[tracker-miners/wip/carlosg/backports-3.2: 2/2] libtracker-miners-common: Allow 'mbind' syscall in seccomp
- From: Carlos Garnacho <carlosg src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [tracker-miners/wip/carlosg/backports-3.2: 2/2] libtracker-miners-common: Allow 'mbind' syscall in seccomp
- Date: Sun, 6 Mar 2022 21:58:47 +0000 (UTC)
commit 4c618245ee94178ca6482590a0e154b4ea054785
Author: Carlos Garnacho <carlosg gnome org>
Date: Wed Jan 5 11:52:27 2022 +0100
libtracker-miners-common: Allow 'mbind' syscall in seccomp
This syscall allows setting the NUMA policy for the pages allocated
in mmap-ed memory. This seems a fair thing to do, given the scary
features of this syscall are still under CAP_SYS_ADMIN.
This was seen through GStreamer in Ubuntu 22.04
Fixes: https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/210
src/libtracker-miners-common/tracker-seccomp.c | 1 +
1 file changed, 1 insertion(+)
---
diff --git a/src/libtracker-miners-common/tracker-seccomp.c b/src/libtracker-miners-common/tracker-seccomp.c
index 5567233e6..1768ef1a1 100644
--- a/src/libtracker-miners-common/tracker-seccomp.c
+++ b/src/libtracker-miners-common/tracker-seccomp.c
@@ -108,6 +108,7 @@ tracker_seccomp_init (void)
ALLOW_RULE (mremap);
ALLOW_RULE (mprotect);
ALLOW_RULE (madvise);
+ ALLOW_RULE (mbind);
ERROR_RULE (mlock, EPERM);
ERROR_RULE (mlock2, EPERM);
ERROR_RULE (munlock, EPERM);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]