1 |
commit: 6fa4f469c4b0f44259b1cc8c984bfcaa655a2f83 |
2 |
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Aug 28 00:29:10 2015 +0000 |
4 |
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Aug 28 00:29:10 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=6fa4f469 |
7 |
|
8 |
security: do not warn when seccomp is disabled in the kernel |
9 |
|
10 |
If the seccomp feature is disabled in the kernel, we'll get back |
11 |
EINVAL from the prctl call. There's no simple way to differentiate |
12 |
between a real EINVAL (bad filter args), so we'll just assume that |
13 |
libseccomp knows what it is doing. |
14 |
|
15 |
Reported-by: Piotr Karbowski <piotr.karbowski <AT> gmail.com> |
16 |
URL: https://bugs.gentoo.org/558414 |
17 |
|
18 |
security.c | 7 +++++-- |
19 |
1 file changed, 5 insertions(+), 2 deletions(-) |
20 |
|
21 |
diff --git a/security.c b/security.c |
22 |
index 1fa64a0..af264ae 100644 |
23 |
--- a/security.c |
24 |
+++ b/security.c |
25 |
@@ -163,8 +163,11 @@ static void pax_seccomp_init(bool allow_forking) |
26 |
|
27 |
#ifndef __SANITIZE_ADDRESS__ |
28 |
/* ASAN does some weird stuff. */ |
29 |
- if (seccomp_load(ctx) < 0) |
30 |
- warnp("seccomp_load failed"); |
31 |
+ if (seccomp_load(ctx) < 0) { |
32 |
+ /* We have to assume that EINVAL == CONFIG_SECCOMP is disabled. */ |
33 |
+ if (errno != EINVAL) |
34 |
+ warnp("seccomp_load failed"); |
35 |
+ } |
36 |
#endif |
37 |
|
38 |
done: |