mirrors/zathura
1
0
Fork 0
mirror of https://git.pwmt.org/pwmt/zathura.git synced 2024-12-28 05:36:00 +01:00
Code Issues Projects Releases Packages Wiki Activity

Make clone3 fallback to clone

Browse source
This commit is contained in:
Sebastian Ramacher 2022-09-09 00:16:41 +02:00
parent 4a9206f393
commit a2e302ce8e
1 changed files with 4 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
zathura/seccomp-filters.c
View file

@ -233,9 +233,9 @@ seccomp_enable_strict_filter(zathura_t* zathura)
/* ALLOW_RULE(umask); allowed for X11 only below */ /* ALLOW_RULE(umask); allowed for X11 only below */
ALLOW_RULE(uname); ALLOW_RULE(uname);
ALLOW_RULE(unlink); ALLOW_RULE(unlink);
ALLOW_RULE(write); ALLOW_RULE(write);
ALLOW_RULE(writev); ALLOW_RULE(writev);
ALLOW_RULE(wait4); ALLOW_RULE(wait4);
/* required for testing only */ /* required for testing only */
ALLOW_RULE(timer_create); ALLOW_RULE(timer_create);
@ -247,7 +247,6 @@ seccomp_enable_strict_filter(zathura_t* zathura)
GdkDisplay* display = gtk_widget_get_display(zathura->ui.session->gtk.view); GdkDisplay* display = gtk_widget_get_display(zathura->ui.session->gtk.view);
if (GDK_IS_X11_DISPLAY (display)) { if (GDK_IS_X11_DISPLAY (display)) {
girara_debug("On X11, supporting X11 syscalls"); girara_debug("On X11, supporting X11 syscalls");
/* permit the socket syscall for local UNIX domain sockets (required by X11) */ /* permit the socket syscall for local UNIX domain sockets (required by X11) */
@ -275,7 +274,8 @@ seccomp_enable_strict_filter(zathura_t* zathura)
CLONE_SETTLS | \ CLONE_SETTLS | \
CLONE_PARENT_SETTID | \ CLONE_PARENT_SETTID | \
CLONE_CHILD_CLEARTID)); CLONE_CHILD_CLEARTID));
/* trigger fallback to clone */
ADD_RULE("errno", SCMP_ACT_ERRNO(ENOSYS), clone3, 0);
/* fcntl filter - not yet working */ /* fcntl filter - not yet working */
/*ADD_RULE("allow", SCMP_ACT_ALLOW, fcntl, 1, SCMP_CMP(0, SCMP_CMP_EQ, \ /*ADD_RULE("allow", SCMP_ACT_ALLOW, fcntl, 1, SCMP_CMP(0, SCMP_CMP_EQ, \
@ -287,7 +287,6 @@ seccomp_enable_strict_filter(zathura_t* zathura)
F_DUPFD_CLOEXEC | \ F_DUPFD_CLOEXEC | \
F_SETFD | \ F_SETFD | \
FD_CLOEXEC )); */ FD_CLOEXEC )); */
/* Special requirements for ioctl, allowed on stdout/stderr */ /* Special requirements for ioctl, allowed on stdout/stderr */
ADD_RULE("allow", SCMP_ACT_ALLOW, ioctl, 1, SCMP_CMP(0, SCMP_CMP_EQ, 1)); ADD_RULE("allow", SCMP_ACT_ALLOW, ioctl, 1, SCMP_CMP(0, SCMP_CMP_EQ, 1));