| 1 |
commit: 6fa4f469c4b0f44259b1cc8c984bfcaa655a2f83 |
| 2 |
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Fri Aug 28 00:29:10 2015 +0000 |
| 4 |
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Fri Aug 28 00:29:10 2015 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=6fa4f469 |
| 7 |
|
| 8 |
security: do not warn when seccomp is disabled in the kernel |
| 9 |
|
| 10 |
If the seccomp feature is disabled in the kernel, we'll get back |
| 11 |
EINVAL from the prctl call. There's no simple way to differentiate |
| 12 |
between a real EINVAL (bad filter args), so we'll just assume that |
| 13 |
libseccomp knows what it is doing. |
| 14 |
|
| 15 |
Reported-by: Piotr Karbowski <piotr.karbowski <AT> gmail.com> |
| 16 |
URL: https://bugs.gentoo.org/558414 |
| 17 |
|
| 18 |
security.c | 7 +++++-- |
| 19 |
1 file changed, 5 insertions(+), 2 deletions(-) |
| 20 |
|
| 21 |
diff --git a/security.c b/security.c |
| 22 |
index 1fa64a0..af264ae 100644 |
| 23 |
--- a/security.c |
| 24 |
+++ b/security.c |
| 25 |
@@ -163,8 +163,11 @@ static void pax_seccomp_init(bool allow_forking) |
| 26 |
|
| 27 |
#ifndef __SANITIZE_ADDRESS__ |
| 28 |
/* ASAN does some weird stuff. */ |
| 29 |
- if (seccomp_load(ctx) < 0) |
| 30 |
- warnp("seccomp_load failed"); |
| 31 |
+ if (seccomp_load(ctx) < 0) { |
| 32 |
+ /* We have to assume that EINVAL == CONFIG_SECCOMP is disabled. */ |
| 33 |
+ if (errno != EINVAL) |
| 34 |
+ warnp("seccomp_load failed"); |
| 35 |
+ } |
| 36 |
#endif |
| 37 |
|
| 38 |
done: |
Archives