diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-10-21 21:15:43 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-10-24 17:32:50 +0200 |
commit | 60f547cf684d27e8c0e7ff44663650e90f9e0bcf (patch) | |
tree | 23507469f691bc7552a0c8aa07144f6f02da53e6 /src/shared/seccomp-util.c | |
parent | 8d7b0c8fd780e88ab5a6d1d79e09e27247245bee (diff) |
seccomp: two fixes for the syscall set tables
"oldumount()" is not a syscall, but simply a wrapper for it, the actual syscall
nr is called "umount" (and the nr of umount() is called umount2 internally).
"sysctl()" is not a syscall, but "_syscall()" is. Fix this in the table.
Without these changes libseccomp cannot actually translate the tables in full.
This wasn't noticed before as the code was written defensively for this case.
Diffstat (limited to 'src/shared/seccomp-util.c')
-rw-r--r-- | src/shared/seccomp-util.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index 0b9fa47c44..f1e9de05b2 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -272,7 +272,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { .value = "chroot\0" "mount\0" - "oldumount\0" "pivot_root\0" "umount2\0" "umount\0" @@ -371,7 +370,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { "setuid\0" "swapoff\0" "swapon\0" - "sysctl\0" + "_sysctl\0" "vhangup\0" }, [SYSCALL_FILTER_SET_PROCESS] = { |