[tracker] tracker-seccomp: Add checks for mlock2() and getrandom() syscalls

From: Philip Withnall <pwithnall src gnome org>
To: commits-list gnome org
Cc:
Subject: [tracker] tracker-seccomp: Add checks for mlock2() and getrandom() syscalls
Date: Sun, 22 Jan 2017 13:06:14 +0000 (UTC)

commit fd995f87c8bfe7aba46dc066dd2ea5183b9fd810
Author: Philip Withnall <philip tecnocode co uk>
Date:   Sat Jan 21 23:05:08 2017 +0000

    tracker-seccomp: Add checks for mlock2() and getrandom() syscalls
    
    On older kernels, these syscalls did not exist, so the __NR_* syscall
    number definition does not exist for them, and compilation fails. Make
    the seccomp rules for them conditional on the syscall numbers existing.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=777591

 src/libtracker-common/tracker-seccomp.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)
---
diff --git a/src/libtracker-common/tracker-seccomp.c b/src/libtracker-common/tracker-seccomp.c
index 0c75895..71f6a43 100644
--- a/src/libtracker-common/tracker-seccomp.c
+++ b/src/libtracker-common/tracker-seccomp.c
@@ -60,7 +60,9 @@ tracker_seccomp_init (void)
        ALLOW_RULE (mprotect);
        ALLOW_RULE (madvise);
        ERROR_RULE (mlock, EPERM);
+#ifdef __NR_mlock2
        ERROR_RULE (mlock2, EPERM);
+#endif
        ERROR_RULE (munlock, EPERM);
        ERROR_RULE (mlockall, EPERM);
        ERROR_RULE (munlockall, EPERM);
@@ -119,7 +121,9 @@ tracker_seccomp_init (void)
        ALLOW_RULE (uname);
        ALLOW_RULE (sysinfo);
        ALLOW_RULE (prctl);
+#ifdef __NR_getrandom
        ALLOW_RULE (getrandom);
+#endif
        ALLOW_RULE (clock_gettime);
        ALLOW_RULE (clock_getres);
        ALLOW_RULE (gettimeofday);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]