Fri, 15 Mar 2019 11:57:49 +0100 Subject: [PATCH 3/3] seccomp: shm{get,at,dt} now have their own numbers everywhere E.g. on i686: (previously) arch x86: SCMP_SYS(mmap) = 90 arch x86: SCMP_SYS(mmap2) = 192 arch x86: SCMP_SYS(shmat) = -221 arch x86: SCMP_SYS(shmat) = -221 arch x86: SCMP_SYS(shmdt) = -222 (now) arch x86: SCMP_SYS(mmap) = 90 arch x86: SCMP_SYS(mmap2) = 192 arch x86: SCMP_SYS(shmat) = 397 arch x86: SCMP_SYS(shmat) = 397 arch x86: SCMP_SYS(shmdt) = 398 The relevant commit seems to be https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0d6040d46817. (cherry picked from commit e55bdf9b6c5f72475b258a7a4585a0480551cb60) [fbui: fixes bsc#1173422] [fbui: later commit 67fb5f338fad added support to block shmat syscall on x86 but it was basically reverted by commit bed4668d1daeb6... therefore let's only cherry pick this patch alone to fix the build failure on architectures which defines a separate syscall but use a multiplexer. This effectively means shmat is ignored and not blocked on x86 and ppc.] --- src/shared/seccomp-util.c | 5 ----- src/test/test-seccomp.c | 9 +++++++++ 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index 7a2da0dd92..74094029ca 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -1191,14 +1191,9 @@ static int add_seccomp_syscall_filter(scmp_filter_ctx seccomp, assert_cc(SCMP_SYS(shmget) > 0); assert_cc(SCMP_SYS(shmat) > 0); assert_cc(SCMP_SYS(shmdt) > 0); -#elif defined(__i386__) || defined(__powerpc64__) -assert_cc(SCMP_SYS(shmget) < 0); -assert_cc(SCMP_SYS(shmat) < 0); -assert_cc(SCMP_SYS(shmdt) < 0); #endif int seccomp_memory_deny_write_execute(void) { - uint32_t arch; int r; diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c index 7a951aec62..c2aa72ea3f 100644 --- a/src/test/test-seccomp.c +++ b/src/test/test-seccomp.c @@ -480,9 +480,18 @@ static void test_memory_deny_write_execute_mmap(void) { static void test_memory_deny_write_execute_shmat(void) { int shmid; pid_t pid; + uint32_t arch; log_info("/* %s */", __func__); + SECCOMP_FOREACH_LOCAL_ARCH(arch) { + log_debug("arch %s: SCMP_SYS(mmap) = %d", seccomp_arch_to_string(arch), SCMP_SYS(mmap)); + log_debug("arch %s: SCMP_SYS(mmap2) = %d", seccomp_arch_to_string(arch), SCMP_SYS(mmap2)); + log_debug("arch %s: SCMP_SYS(shmget) = %d", seccomp_arch_to_string(arch), SCMP_SYS(shmget)); + log_debug("arch %s: SCMP_SYS(shmat) = %d", seccomp_arch_to_string(arch), SCMP_SYS(shmat)); + log_debug("arch %s: SCMP_SYS(shmdt) = %d", seccomp_arch_to_string(arch), SCMP_SYS(shmdt)); + } + if (!is_seccomp_available()) { log_notice("Seccomp not available, skipping %s", __func__); return; -- 2.26.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor