diff options
| author |   Sergei Trofimovich <slyfox@gentoo.org> | 2020-02-16 10:43:35 +0000 |
|---|---|---|
| committer | Sergei Trofimovich <slyfox@gentoo.org> | 2020-02-16 10:43:35 +0000 |
| commit | 10d0713996478d544853f08b18c09d4b73d52d58 (patch) | |
| tree | cfe198e89a41a21c586da73cf2a824956e64f499 /security.c | |
| parent | dumpelf.c: add missing break when decoding SHT_GNU_LIBLIST (diff) | |
| download | pax-utils-10d0713996478d544853f08b18c09d4b73d52d58.tar.gz pax-utils-10d0713996478d544853f08b18c09d4b73d52d58.tar.bz2 pax-utils-10d0713996478d544853f08b18c09d4b73d52d58.zip | |
security.c: allow 'semtimedop' in seccomp sandbox (glibc-2.31)
glibc-2.31 switched semop() libc implementation from semop() to semtimedop()
in https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=765cdd0bffd77960a
("sysvipc: Implement semop based on semtimedop")
This caused pax-utils to fail under fakeroot as:
```
$ fakeroot scanelf -yqRBF '#k%F' -k '.symtab' /bin/bash
.../usr/bin/fakeroot: line 178: 103268 Bad system call ...
Program terminated with signal SIGSYS, Bad system call.
33 ../sysdeps/unix/sysv/linux/semtimedop.c: No such file or directory.
(gdb) bt
(gdb)
```
The change whitelists 'semtimedop' syscall.
Reported-by: Patrick McLean
Bug: https://bugs.gentoo.org/709794
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Diffstat (limited to 'security.c')
| -rw-r--r-- | security.c | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -162,6 +162,7 @@ static void pax_seccomp_init(bool allow_forking) SCMP_SYS(msgsnd), SCMP_SYS(semget), SCMP_SYS(semop), + SCMP_SYS(semtimedop), /* * Some targets like ppc and i386 implement the above * syscall as subcalls via ipc() syscall. |