/[gentoo-x86]/net-misc/lldpd/files/lldpd-0.7.9-seccomp-add-syscalls.patch
Gentoo

Contents of /net-misc/lldpd/files/lldpd-0.7.9-seccomp-add-syscalls.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.1 - (hide annotations) (download) (as text)
Tue Jul 8 18:34:25 2014 UTC (5 years, 8 months ago) by chutzpah
Branch: MAIN
File MIME type: text/x-diff
Revision bump, add a patch to whitelist some more syscalls in seccomp and remove the pidfile patch.

(Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key 0xE3F69979BB4B8928DA78E3D17CBF44EF)

1 chutzpah 1.1 diff --git a/src/daemon/priv-seccomp.c b/src/daemon/priv-seccomp.c
2     index 7eb49d6..c69d82a 100644
3     --- a/src/daemon/priv-seccomp.c
4     +++ b/src/daemon/priv-seccomp.c
5     @@ -160,6 +160,10 @@ priv_seccomp_init(int remote, int child)
6     (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(stat), 0)) < 0 ||
7     (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigreturn), 0)) < 0 ||
8     (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0)) < 0 ||
9     + (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(sendto), 0)) < 0 ||
10     + (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(poll), 0)) < 0 ||
11     + (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(recvmsg), 0)) < 0 ||
12     + (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(readv), 0)) < 0 ||
13     /* The following are for resolving addresses */
14     (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap), 0)) < 0 ||
15     (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(munmap), 0)) < 0 ||

  ViewVC Help
Powered by ViewVC 1.1.20