projects / systemd / .git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9e29ee4) | patch
seccomp: do not ignore deny-listed syscalls with errno when list is allow-list
authorYu Watanabe <watanabe.yu+github@gmail.com>
Mon, 8 Mar 2021 03:00:32 +0000 (12:00 +0900)
committerYu Watanabe <watanabe.yu+github@gmail.com>
Mon, 8 Mar 2021 12:28:42 +0000 (21:28 +0900)
commit68acc1afbe5cec50da1ffdc411dadda504e4caf5
tree396471db6eb388a392f8f3ff46512f7d2e6a4ab8tree | snapshot
parent9e29ee407253a605b3fddf852594716564f6b20bcommit | diff
seccomp: do not ignore deny-listed syscalls with errno when list is allow-list

Previously, if the hashmap is allow-list and a new deny-listed syscall
is added, seccomp_parse_syscall_filter() simply drop the new syscall
from hashmap even if error number is specified.

This makes 'allow-list' hashmap store two types of entries:
- allow-listed syscalls, which are stored with negative value (-1).
- deny-listed syscalls, which are stored with specified errno.

Fixes #18916.
src/shared/seccomp-util.c diff | blob | history
https://github.com/systemd/systemd.git