diff options
| author | Damien Miller <djm@mindrot.org> | 2014-02-06 11:17:50 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2014-02-06 11:17:50 +1100 |
| commit | 6434cb2cfbbf0a46375d2d22f2ff9927feb5e478 (patch) | |
| tree | 9b2794cbddb54619dc15ba21cd2af518b3e39b88 | |
| parent | 8d36f9ac71eff2e9f5770c0518b73d875f270647 (diff) | |
- (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define
__NR_shutdown; some go via the socketcall(2) multiplexer.
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | sandbox-seccomp-filter.c | 2 |
2 files changed, 4 insertions, 0 deletions
| @@ -1,6 +1,8 @@ | |||
| 1 | 20140206 | 1 | 20140206 |
| 2 | - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULL | 2 | - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULL |
| 3 | before freeing since free(NULL) is a no-op. ok djm. | 3 | before freeing since free(NULL) is a no-op. ok djm. |
| 4 | - (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define | ||
| 5 | __NR_shutdown; some go via the socketcall(2) multiplexer. | ||
| 4 | 6 | ||
| 5 | 20140205 | 7 | 20140205 |
| 6 | - (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by | 8 | - (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by |
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index dbda60bab..c0c17c2fc 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c | |||
| @@ -98,7 +98,9 @@ static const struct sock_filter preauth_insns[] = { | |||
| 98 | SC_ALLOW(read), | 98 | SC_ALLOW(read), |
| 99 | SC_ALLOW(write), | 99 | SC_ALLOW(write), |
| 100 | SC_ALLOW(close), | 100 | SC_ALLOW(close), |
| 101 | #ifdef __NR_shutdown /* not defined on archs that go via socketcall(2) */ | ||
| 101 | SC_ALLOW(shutdown), | 102 | SC_ALLOW(shutdown), |
| 103 | #endif | ||
| 102 | SC_ALLOW(brk), | 104 | SC_ALLOW(brk), |
| 103 | SC_ALLOW(poll), | 105 | SC_ALLOW(poll), |
| 104 | #ifdef __NR__newselect | 106 | #ifdef __NR__newselect |