mirrors/zathura
1
0
Fork 0
mirror of https://git.pwmt.org/pwmt/zathura.git synced 2024-12-27 13:26:00 +01:00
Code Issues Projects Releases Packages Wiki Activity

Fix seccomp filters in strict mode

Browse source
This commit is contained in:
zsugabubus 2020-04-19 13:35:44 +02:00 committed by Sebastian Ramacher
parent 82783770dc
commit b0fc5016d4
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
zathura/seccomp-filters.c
View file

@ -163,6 +163,7 @@ seccomp_enable_strict_filter(void)
ALLOW_RULE(getgid);
ALLOW_RULE(getuid);
ALLOW_RULE(getpid);
ALLOW_RULE(gettid);
/* ALLOW_RULE (getpeername); */
ALLOW_RULE(getresgid);
ALLOW_RULE(getresuid);
@ -219,6 +220,9 @@ seccomp_enable_strict_filter(void)
ALLOW_RULE(writev);
ALLOW_RULE(wait4); /* trying to open links should not crash the app */
ADD_RULE("errno", SCMP_ACT_ERRNO(EPERM), sched_setattr, 0);
ADD_RULE("errno", SCMP_ACT_ERRNO(EPERM), sched_getattr, 0);
/* Special requirements for ioctl, allowed on stdout/stderr */
ADD_RULE("allow", SCMP_ACT_ALLOW, ioctl, 1, SCMP_CMP(0, SCMP_CMP_EQ, 1));
ADD_RULE("allow", SCMP_ACT_ALLOW, ioctl, 1, SCMP_CMP(0, SCMP_CMP_EQ, 2));